hello Guys I'm Back with Another Remote Upload Vulnerability, its TinyMCE ajaxfilemanager,
Lets Start
Open Google.com and enter this dork
"tiny_mce/plugins/ajaxfilemanager"
select any website from search search results
the vuln website will be like this http://site.com/[path]/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php
you can upload .txt],[.jpg],[gif],[bmp] files here ... you can upload your shell in some sites as php;.jpg but in most sites you can upload txt deface only :|
You'll see your uploded file here
http://site.com/images/yourfilehere
or http://site.com/uploded/tmp/yourfilehere
Note: The Path May be chnaged in other websites, I' Not sure about it ,so comment here if you did not found your uploded file in any site
Live demo :- http://www.thebradshawscornershop.co.uk/scripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php#
No comments:
Post a Comment