Mahkamah Agung CMS ( SIPP ) Versi 3.2.0-5 SQL INJECTION

2019.01.30

TernateBlackhat (ID)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: inurl:/statistik_perkara

SIPP Versi 3.2.0-5 SQL INJECTION
----------------------
[+] Title :- Sistem Informasi Penelusuran Perkara
[+] Vendor Homepage :- hidden, this aplication for goverment
[+] Version :- All Versions [+] Tested on :- Linux - Windows - Mac
[+] Category :- webapps - Code Igniter setup
[+] Exploit Author : iLuv X goodfather
[+] Team name :- TernateBlackhat
[+] Official Page : www.facebook.com/ternateblackhat/
[+] Available : sql injection cheat sheet | sql injection Method
[+] Greedz to : omJL - zbyt3 - liontin - QueenAisyah - Mawar - Ternate Labs - K33P-S1L3NT
[+] Contact : ternateblackhat@gmail.com
[+] Severity Level :- Medium
[+] Method(s) :- POST
[+] Vulnerable Parameter(s) :- id_alur_perkara
Search for get POST DATA Injection ( PENCARIAN DETIL )
http://sipp.vulnerable.go.id/list_perkara/search_detail
[+] Vulnerable File :- /home/vulnerable/public_html/sipp/models/perkara/perkara_m.php
[ https://imgur.com/a/4C1WMNt ]
SS vulnerable parameter : https://i.imgur.com/fbR2bcG.png
SS SQLMAP Execute using POST DATA : https://i.imgur.com/cY28K1m.png

References:

https://www.facebook.com/ternateblackhat/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Mahkamah Agung CMS ( SIPP ) Versi 3.2.0-5 SQL INJECTION

Dork: inurl:/statistik_perkara

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.