.jpeg)
Aplikasi Kartu Pelajar Vulnerability arbitrary file upload with CSRF(indonesian school)
[+] Dork : "Silahkan Login Untuk Akses System" site:
[+]Exploit : dash_user/aksi/user_update.php
[+] Csrf Online : http://v1.exploits.my.id:1337/?tools=csrf
Please develop it again with your porn brain
The first step, please do Dorking, I will practice it using the live target that I got
please give the exploit right behind the url
if a pop up appears like the screenshots below, it means the website is vulnerable
Please go to the csrf Online tool, after that enter your target and its exploit and in the post file section "gambar" please upload your SC Deface / backdoor
It's easy to access, as follows :
The files you upload will go to
kartu.localcrot.sch.id/img/your_backdoor.php
kartu.localcrot.sch.id/assets/img/user/your_backdoor.php
That's all the tutorial from me that I can give for this meeting, hopefully it's useful, see you
