jSchool Advanced (SQL Injection) Vulnerability

vendor:

jSchool Advanced

by:

eXa.DisC

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: jSchool Advanced

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2011

jSchool Advanced (SQL Injection) Vulnerability

jSchool Advanced is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. This can allow the attacker to access sensitive information from the database.

Mitigation:

Currently manufacturers do not provide patches or upgrades.

Source

Exploit-DB raw data:

-----------------------------------------------------------------------
Exploit Title    : jSchool Advanced (SQL Injection) Vulnerability
Dork             : inurl: "action=profil.main"
Found            : 15 Jan '11
Author             : eXa.DisC
Software            : jSchool Advanced 
(http://www.jogjacamp.com/script_4_Script_Website_Murah_Instant_Sekolah.html)
Price           : Rp. 1.200.000
Vendor          : http://jogjacamp.com
-----------------------------------------------------------------------
 
I.  Demo Site
-----------------------------------------------------------------------
http://site/index.php?action=profil.main&xid=1
 
II. POC
-----------------------------------------------------------------------
http://site/index.php?action=profil.main&xid=[SQLi]
 
III. Vendor patch
-----------------------------------------------------------------------
Currently manufacturers do not provide patches or upgrades.
 
IV. Credits
-----------------------------------------------------------------------
- God
- bawahtanah_sii : tenro, sality23, em32, tdos, kiwill and my-Org
- XCODE - semua [komunitas IT dan netter] underground INDONESIA
- All Friend's and Enemy who know me