TinyMCE MCFileManager 2.1.2 Arbitrary arbitrary file upload vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201028037
Type myhack58
Reporter 佚名
Modified 2010-10-06T00:00:00


TinyMCE MCFileManager 2.1.2 Arbitrary upload page, not the file name filtering leads to arbitrary file vulnerability

google: inurl: /tiny_mce/plugins/filemanager/

Enter the upload page : http://www. myhack58. com/tiny_mce/plugins/filemanager/

Upload shell: http://www.myhack58.com/tiny_mce/plugins/filemanager/examples.html

<[ upload here shell or index.html ]

shell address: htpp://www.hackqing.cn/tiny_mce/plugins/filemanager/files/shell.php or index.html