Share
## https://sploitus.com/exploit?id=PACKETSTORM:173326
====================================================================================================================================  
| # Title : Aplikasi Sistem Informasi Kelulusan CMS v 1.0.9 [ASIK] LFI Vulnerability |  
| # Author : indoushka |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit) |   
| # Vendor : http://lulus.smkn2purwokerto.sch.id/admin.zip |   
| # Dork : |  
====================================================================================================================================  
  
poc :  
  
  
[+] Dorking İn Google Or Other Search Enggine.  
  
[+] the infected file : index.php  
  
<?php  
  
require "config.php";  
error_reporting(E_ALL ^ (E_NOTICE | E_WARNING));  
$page=$_GET['page'];  
$filename="content/$page.php";  
if (!file_exists($filename))  
{  
include "content/home.php";  
}  
else  
{@include "content/$page.php";}  
?>  
  
[+] LFI : /index.php?page= [Ev!l]  
  
  
====Greetings to :=========================================================================================================================  
| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |  
===========================================================================================================================================