Ganesha Digital Library 4.2 SQL Injection

2010-11-11T00:00:00
ID PACKETSTORM:95736
Type packetstorm
Reporter Arianom
Modified 2010-11-11T00:00:00

Description

                                        
                                            `Ganesha Digital Library (GDL) Vulnerability  
_________________________  
  
Author : Arianom (arianom@indonesiancoder.com)  
Homepage : http://indonesiancoder.com  
  
[o] INDEX [o]  
  
I. Software Information  
II. POC  
III. About Software  
IV. Bug Fix  
V. Shout  
  
  
I. Software Information  
_________________________  
  
[>] Vendor : http://kmrg.itb.ac.id/  
[>] Download : http://kmrg.itb.ac.id/gdl42.zip  
[>] Name : GDL [Ganesha Digital Library]  
[>] Version : 4.2  
[>] License : GPL  
[>] Type : Non-Commercial ( open source CMS )  
[>] Method : SQL Injection  
  
II. POC  
_________________________  
  
[>] http://www.site.com/gdl/download.php?id=[SQL CODE]  
  
III. About Software  
_________________________  
  
GDL is a digital library software developed by Knowledge Management Research Group (KMRG) Institute of Technology Bandung   
in order to utilize the intellectual capital (intellectual capital) of ITB academicians who include articles,  
journals, thesis, theses, dissertations, research results, expertise directory and others.  
  
IV. Bug Fix  
_________________________  
  
Download the last program that has been updated or fix it manual  
  
V. Shout  
_________________________  
  
KILL-9 Crew, MC-Crew, Indonesian Coder Team  
`