EXPLOIT SKY

# Exploit Title: Lotus Core CMS 1.0.1 - Local File Inclusion # Google Dork: N/A # Date: 2020-01-31 # Exploit Author: Daniel Monzón (stark0de) # Vendor Homepage: http://lotuscore.sourceforge.net/ # Software Link: https://sourceforge.net/projects/lotuscore/files/latest/download # Version: 1.0.1 # Tested on: Windows 7 x86 # CVE : N/A The vulnerability occurs on line 65 of the index.php file, first we can provide the page_slug parameter, if it's not set by the user it is set to index, but if the user sets the parameter via a GET or POST request, it checks if the file exists and if it exists, it performs an unsanitized inclusion. ----------------------------------------------------------------------------- if(!$_REQUEST['page_slug']){ $_REQUEST['page_slug'] = 'index'; } if(file_exists('system/plugins/'.$_REQUEST['page_slug'].'.php') == true){ include('system/plugins/'.$_REQUEST['page_slug'].'.php'); }else{ in...

Tutorial Hack WiFi: Cracking Password WPA2 dengan PMKID Attack . Metode cracking WPA2 saat ini lebih mudah setelah ditemukannya teknik PMKID attack dimana kita tidak lagi membutuhkan proses handshake dari jaringan WiFi yang ingin diserang. Itu artinya bahkan meskipun di SSID tersebut sedang tidak ada yang login, kalian tetap bisa melakukan dump PMKID dari router yang menggunakan keamanan WPA2, yang kemudian kita bisa melakukan cracking dari informasi yang didapat tersebut. Metode ini ditemukan oleh Jens ‘Atom’ Steube, orang dibalik tool cracking populer, Hashcat. Menurutnya, metode ini akan efektif terhadap hampir seluruh router yang menggunakan jaringan 802.11i/p/q/r dengan fungsi roaming diaktifkan. Oke pertama, kita install dependensi yang dibutuhkan terlebih dahulu. sudo apt-get update sudo apt- get install git libcurl4-openssl-dev libssl-dev zlib1g-dev libpcap-dev Selanjutnya install hcxtool cd /tmp git clone https://github.com/ZerBea/hcxdumptool.git cd hcxdumptool ...

 Exploit Slims CMS Senayan Arbitrary File Upload Vulnerability #Exploit Title : Slims CMS Senayan OpenSource Library Management System The Winner in the Category of OSS Indonesia ICT Award 2009 Arbitrary File Upload Vulnerability and Auto Exploiter #Author [ Discovered By ] : Tampansky From PSCT #Affected Version : 5/6/7 #Tested on : Windows / Linux #Exploit Risk : High #Google Dork 1 :  intext:''The Winner in the Category of OSS Indonesia ICT Award 2009'' #Google Dork 2 : inurl:''index.php?p=show_detail&id='' site:id #Google Dork 3 : inurl:''/slims5-meranti/'' site:id #Google Dork 4 : intext:This software and this template are released Under GNU GPL License Version 3. The Winner in the Category of OSS Indonesia ICT Award 2009'' #Google Dork 5 : Powered by SLiMS site:id #Google Dork 6 : Powered by SLiMS | Design by Indra Sutriadi Pipii #Google Dork 7 : Beranda Depan � Info Perpustakaan � Area Anggota � Pustakawan...