############################################################# # Exploit Title: Ajax File Manager Login Form Weak Password # Author: L4663r666h05t x Indonesian Code Party # Vendor: https://tinymceplugins.com/plugins/ajax-file-image-manager # Date: 20 Juny 2019 # Level: Low Risk ############################################################# Impact: An attacker can log in with default password Config: http://localhost/path/ajaxfilemanager/inc/config.base.php NOTE: [PLEASE READ] Rarely do administrators of the site leave their username and password default. But still there is. This is only an estimate, it could be one time you find this bug. I think, this is not a bug, in my opinion this includes human error, because of the error of the website administrator. Some part of config.base.php ------------------------------------------------------------- //Access Control Setting /** * turn off => false * by session => true */ define('CONFIG_ACCESS_CONTROL_MODE', false); define("CONFIG_LOGIN_USERNAME", 'ajax'); define('CONFIG_LOGIN_PASSWORD', '123456'); define('CONFIG_LOGIN_PAGE', 'ajax_login.php'); //the url to the login page ------------------------------------------------------------- Username: ajax | Password: 123456 ------------------------------------------------------------- Login Form: http://localhost/path/ajaxfilemanager/ajax_login.php ------------------------------------------------------------- Demo? use your fvcking brain. Thx to: Mr.Vendetta404 - Indonesian Code Party