Vulners
Lucene search
TinyMCE JBimages 3.x JustBoilMe Arbitrary File Upload
🗓️ 14 Feb 2019 00:00:00Reported by KingSkrupellosType 
packetstorm🔗 packetstormsecurity.com👁 100 Views
`####################################################################
# Exploit Title : TinyMCE JBimages Plugin 3.x JustBoilMe Arbitrary File Upload
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 14/02/2019
# Vendor Homepage : justboil.marketto.ru ~ tiny.cloud
# Software Download Link : github.com/28harishkumar/blog/tree/master/public/js/tinymce
# Software Information Link : tiny.cloud/docs/plugins/
# Software Affected Version : 3.x /4.x / 5.x and Free Version
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : High
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
####################################################################
# Description about Software :
***************************
One Click Image Upload for TinyMCE JBimages Plugin Version 5 and previous versions.
JustBoil.me Images is a simple, elegant image upload plugin for TinyMCE.
It is free, opensource and licensed under Creative Commons Attribution 3.0 Unported License.
####################################################################
# Impact :
***********
TinyMCE JBimages Plugin is prone to a vulnerability that lets attackers upload arbitrary files
it fails to adequately sanitize user-supplied input.
An attacker can exploit this vulnerability to upload arbitrary code and execute it
in the context of the webserver process. This may facilitate unauthorized access
or privilege escalation; other attacks are also possible.
Remote attackers can use browsers to exploit and they can request target sites via URL.
This issue may allow attackers to place malicious scripts on a server, which can lead to various attacks.
####################################################################
# Vulnerable Source Code :
************************
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Upload an image</title>
<script type="text/javascript" src="js/dialog-v4.js"></script>
<link href="css/dialog-v4.css" rel="stylesheet" type="text/css">
</head>
<body>
<form class="form-inline" id="upl" name="upl" action="ci/index.php?upload/english" method="post" enctype="multipart/form-data" target="upload_target" onsubmit="jbImagesDialog.inProgress();">
<div id="upload_in_progress" class="upload_infobar"><img src="img/spinner.gif" width="16" height="16" class="spinner">Upload in progress… <div id="upload_additional_info"></div></div>
<div id="upload_infobar" class="upload_infobar"></div>
<p id="upload_form_container">
<input id="uploader" name="userfile" type="file" class="jbFileBox" onChange="document.upl.submit(); jbImagesDialog.inProgress();">
</p>
<p id="the_plugin_name"><a href="http://justboil.me/" target="_blank" title="JustBoil.me — a TinyMCE Images Upload Plugin">JustBoil.me Images Plugin</a></p>
</form>
<iframe id="upload_target" name="upload_target" src="ci/index.php?blank"></iframe>
</body>
</html>
# Arbitrary File Upload Exploits :
****************************
/tinymce/plugins/jbimages/dialog.htm
/admin/includes/tinymce/js/tinymce/plugins/jbimages/dialog-v4.htm
/Administration/Content/tinymce/plugins/jbimages/dialog-v4.htm
/js/tinymce/plugins/jbimages/dialog-v4.htm
/live/_painel/textare/tinymce/plugins/jbimages/dialog-v4.htm
/scripts/tinymce/plugins/jbimages/dialog-v4.htm
/vendor/tinymce/plugins/jbimages/dialog-v4.htm
/user_data/tinymce/plugins/jbimages/dialog-v4.htm
/adm/sistema/aplicativo/tinymce/js/tinymce/plugins/jbimages/dialog-v4.htm
/app/webroot/js/tinymce/plugins/jbimages/dialog-v4.htm
/main/tinymce/js/tinymce/plugins/jbimages/dialog-v4.htm
/assets/plugins-new/tinymce/plugins/jbimages/dialog-v4.htm
/media/tinymce/plugins/jbimages/dialog-v4.htm
/site/public/scripts/tinymce/plugins/jbimages/dialog-v4.htm
