บ้านเว็บไซต์ cms sql injection

| Exploit Title: บ้านเว็บไซต์ cms sql injection |
| Exploit Author: Ashiyane Digital Security Team |
| Vendor Homepage: http://www.baanwebsite.com |
| Google Dork : intext:"Powered by บ้านเว็บไซต์" inurl:view.php?id= |
| Tested on: Windows 10 ~~~> Google Chrome |
| vulnerable file : /view.php |
| ADMIN PAGE : target/admin |
| Date: 2017/25/10
|==========================================================|
|
| Proof : |
| http://www.cho-runglert.co.th/career/view.php?id=10 |
| http://www.thebestpropertygroup.com/project/view.php?id=1 |
| http://www.nyexpert87.com/products/view.php?id=46 |
| http://www.ap-interpolymers.com/news/view.php?id=20 |
| http://www.factorydesign.co.th/portfolio/view.php?id=31 |
| http://www.phusandao.com/attractions/view.php?id=22 |
| http://www.dusadee1992.com/products/view.php?id=18