###################### # Exploit Title : Raw Marketing Bypass Uploader For Upload Shell # Exploit Author : Ashiyane Digital Security Team # Vendor Homepage : http://raw-marketing.com.au/ # Google Dork : intext:" Website by Raw Marketing" # Date: 23 May 2016 # Tested On : Kali # Contact:n3t.hacker@gmail.com ############M######### # Vulnerable File : assetmanager.php # Describe : Search dork and select Target. Put /editor/assetmanager/assetmanager.php After url such as : # http://site.com/editor/assetmanager/assetmanager.php # Now Select File And Upload # For Bypass And Change Dir You Can Use Tamper Data. # Change Filed inpCurrFolder2 To Custom Dir : /home/user/public_html/ # And You Can Change File Type. # # # http://bubsonboard.com.au/editor/assetmanager/assetmanager.php # http://www.kathmanducuisine.com.au/editor/assetmanager/assetmanager.php # http://atvlifeguards.com/editor/assetmanager/assetmanager.php # http://matthewdamesmusic.com/editor/assetmanager/assetmanager.php # http://www.riverwalktasmania.com.au/editor/assetmanager/assetmanager.php # http://sparksbuilders.com.au/editor/assetmanager/assetmanager.php # http://ntfua.com.au/editor/assetmanager/assetmanager.php # http://www.museumofrarefindings.com/editor/assetmanager/assetmanager.php # http://www.rotaryclubofsullivanscove.org.au/editor/assetmanager/assetmanager.php # http://www.gowrie-tas.com.au/editor/assetmanager/assetmanager.php # http://tasbeauty.com.au/editor/assetmanager/assetmanager.php # # # # # # # # ###################### # discovered by : Net Hacker ######################