jSchool Advanced – SQL Injection

  • 作者: eXa.DisC
    日期: 2011-02-14
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/16167/
  • -----------------------------------------------------------------------
Exploit Title: jSchool Advanced (SQL Injection) Vulnerability
Dork : inurl: "action=profil.main"
Found: 15 Jan '11
Author : eXa.DisC
Software: jSchool Advanced 
(http://www.jogjacamp.com/script_4_Script_Website_Murah_Instant_Sekolah.html)
Price : Rp. 1.200.000
Vendor: http://jogjacamp.com
-----------------------------------------------------------------------
 
I.Demo Site
-----------------------------------------------------------------------
http://site/index.php?action=profil.main&xid=1
 
II. POC
-----------------------------------------------------------------------
http://site/index.php?action=profil.main&xid=[SQLi]
 
III. Vendor patch
-----------------------------------------------------------------------
Currently manufacturers do not provide patches or upgrades.
 
IV. Credits
-----------------------------------------------------------------------
- God
- bawahtanah_sii : tenro, sality23, em32, tdos, kiwill and my-Org
- XCODE - semua [komunitas IT dan netter] underground INDONESIA
- All Friend's and Enemy who know me