ANALISIS KERENTANAN SQLi DAN XSS PADA WEBSITE TOP-UP GAME

Authors

  • Heri Sumantri Universitas Bumigora
  • Husain Universitas Bumigora
  • Muhamad Azwar Universitas Bumigora
  • Raisul Azhar Universitas Bumigora
  • Khairan Marzuki Universitas Bumigora

DOI:

https://doi.org/10.36595/misi.v9i2.2018

Keywords:

SQL Injection, Cross-Site Scripting, Penetration Testing, Owasp, Keamanan Web

Abstract

Cybersecurity threats in Indonesia continue to rise. The National Cyber and Cryptography Agency (BSSN) has emphasized that attacks on web applications, including SQL injection, remain a key focus in the handling of cybersecurity incidents in Indonesia. SQL Injection and Cross-Site Scripting (XSS) consistently rank as the most critical vulnerabilities in web applications according to the OWASP Top 10 2021, with 94% of web applications at risk of intrusion. This study aims to analyze SQL Injection and XSS vulnerabilities on the LisxDragon website, a game top-up platform, using a white-box penetration testing methodology based on the OWASP Web Security Testing Guide (WSTG). This research consists of six phases: planning, information gathering, vulnerability analysis, exploitation, reporting, and post-patch mitigation and verification. Scanning was performed using a scanner that employs the Depth First Search (DFS) algorithm to crawl endpoints and a sequential-exhaustive injection strategy to maximize endpoint coverage and payload effectiveness. A total of 122 endpoints were identified, with 6 confirmed vulnerabilities across two endpoints: SQL Injection (Error-Based, Time-Based, Boolean-Based, Union-Based) and Reflected XSS. The exploitation assessment evaluated risks related to data, database structure leaks, data leaks or user data extraction, service disruption, and user cookie leaks. All vulnerabilities were addressed using prepared statements and the `htmlspecialchars()` output encoding function.

Downloads

Download data is not yet available.

References

[1] I. Bersama, “Panduan Penanganan Insiden Serangan SQL Injection (2018) | BSSN -.” Accessed: May 18, 2026. [Online]. Available: https://ilmubersama.com/2025/04/04/panduan-penanganan-insiden-serangan-sql-injection-2018-bssn/

[2] O. Foundation, “A03 Injection - OWASP Top 10:2021.” Accessed: May 18, 2026. [Online]. Available: https://owasp.org/Top10/2021/A03_2021-Injection/index.html

[3] AnuPriya, “SQL Injection Attack Defaces Website of Indonesian Narcotics Agency,” Cyber Security News. Accessed: May 18, 2026. [Online]. Available: https://cyberpress.org/sql-injection-attack-narcotics/

[4] A. Bastian, H. Sujadi, and L. Abror, “ANALISIS KEAMANAN APLIKASI DATA POKOK PENDIDIKAN (DAPODIK) MENGGUNAKAN PENETRATION TESTING DAN SQL INJECTION,” 2020.

[5] M. Faizal Kurniawan and W. Setianto, “OPTIMASI METODE OTOMATISASI PENGHILANAGAN KERENTANAN TERHADAP SERANGAN XSS PADA APLIKASI WEB,” 2020, doi: https://doi.org/10.47775/ictech.v15i2.121.

[6] Ade Gustiyonoo, E. Irawadi Alwi, and S. Mubarak Abdullah, “Analisa Kerentanan Website Terhadap Serangan Cross-Site Scripting (XSS) Metode Penetration Testing,” Cyber Secur. Dan Forensik Digit., vol. 7, no. 1, pp. 25–33, Nov. 2024, doi: 10.14421/csecurity.2024.7.1.4432.

[7] D. Ending Narhudin, B. Irawan, and A. Bahtiar, “EVALUASI KEAMANAN WEBSITE MENGGUNAKAN METODE OWASP: PENILAIAN TERHADAP SERANGAN INJEKSI SQL DAN CROSS-SITE SCRIPTING (XSS),” JATI J. Mhs. Tek. Inform., vol. 8, no. 1, pp. 675–680, Feb. 2024, doi: 10.36040/jati.v8i1.8700.

[8] T. Anugrah, “PENETRATION TESTING KEAMANAN WEBSITE STIE SAMARINDA MENGGUNAKAN TEKNIK SQL INJECTION DAN XSS,” J. Inform. Dan Tek. Elektro Terap., vol. 12, no. 1, Jan. 2024, doi: 10.23960/jitet.v12i1.3882.

[9] Y. Sitorus, “ANALISIS KEAMANAN WEBSITE XYZ TERHADAP SERANGAN SQL INJECTION DAN CROSS SITE SCRIPTING (XSS),” vol. 7, no. 2, 2025.

[10] R. Fernanda, M. Data, and F. A. Bakhtiar, “ANALISIS EFEKTIVITAS OWASP ZAP DALAM MENDETEKSI KERENTANAN TERHADAP SERANGAN SQL INJECTION”.

Downloads

Published

18-06-2026

How to Cite

Heri Sumantri, Husain, Muhamad Azwar, Raisul Azhar, & Khairan Marzuki. (2026). ANALISIS KERENTANAN SQLi DAN XSS PADA WEBSITE TOP-UP GAME. Jurnal Manajemen Informatika Dan Sistem Informasi, 9(2), 335–347. https://doi.org/10.36595/misi.v9i2.2018