jSchool Advanced – SQL Injection

• Exploit Database
• 103 阅读

• 作者： eXa.DisC
  日期： 2011-02-14
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/16167/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34

  ----------------------------------------------------------------------- Exploit Title: jSchool Advanced (SQL Injection) Vulnerability Dork : inurl: "action=profil.main" Found: 15 Jan '11 Author : eXa.DisC Software: jSchool Advanced (http://www.jogjacamp.com/script_4_Script_Website_Murah_Instant_Sekolah.html) Price : Rp. 1.200.000 Vendor: http://jogjacamp.com ----------------------------------------------------------------------- I.Demo Site ----------------------------------------------------------------------- http://site/index.php?action=profil.main&xid=1 II. POC ----------------------------------------------------------------------- http://site/index.php?action=profil.main&xid=[SQLi] III. Vendor patch ----------------------------------------------------------------------- Currently manufacturers do not provide patches or upgrades. IV. Credits ----------------------------------------------------------------------- - God - bawahtanah_sii : tenro, sality23, em32, tdos, kiwill and my-Org - XCODE - semua [komunitas IT dan netter] underground INDONESIA - All Friend's and Enemy who know me