Heri Sumantri
Universitas Bumigora

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

ANALISIS KERENTANAN SQLi DAN XSS PADA WEBSITE TOP-UP GAME Heri Sumantri; Husain; Muhamad Azwar; Raisul Azhar; Khairan Marzuki
Jurnal Manajemen Informatika dan Sistem Informasi Vol. 9 No. 2 (2026): MISI Juni 2026
Publisher : LPPM STMIK Lombok

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.36595/misi.v9i2.2018

Abstract

Cybersecurity threats in Indonesia continue to rise. The National Cyber and Cryptography Agency (BSSN) has emphasized that attacks on web applications, including SQL injection, remain a key focus in the handling of cybersecurity incidents in Indonesia. SQL Injection and Cross-Site Scripting (XSS) consistently rank as the most critical vulnerabilities in web applications according to the OWASP Top 10 2021, with 94% of web applications at risk of intrusion. This study aims to analyze SQL Injection and XSS vulnerabilities on the LisxDragon website, a game top-up platform, using a white-box penetration testing methodology based on the OWASP Web Security Testing Guide (WSTG). This research consists of six phases: planning, information gathering, vulnerability analysis, exploitation, reporting, and post-patch mitigation and verification. Scanning was performed using a scanner that employs the Depth First Search (DFS) algorithm to crawl endpoints and a sequential-exhaustive injection strategy to maximize endpoint coverage and payload effectiveness. A total of 122 endpoints were identified, with 6 confirmed vulnerabilities across two endpoints: SQL Injection (Error-Based, Time-Based, Boolean-Based, Union-Based) and Reflected XSS. The exploitation assessment evaluated risks related to data, database structure leaks, data leaks or user data extraction, service disruption, and user cookie leaks. All vulnerabilities were addressed using prepared statements and the `htmlspecialchars()` output encoding function.