PGR-Filemanager | Arbitrary File Upload

2021.08.06

KimiHmei7 (ID)

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: inurl:/plugins/pgrfilemanager/

Exploit Title : PGR-Filemanager | Arbitrary File Upload
# Vendor Homepage : N/A
# Discovered By : KimiHmei7
# Author Homepage : HTTPS://TEGALSEC.ORG

# Google Dork : inurl:/plugins/pgrfilemanager/

# Step by Step
1. Dorking on google for find site
2. Add this exploit /PGRFileManager.php . 
example: ~ https://site.com/public/js/ckeditor/plugins/pgrfilemanager/PGRFileManager.php
If you see File Uploader mean that site is vulnerable. 
3. Upload shell with extension .txt
example : ~ shell.txt
4. Then rename into php extension.
5. You can find your shell in directory /public/upload/[folder]/shell.php
example : https://site.com/public/upload/[folder]/shell.php

# Demo?
No demo. Find vulnerable sites with your brain! 
Greetz :  Family Attack Cyber - Tegal1337

See this note in RAW Version

Vote for this issue:

33%

67%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

PGR-Filemanager | Arbitrary File Upload

Dork: inurl:/plugins/pgrfilemanager/

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.