########################################################################
#Reference : https://packetstormsecurity.com/files/151676/Slims-CMS-Senayan-Library-Management-System-7.0-Shell-Upload.html
# Exploit Title : Slims CMS Senayan Library Management System 7.0 Arbitrary File Upload
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Team
# Date : 13/02/2019
# Vendor Homepage : slims.web.id
# Software Download Link : github.com/slims/
github.com/slims/slims8_akasia/archive/master.zip
github.com/slims/slims7_cendana/archive/master.zip
github.com/slims/s3st15_matoa/archive/master.zip
github.com/slims/slims5_meranti/archive/master.zip
github.com/slims/s3st14/archive/master.zip
# Software Information Link : slims.web.id/web/ * slims.web.id/goslims/
# Software Affected Version : 5/6/7 and previous versions
# Tested on : Windows / Linux
# Exploit Risk : High
# CXSecurity Exploit Reference Link : cxsecurity.com/ascii/WLB-2018050260
########################################################################
########################################################################
#Google Dork 1 : intext:''The Winner in the Category of OSS Indonesia ICT Award 2009''
#Google Dork 2 : inurl:''index.php?p=show_detail&id='' site:id
#Google Dork 3 : inurl:''/slims5-meranti/'' site:id
#Google Dork 4 : intext:This software and this template are released Under GNU GPL License Version 3. The Winner in the Category of OSS Indonesia ICT Award 2009''
#Google Dork 5 : Powered by SLiMS site:id
#Google Dork 6 : Powered by SLiMS | Design by Indra Sutriadi Pipii
#Google Dork 7 : Beranda Depan * Info Perpustakaan * Area Anggota * Pustakawan * Bantuan Pencarian * MASUK Pustakawan.
#Google Dork 8 : Akses Katalog Publik Daring - Gunakan fasilitas pencarian untuk mempercepat penemuan data katalog.
#Google Dork 9 : SLiMS (Senayan Library Management System) is an open source Library Management System.
It is build on Open source technology like PHP and MySQL.
#Google Dork 10 : PERPUSTAKAAN - Web Online Public Access Catalog - Use the search options to find documents quickly
This software and this template are released Under GNU GPL License Version 3
#Google Dork 11 : inurl:''/index.php?select_lang='' site:sch.id
#Google Dork 12 : Web Online Public Access Catalog - Gunakan fasilitas pencarian untuk mempercepat anda menemukan data katalog
#Google Dork 13 : Welcome To Senayan Library's Online Public Access Catalog (OPAC). Use OPAC to search collection in our library.
#Google Dork 14 : O.P.A.C. (On-line Public Access Catalogue)
#Google Dork 15 : inurl:''/perpustakaan/repository/'' site:id
#Google Dork 16 : Senayan | Open Source Library Management System :: OPAC
########################################################################
########################################################################
Exploit : /admin/modules/bibliography/pop_attach.php
Download Exploiter : https://pastebin.com/raw/tVndcHZZ
#########################################################################
Tutorial:
Pertama edit dulu scriptnya pada bagian dibawah ini
$shell = "dx.txt"; < file shell / deface kamu (satu folderkan)
Kemudian jalankan program dan masukan file list target kalian.
Ketikan perintah :
php exploit.php
Setelah selesai cek hasilnya di file laporan.txt (satu folder).
Sekian dan terimakasih, wasallam.
No comments:
Post a Comment
" Terimakasih telah mengunjungi blog kami ,, silahkan tinggalkan komentar untuk menghargai jerit payah penulis ^_^ "