Thursday, May 31, 2012

0 Website Hacking With Moxiecode File Browser

Open google.com and enter this dork intitle:Moxiecode File browser filetype:php
select website from search results
The Exploit url will be like this


http://[site]/../../js/tiny_mce/plugins/filemanager/upload.php


Live Demo : http://www.dancetag.tv/admin/dancetagExtension/scripts/tiny_mce/plugins/filemanager/frameset.php
(Demo site is patched its just a example ... Find a new site for uploading your deface)


after Going to This page see icons in header of page, serach for upload
new file icon


after clicking on Upload new file icon you'll see a new pop up for upload new files


for Preview your uploaded file go to : site.com/images/urfile if you uploaded a image
and if you have uploded .html file see it here site.com/files/deface.html


or http://[site]/../../js/tiny_mce/plugins/filemanager/files/deface.html

0 Comments

Bagaimana Pendapat Anda ?