PGR-Filemanager | Arbitrary File Upload

2021.08.06
id KimiHmei7 (ID) id
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Exploit Title : PGR-Filemanager | Arbitrary File Upload # Vendor Homepage : N/A # Discovered By : KimiHmei7 # Author Homepage : HTTPS://TEGALSEC.ORG # Google Dork : inurl:/plugins/pgrfilemanager/ # Step by Step 1. Dorking on google for find site 2. Add this exploit /PGRFileManager.php . example: ~ https://site.com/public/js/ckeditor/plugins/pgrfilemanager/PGRFileManager.php If you see File Uploader mean that site is vulnerable. 3. Upload shell with extension .txt example : ~ shell.txt 4. Then rename into php extension. 5. You can find your shell in directory /public/upload/[folder]/shell.php example : https://site.com/public/upload/[folder]/shell.php # Demo? No demo. Find vulnerable sites with your brain! Greetz : Family Attack Cyber - Tegal1337


Vote for this issue:
28%
72%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top