AtTestimonials CMS version 1.2 suffers from a missing authentication vulnerability.
====================================================================================================================================
| # Title : AtTestimonials CMS v1.2 Missing Authentication Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit) |
| # Vendor : http://www.dl.persianscript.ir/script/atmanager-system(PersianScript.ir).zip |
| # Dork : © Copyright 2009 : All Rights Reserved Programmed and Developed by themeflash.com |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] appears to be missing authentication on the administrative interface
[+] Use payload : /addnew.php
[+] Add New Testimonials
[+] http://wccpavingcouk/testimonials/addnew.php
[+] Attach any file extension
[+] http://dfwcarfixcom/testimonials/upload/084145ahmad.php
Greetings to :=================================================================
jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |
===============================================================================