Monday, March 12, 2012

Tinymce ajaxfilemanager remote file upload vulnerability

hello Guys I'm Back with Another Remote Upload Vulnerability, its TinyMCE ajaxfilemanager,
Lets Start 
Open and enter this dork 
select any website from search search results
the vuln website will be like this[path]/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php
you can upload .txt],[.jpg],[gif],[bmp] files here ... you can upload your shell in some sites as php;.jpg but in most sites you can upload txt deface only :|

You'll see your uploded file here
Note: The Path May be chnaged in other websites, I' Not sure about it ,so comment here if you did not found your uploded file in any site 

Live demo :-

No comments:

Post a Comment