Ajax File Manager Login Form Weak Password

2019.06.20
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

############################################################# # Exploit Title: Ajax File Manager Login Form Weak Password # Author: L4663r666h05t x Indonesian Code Party # Vendor: https://tinymceplugins.com/plugins/ajax-file-image-manager # Date: 20 Juny 2019 # Level: Low Risk ############################################################# Impact: An attacker can log in with default password Config: http://localhost/path/ajaxfilemanager/inc/config.base.php NOTE: [PLEASE READ] Rarely do administrators of the site leave their username and password default. But still there is. This is only an estimate, it could be one time you find this bug. I think, this is not a bug, in my opinion this includes human error, because of the error of the website administrator. Some part of config.base.php ------------------------------------------------------------- //Access Control Setting /** * turn off => false * by session => true */ define('CONFIG_ACCESS_CONTROL_MODE', false); define("CONFIG_LOGIN_USERNAME", 'ajax'); define('CONFIG_LOGIN_PASSWORD', '123456'); define('CONFIG_LOGIN_PAGE', 'ajax_login.php'); //the url to the login page ------------------------------------------------------------- Username: ajax | Password: 123456 ------------------------------------------------------------- Login Form: http://localhost/path/ajaxfilemanager/ajax_login.php ------------------------------------------------------------- Demo? use your fvcking brain. Thx to: Mr.Vendetta404 - Indonesian Code Party

References:

https://laggerghost.github.io/afm-default.txt
https://gblog48.blogspot.com/2016/05/remote-file-upload-tinymce-plugins.html
http://www.tkjcyberart.org/2016/04/exploit-tinymce-ajax-file-manager.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top