Saturday, 4 January 2014

Chiangraientersoft HTML Injection



Hello guys :D Today i'm going to share to you about html injection. This method works on Thailand websites mostly. Let's get it started. :)


Finding Vulnerable Target

Dork : 

inurl:Qread.php?id_ques=
inurl:webboard/Qread.php?id_ques=
Vulnerable at 'Qform.php' at Field Subject/Title


Exploit:

/webboard/Qform.php
/board/Qform.php

1- Firstly, choose any dork and paste in Google.

2- As usual, pick any site. DUH! :P


Exploiting Target

1- Paste the exploit at the end of the url

Example:

http://www.nungphaman.com/webboard/Qform.php

And you will get something like this



2- Fill up the form, you can choose any file as the attachment. i'm so lazy so i just upload a .jpeg file :P

After your file is successfully uploaded, it would be listed at www.site.com/board/ or www.site.com/webboard/


Click on your post and you will see it :P



Live Demo:

http://www.nungphaman.com/board/Qread.php?id_ques=104

That's all tutorial from me, :)

Black Eagle