TinyMCE MCFileManager 2.1.2 remote shell upload vulnerability

2010-10-05 / 2010-10-06

Credit: Hackeri-AL

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

==============================================
File Upload Vulnerability [ Plugins tiny_mce ]
==============================================
http://tinymce.moxiecode.com/plugins_filemanager.php
####################################################################
Author : Hackeri-AL
Contact : h-al [at] hotmail [dot] it
Greetz : LoocK3D & b4cKd00r ~ & GHoST61 & BaDBoy
My Group : UAH-Crew = United Albania Hackers
####################################################################
[~] DORK: inurl:/tiny_mce/plugins/filemanager/
--------------------------------------------------------------------
[~] You go to : htpp://web.com/tiny_mce/plugins/filemanager/
[~] Redirect to : htpp://web.com/tiny_mce/plugins/filemanager/examples.html <[ upload here shell or index.html ]
[~] Shell or index : htpp://web.com/tiny_mce/plugins/filemanager/files/shell.php or index.html
####################################################################
[~] Proud 2 be Albania
[~] Proud 2 be Muslim
[~] United States of Albania
####################################################################

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

TinyMCE MCFileManager 2.1.2 remote shell upload vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.