"Tmedit Popuop" Deface and Shell upload vulnerability
Dork: inurl:/editor/tmedit/popups
Exploit Path : /editor/tmedit/popups/InsertFile/insert_file.php
#start :)
open Google.com or Bing.com and type this dork inurl:/editor/tmedit/popups
i got 9740 vulnrable results, now select any site from seacrh result and look for upload option on that Page now upload you shell, deface page, or anyfile there,
After uploading your file you'll see your uploaded file's url there, if you are not getting any perview url then goto /images directory to view your uploaded file
for example : http://vulnrablesite.com/images/yourfilehere
Live Demo :
http://www.arabicthailand.com/editor/tmedit/popups/insert_image_en.php
http://www.masjidklangchachengsao.com/editor/tmedit/popups/InsertFile/insert_file.php
No comments:
Post a Comment