E-Journal Web Sql Injection Vulnerability

2013-01-31 09:36:43
Posted by: aSU_aBANG

____ _ _ ____ _ _ _ ____
__ _/ ___|| | | | __ _| __ ) / \ | \ | |/ ___|
/ _` \___ \| | | | / _` | _ \ / _ \ | \| | | _
| (_| |___) | |_| | | (_| | |_) / ___ \| |\ | |_| |
\__,_|____/ \___/______,_|____/_/ \_\_| \_|\____|
|_____|



# Exploit Title: E-Journal Web Sql Injection Vulnerability
# Google Dork: detail.php?detail= intext:"copyright | Design & Programming by ICT"
# Date: 31/01/2013
# Exploit Author: aSU_aBANG
# Version: -
# Category : Web Campus Application
# Tested on: Windows xp

======= Exploitation SQL Injection =========

1. Use the Dork .
2. Choose menu "/jurnal.php" , "/mahasiswa.php" or "/dosen.php"
3. select whichever article [up to you :D ] and select "detail"
4. Then exploit [victim]/detail.php?detail=[menu]&id=[sql inject]
5. After finish and get user n password ,Login and upload your shell .. == P0wn3d ==
*Shell can be seen in the folder /file/dokumen/........ Hell yeah man =D

______ _
.' ___ | / |_
/ .' \_| _ .--. .---. .---.`| |-'____
| | ____[ `/'`\]/ /__\\/ /__\\| | [_ ]
\ `.___] || | | \__.,| \__.,| |, .' /_
`._____.'[___] '.__.' '.__.'\__/[_____]

== Tr0yz 0zTuRk - SurabayaGetar - Mr.D3m3nt0r - Gabby - De Vinclous - YoU ==
== Indonesian Hacker ==

Fixes

No fixes

In order to submit a new fix you need to be registered.