Mahkamah Agung CMS ( SIPP ) Versi 3.2.0-5 SQL INJECTION

2019.01.30

TernateBlackhat (ID)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: inurl:/statistik_perkara

SIPP Versi 3.2.0-5 SQL INJECTION
----------------------

[+] Title :- Sistem Informasi Penelusuran Perkara
[+] Vendor Homepage :- hidden, this aplication for goverment
[+] Version :- All Versions [+] Tested on :- Linux - Windows - Mac 
[+] Category :- webapps - Code Igniter setup
[+] Exploit Author : iLuv X goodfather
[+] Team name :- TernateBlackhat 
[+] Official Page : www.facebook.com/ternateblackhat/ 
[+] Available : sql injection cheat sheet | sql injection Method 
[+] Greedz to : omJL - zbyt3 - liontin - QueenAisyah - Mawar - Ternate Labs - K33P-S1L3NT
[+] Contact : ternateblackhat@gmail.com


[+] Severity Level :- Medium 
[+] Method(s) :- POST

[+] Vulnerable Parameter(s) :- id_alur_perkara
	
	Search for get POST DATA Injection ( PENCARIAN DETIL )
	http://sipp.vulnerable.go.id/list_perkara/search_detail

	[+] Vulnerable File :-  /home/vulnerable/public_html/sipp/models/perkara/perkara_m.php

	 [ https://imgur.com/a/4C1WMNt ]

	SS vulnerable parameter : https://i.imgur.com/fbR2bcG.png
	SS SQLMAP Execute using POST DATA : https://i.imgur.com/cY28K1m.png

References:

https://www.facebook.com/ternateblackhat/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Mahkamah Agung CMS ( SIPP ) Versi 3.2.0-5 SQL INJECTION

Dork: inurl:/statistik_perkara

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.