TinyMCE AjaxFileManager Shell Upload is yet another vulnerability in TinyMCE which allows remote attacker to upload .txt .jpg .png .jpeg .bmp and in some cases even allows the attacker to upload PHP shell or a deface page.
Dork : inurl:/tiny_mce/plugins/filemanager/
Use multiple search engines to search the dork to get more vulnerable websites, then from the search result select any website of your choice and open it, you will get the following page as in the image (click on image to view it large size)
Dork : inurl:/tiny_mce/plugins/filemanager/
Use multiple search engines to search the dork to get more vulnerable websites, then from the search result select any website of your choice and open it, you will get the following page as in the image (click on image to view it large size)
Exploit
http://[localhost]/[path]/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php
http://[localhost]/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php
Navigate to any of the above links (any one of them will be present) and check the top right corner, you will see a upload option there. Click on it, select your file and click on upload.
To view your uploaded file visit http://www.website.com/uploaded/temp/yourfilename
Tags
tecnologia