OPSTECH Thailand Gov Management System Multiple Vulnerabilities

2022.07.04

NaughtySec (ID)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

# Exploit Title: OPSTECH Thailand Government Management System Multiple Attack (SQLi + Default weak password)
# Google Dork: 1. intext:"Copyright © by OPSTECH All Right Reserved" site:go.th
                        2. USE your Brain..
# Vulnerabilty: SQL Injection + Default Weak Admin Password
# Date: 2016-06-23
# Risk: High
# Original Exploit Author: ./NaughtySec - Indinesia Bug Hunter  
# Vendor Homepage: https://www.opstechservices.com/
# Version: = all version vuln
# Tested on: Kali Linux 2022.2 & Windows 11
# Tested Environment - Ubuntu Server 20.04 LTS
# Attacking video : https://youtu.be/lei9XrRi4yo

First found it in 2016, but after a long time and accidentally looked at the mirror again and tried the exploit again, it's still working until now

Video for attacking https://youtu.be/lei9XrRi4yo


Admin Login: 
/index.php?mod=login&path=login

Default Admin password: 

123456
A123456
123456900
111111

Hash MD5 
https://md5decrypt.net/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

OPSTECH Thailand Gov Management System Multiple Vulnerabilities

Dork: 1. intext:"Copyright © by OPSTECH All Right Reserved" site:go.th

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.