E-Learning Madrasah (CKEditor) - Injecting Arbitrary Sentences

2020.09.08

Gh05t666nero (ID)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: intitle:E-Learning.Madrasah site:sch.id

********************************************************* 
#Exploit Title: E-Learning Madrasah (CKEditor) - Injecting Arbitrary Sentences
#Date: 2020-09-08
#Exploit Author: Gh05t666nero
#Google Dork: intitle:E-Learning.Madrasah site:sch.id
#Category: webapps
#Tested On: Linux #1 SMP Debian 5.7.6-1kali2 (2020-07-01)
 
#Proof of Concept:
Search google Dork: intitle:E-Learning.Madrasah site:sch.id

#Demo: https://elearning.man3plg.sch.id/__statics/ckeditor/samples/plugins/htmlwriter/outputhtml.html
https://elearning.mtsn7madiun.sch.id/__statics/ckeditor/samples/plugins/htmlwriter/outputhtml.html
https://elearning.man1jember.sch.id/__statics/ckeditor/samples/plugins/htmlwriter/outputhtml.html

#TUT:
Inject the sentence or your destructive code on the form [Editor 1:] then click [Submit].
Then boom! you can see the results, happy hacking.
********************************************************* 
Contact Me:- gh05t666nero@gmail.com
Instagram:- @ojan_xploit
Telegram:- @Gh05t666nero1

See this note in RAW Version

Vote for this issue:

83%

17%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

E-Learning Madrasah (CKEditor) - Injecting Arbitrary Sentences

Dork: intitle:E-Learning.Madrasah site:sch.id

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.