viperfx07 is here to blog about hacking, cracking, website, application, android, and many more.

Tuesday, September 30, 2008

http://www.jayabaya.ac.id vulnerability

1:58 AM Posted by viperfx07 No comments
Instead of SQL injection, i try to explore some vulnerability like the previous one from polri.go.id. If you go to http://www.jayabaya.ac.id/infoshow.php?id= you will see an error message.Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/jayabaya/public_html/info/infoisi.php on line 6 MySQL v4 is so tiring, so i left it for now.
There is a directory called info there. So let's check it out.
admin/ 01-Jun-2008 02:39 -
connect.php 21-Dec-2007 08:36 1k
info_lead.php 15-Feb-2006 14:02 1k
infoisi.php 05-Aug-2004 09:10 2k
infolist.php 28-Jan-2004 09:42 1k


Wow, there is an admin directory in the info dir? An idiot developer must be blamed here. ok check the admin directory,
Parent Directory 01-Jun-2008 02:39 -
connect.php 21-Dec-2007 08:36 1k
info_delete.php 28-Jan-2004 09:42 1k
info_edit1.php 20-Jan-2005 12:08 2k
info_edit2.php 28-Jan-2004 09:42 2k
info_edit3.php 28-Jan-2004 09:42 1k
infoform.php 20-Jan-2005 12:38 2k
infoinput.php 28-Jan-2004 09:42 1k


Try them one by one. The interesting one is the info_edit2.php. You can edit any info in that site with this. try http://www.jayabaya.ac.id/info/admin/info_edit2.php?id=3 You can add a javascript into the title or the body of this info. But unfortunately, you can't upload a shell to bring more destruction :(

0 comments:

Post a Comment