Atomy Maxsite – ‘index.php’ Arbitrary File Upload

Exploit Database
106 阅读

作者： Iranian_Dark_Coders_Team

日期： 2013-06-30
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/38607/

source: https://www.securityfocus.com/bid/60859/info

Atomy Maxsite is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.

An attacker can exploit this issue to upload arbitrary code and execute it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

Atomy Maxsite versions 1.50 through 2.5 are vulnerable. 

http://www.example.com/[path]/index.php?name=research&file=add&op=research_add

last Exploits
Atomy Maxsite – ‘index.php’ Arbitrary File Upload的更多信息

WordPress Plugin Spellchecker 3.1 – ‘/general.php’ Local/Remote File Inclusion：
MyBB Moderator Log Notes Plugin 1.1 – Cross-Site Request Forgery：
FS Thumbtack Clone 1.0 – ‘cat’ / ‘sc’ SQL Injection：
Pligg CMS 2.0.2 – Cross-Site Request Forgery (Add Admin)：
PageKit 1.0.10 – Password Reset：
Joomla! Component PHP-Bridge 1.2.3 – SQL Injection：
Quest NetVault Backup Server < 11.4.5 - Process Manager Service SQL Injection / Remote Code Execution：
Joomla! Component com_bfsurvey – Local File Inclusion：