jSchool Advanced SQL Injection Vulnerability

2011-02-15T00:00:00
ID 1337DAY-ID-15379
Type zdt
Reporter eXa.DisC
Modified 2011-02-15T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            -----------------------------------------------------------------------
Exploit Title    : jSchool Advanced (SQL Injection) Vulnerability
Dork             : inurl: "action=profil.main"
Found            : 15 Jan '11
Author             : eXa.DisC
Software            : jSchool Advanced
(http://www.jogjacamp.com/script_4_Script_Website_Murah_Instant_Sekolah.html)
Price           : Rp. 1.200.000
Vendor          : http://jogjacamp.com
-----------------------------------------------------------------------
  
I.  Demo Site
-----------------------------------------------------------------------
http://site/index.php?action=profil.main&xid=1
  
II. POC
-----------------------------------------------------------------------
http://site/index.php?action=profil.main&xid=[SQLi]
  
III. Vendor patch
-----------------------------------------------------------------------
Currently manufacturers do not provide patches or upgrades.
  
IV. Credits
-----------------------------------------------------------------------
- God
- bawahtanah_sii : tenro, sality23, em32, tdos, kiwill and my-Org
- XCODE - semua [komunitas IT dan netter] underground INDONESIA
- All Friend's and Enemy who know me



#  0day.today [2018-03-02]  #