Berawal mengecek client client ane kaget saat lihat banayk shell yang tertanam di dalamnya.
Setelah mencari keyword "exploid cms lokomedia" ketemulah jawabannnya :
01. file .httacces memberikan ijin untuk langsung daftar
02. saat upload photo profile
file tidak di filter jadi
file php bisa
03. folsder admin masih default yaitu administrator
04. RewriteRule ^register\.html$ media.php?module=register&id=$1 [L] salah satu biangnya
Tadi sudah konsultasi ke om Robbi saya lihat maish banyak bug SQL Injection dan harus segera dipatch
untuk temen-temen yang kesulitan bisa hubngi saya lewat facebook, om robby lagi isbuk ngerjain proyek (alhamdulillah) hee heee
https://www.facebook.com/kuswanto1987
<IfModule mod_rewrite.c>
RewriteEngine on
#Modul Utama
RewriteRule ^$ media.php?module=home [L]
RewriteRule ^profil-kami\.html$ media.php?module=profilkami&id=$1 [L]
RewriteRule ^konsultasi\.html$ media.php?module=konsultasi&id=$1 [L]
RewriteRule ^reply-konsultasi-(.*)\.html$ media.php?module=konsultasi&reply=$1 [L]
RewriteRule ^register\.html$ media.php?module=register&id=$1 [L]
RewriteRule ^berita-(.*)\.html$ media.php?module=detailberita&judul=$1
RewriteRule ^detail-berita-(.*)-page-(.*)\.html$ media.php?module=detailberita&judul=$1&page=$2 [L]
RewriteRule ^hal-(.*)\.html$ media.php?module=detailmenu&halaman=$1
RewriteRule ^halkomentar-(.*)-([0-9]+)\.html$ media.php?module=detailberita&judul=$1&halkomentar=$2 [L]
RewriteRule ^indeks-berita\.html$ media.php?module=indeksberita&idx=$1 [L]
RewriteRule ^halberita-(.*)\.html$ media.php?module=semuaberita&halberita=$1 [L]
RewriteRule ^kategori-(.*)\.html$ media.php?module=detailkategori&kt=$1 [L]
RewriteRule ^halkategori-(.*)-([0-9]+)\.html$ media.php?module=detailkategori&kt=$1&halkategori=$2 [L]
RewriteRule ^tag-(.*)\.html$ media.php?module=detailtag&idt=$1 [L]
RewriteRule ^haltag-(.*)-([0-9]+)\.html$ media.php?module=detailtag&idt=$1&haltag=$2 [L]
RewriteRule ^hasil-pencarian\.html$ media.php?module=hasilcari&id=$1 [L]
RewriteRule ^semua-berita\.html$ media.php?module=semuaberita&id=$1 [L]
RewriteRule ^album-(.*)\.html$ media.php?module=detailalbum&ald=$1 [L]
RewriteRule ^halaman-album-(.*)-([0-9]+)\.html$ media.php?module=detailalbum&ald=$1&halfotoberita=$2 [L]
RewriteRule ^semua-album\.html$ media.php?module=semuaalbum&alb=$1 [L]
RewriteRule ^galeri-(.*)\.html$ zoom.php?id=$1 [L]
RewriteRule ^halgaleri-([0-9]+)-(.*)\.html$ media.php?module=detailalbum&id=$1&halgaleri=$2 [L]
RewriteRule ^semua-agenda\.html$ media.php?module=semuaagenda&agd=$1 [L]
RewriteRule ^halagenda-(.*)\.html$ media.php?module=semuaagenda&halagenda=$1 [L]
RewriteRule ^agenda-(.*)\.html$ media.php?module=detailagenda&tema=$1 [L]
RewriteRule ^hasil-poling\.html$ media.php?module=hasilpoling&hp=$1 [L]
RewriteRule ^lihat-poling\.html$ media.php?module=lihatpoling&lp=$1 [L]
RewriteRule ^semua-download\.html$ media.php?module=semuadownload&dwn=$1 [L]
RewriteRule ^haldownload-(.*)\.html$ media.php?module=semuadownload&haldownload=$1 [L]
RewriteRule ^play-([0-9]+)-(.*)\.html$ media.php?module=play&id=$1 [L]
RewriteRule ^halkomentarvideo-([0-9]+)-(.*)\.html$ media.php?module=play&id=$1&halkomentarvideo=$2 [L]
RewriteRule ^halvideo-([0-9]+)-(.*)\.html$ media.php?module=detailplaylist&id=$1&halvideo=$2 [L]
RewriteRule ^playlist-([0-9]+)-(.*)\.html$ media.php?module=detailplaylist&id=$1 [L]
RewriteRule ^semua-playlist\.html$ media.php?module=semuaplaylist&play=$1 [L]
RewriteRule ^halplaylist-(.*)\.html$ media.php?module=semuaplaylist&halplaylist=$1 [L]
RewriteRule ^hubungi-kami\.html$ media.php?module=hubungikami&hub=$1 [L]
RewriteRule ^hubungi-aksi\.html$ media.php?module=hubungiaksi&id=$1 [L]
RewriteRule ^login\.html$ media.php?module=login [L]
RewriteRule ^daftar\.html$ media.php?module=daftar [L]
RewriteRule ^cek-login\.html$ media.php?module=ceklogin [L]
RewriteRule ^daftar-aksi\.html$ media.php?module=daftaraksi [L]
RewriteRule ^logout\.html$ media.php?module=logout [L]
RewriteRule ^not-found\.html$ media.php?module=notfound&id=$1 [L]
RewriteRule ^hal-(.*)\.html$ media.php?module=halamanstatis&judul=$1 [L]
#Modul Tambahan
RewriteRule ^epaper\.html$ media.php?module=epaper&ep=$1 [L]
RewriteRule ^detail-epaper-(.*)\.html$ media.php?module=detailepaper&dep=$1 [L]
RewriteRule ^pegawai\.html$ media.php?module=pegawai&ep=$1 [L]
RewriteRule ^siswa\.html$ media.php?module=siswa&ep=$1 [L]
#Options All -Indexes
</IfModule>