|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|--------------------------------------------------------------|
|[>] Exploit Title: Elfinder Webhost Uploader vulnerability
|[>]
|[>] Exploit Author : CowoKerensTeam
|[>]
|[>] Dork : site:id.ai or IPgrabbing - Reverse IP
|[>]
|[>] Tested on: Windows 10
|[>]
|[>] Date: 25/11/2016
|[>]
|--------------------------------------------------------------|
|[>] Exploit : /_file-manager/php/connector.php
|--------------------------------------------------------------|
|[>]
|[>] Web based Single Exploiter : http://pastebin.com/EMviZw43
|[>] Web based Mass Exploiter : http://pastebin.com/wcpevk2w
|[>] Or Exploiter Online http://own.netau.net/
||--------------------------------------------------------------|
|[>]
|[>] IP Grab : 31.170.166.136 - 31.170.166.156
|[>] [136 or 156] can be changed according to the needs 1 to 300
|[>]
||--------------------------------------------------------------|
|[>]
|[>] www.target.com/_file-manager/php/connector.php
|[>]
|[>] Vuln : {"error":["errUnknownCmd"]}
|[>]
||--------------------------------------------------------------|
|[>]
|[>]
|[>] file uploader in : www.target.com/k.php
|[>]
|[>] Upload Ur Shell or Script Html
|[>]
||--------------------------------------------------------------|
|[>]
|[>]
|[>] DEMO :
|[>] http://alfarotvcanal2.com/_file-manager/php/connector.php
|[>] http://por3man.ir/_file-manager/php/connector.php
|[>] http://kodrian-cs.tk/_file-manager/php/connector.php
|[>] http://www.bookallam.tk/_file-manager/php/connector.php
|[>] http://egypt.ga/_file-manager/php/connector.php
|[>] http://mirprogramm.ru/_file-manager/php/connector.php
|[>] http://www.fxradio.tk/_file-manager/php/connector.php
|[>] http://ezravantour.nl/_file-manager/php/connector.php
|[>] http://adyanit.com/_file-manager/php/connector.php
|[>] http://proxyfree.ml/_file-manager/php/connector.php
|[>] http://pakcastle.com/_file-manager/php/connector.php
|[>] http://karantejwani.tk/_file-manager/php/connector.php
|[>] http://jasonmascarenhas.com/_file-manager/php/connector.php
|[>] http://www.mad-pt.com/_file-manager/php/connector.php
|[>] http://karamadhost.ir/_file-manager/php/connector.php
|[>] http://millarayradio.cl/_file-manager/php/connector.php
|[>] http://www.comfortwater.be/_file-manager/php/connector.php
|[>]
||--------------------------------------------------------------|
|[#]
|[#] CowoKerensTeam
|[#] Facebook.com/CowoKerensTeam
|[#]
|[#]
|[#] Greetz ~ Trenggalek 6etar
|[#]
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|