/king-admin/tinymce/plugins/jbimages/dialog-v4.htm
/assets/js/tinymce/plugins/jbimages/dialog-v4.htm
/assets/frontend/tinymce/js/tinymce/plugins/jbimages/dialog-v4.htm
/assets/includes/tinymce/plugins/jbimages/dialog-v4.htm
/lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/jbimages/dialog.htm
/ojs/lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/jbimages/dialog.htm
/ojsinvestigacion/lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/jbimages/dialog.htm
/revista/lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/jbimages/dialog.htm
/themes/admin/vendors/bower_components/tinymce/plugins/jbimages/dialog-v4.htm
/wp-content/themes/career-grooms/assets/js/tinymce/plugins/jbimages/dialog-v4.htm
/wp-content/plugins/Soci_Traffic_Pro/tinymce/js/tinymce/plugins/jbimages/dialog-v4.htm
/static/admin/plugin/tinymce/plugins/jbimages/dialog-v4.htm
/extras/admin/js/tiny_mce/plugins/jbimages/dialog.htm
/tinymce/plugins/jbimages/dialog-v4.htm
/system/js/libs/tiny_mce/plugins/jbimages/dialog.htm
/ressources/js/tinymce/plugins/jbimages/dialog-v4.htm
/admin.[DOMAIN-ADRESS-HERE].com/app/template/js/tinymce/plugins/jbimages/dialog-v4.htm
/data/control/js/tinymce/plugins/jbimages/dialog-v4.htm
/js/vendor/tinymce/plugins/jbimages/dialog-v4.htm
/text_editor/jscripts/tiny_mce/plugins/jbimages/dialog.htm
/public/js/tiny_mce/plugins/jbimages/dialog.htm
/cms/assets/js/tiny_mce/plugins/jbimages/dialog.htm
/assets/bower_components/tinymce/plugins/jbimages/dialog-v4.htm
/content/admin/javascript/tinymce/plugins/jbimages/
/preview/assets/admin/tinymce/plugins/jbimages/dialog-v4.htm
/content/tinymce/plugins/jbimages/dialog-v4.htm
/public/webroot/js/tinymce/plugins/jbimages/dialog-v4.htm
/vendor/tinymce/plugins/jbimages/dialog-v4.htm
/sapred/bibliotecas/tinymce/js/tinymce/plugins/jbimages/dialog-v4.htm
/assets/backend/tinymce/plugins/jbimages/dialog-v4.htm
/media/tinymce/plugins/jbimages/dialog-v4.htm
/loja/app/webroot/js/tinymce/plugins/jbimages/dialog-v4.htm
/httpdocs-bak/httpdocs/tinymce/plugins/jbimages/dialog-v4.htm
/nextgest/assets/js/tinymce/plugins/jbimages/dialog-v4.htm
/assets/tinymce/plugins/jbimages/dialog-v4.htm
/public/content/tinymce/plugins/jbimages/dialog-v4.htm
/apps/ownnote/js/tinymce/plugins/jbimages/dialog-v4.htm
/common/admin/js/tinymce/plugins/jbimages/dialog-v4.htm
/socialDev1/externals/tinymce/plugins/jbimages/dialog-v4.htm
/kutaibarat/js/tinymce/plugins/jbimages/dialog-v4.htm
/v02/assets/js/tinymce/plugins/jbimages/dialog-v4.htm
/Lukas/js/tinymce/plugins/jbimages/dialog-v4.htm
/Lukas/js/tinymce/plugins/jbimages/dialog.htm
/3adminp/js/tinymce/plugins/jbimages/dialog-v4.htm
/content/tinymce/plugins/jbimages/dialog-v4.htm
/view/js/tinymce/js/tinymce/plugins/jbimages/dialog-v4.htm
/ieee-cis/assets/tinymce/plugins/jbimages/dialog-v4.htm
/resources_xt/FW/scripts/tinymce-4.2.6/plugins/jbimages/dialog-v4.htm
/store/lib/tinymce/jscripts/tiny_mce/plugins/jbimages/dialog-v4.htm
/wp-includes/js/tinymce/plugins/jbimages/dialog-v4.htm
/engine/application/views/admin/template/resources/js/tinymce/plugins/jbimages/dialog-v4.htm
/w3skills/editor/plugins/jbimages/dialog-v4.htm
/web/utils/templates/tinymce/js/tinymce/plugins/jbimages/dialog-v4.htm
/plugins/tiny_mce/plugins/jbimages/dialog-v4.htm
/application/views/admin/assets/js/TinyMCE/tiny_mce/plugins/jbimages/dialog.htm
/site/assets/grocery_crud/texteditor/tiny_mce/plugins/jbimages/dialog-v4.htm
/site/assets/grocery_crud/texteditor/tiny_mce/plugins/jbimages/dialog.htm
/App_Themes/Homevestors/Libs/js/tinymce4.7/plugins/jbimages/dialog.htm
/admin/inc/tiny_mce/plugins/jbimages/dialog.htm
####################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
####################################################################
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Feb 2019 00:00Current
7.4High risk
Vulners AI Score7.4