====================================================================================================================================
| # Title     : Aplikasi Sistem Informasi Kelulusan CMS v 1.0.9 [ASIK] RCE Vulnerability                                           |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit)                                             | 
| # Vendor    : http://lulus.smkn2purwokerto.sch.id/admin.zip                                                                      |  
| # Dork      :                                                                                                                    |
====================================================================================================================================

poc :


[+] Dorking Ä°n Google Or Other Search Enggine.

[+] the infected File :

      <?php

		  require "config.php";
       error_reporting(E_ALL ^ (E_NOTICE | E_WARNING));
		   $page=$_GET['page'];
		   $filename="content/$page.php";
		   if (!file_exists($filename))
        {
         include "content/home.php";
        }
            else
        {@include "content/$page.php";}
        ?>

[+] RCE : /index.php?page= [Ev!l]


====Greetings to :=========================================================================================================================
| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh       |
===========================================================================================================================================