Atomymaxsite Shell Upload

2013-06-30T00:00:00
ID PACKETSTORM:122227
Type packetstorm
Reporter Iranian_Dark_Coders_Team
Modified 2013-06-30T00:00:00

Description

                                        
                                            `#######################################################  
#  
# [+] Exploit Title: ATOMYMAXSITE CMS Remote Shell Upload Vulnerability  
# [+] Google Dork: "Powered by ATOMYMAXSITE"  
# [+] Date: 30/06/2013  
# [+] Exploit Author: Iranian_Dark_Coders_Team  
# [+] Vendor Homepage: http://board.maxsitepro.com  
# [+] Version: All Version [1.50 - 2.5]  
# [+] Tested on: Windows 7  
#  
#######################################################  
#  
# [+] Exploit:  
#  
# [+] http://localhost/[path]/index.php?name=research&file=add&op=research_add  
#  
#######################################################  
#  
# [+] Proof:  
#  
# [+] http://localhost/[path]/index.php?name=research&file=add&op=research_add  
# [+] Then fill in all the information requested  
# [+] Now click on the Browse front of ผลงานฉบับเต็ม(Fultext) and select shell.php  
# [+] Now click on the button below the form to be registered  
# [+] http://localhost/[path]/index.php?name=research  
# [+] Now select the first record and click the (FullText)  
# [+] (FullText) = Path shell.php  
#  
#######################################################  
#  
# [+] Demo site:  
#  
# [+] http://plan.chon1.go.th  
# [+] http://tbacud.ac.th  
# [+] http://www.nitedcpm1.net  
# [+] http://ict.chon1.go.th/home/  
# [+] http://www.chiangdaocity.go.th/home  
#  
#######################################################  
#  
# [+] Discovered By : Black.Hack3r  
# [+] We Are : M.R.S.CO,Black.Hack3r,N3O,UB313  
# [+] Home : http://www.idc-team.net  
#  
#######################################################  
`