elFinder 2.0 - file manager for web(rc1) - File Upload Vulnerability

_\|/_
         (o o)
 +----oOO-{_}-OOo--------------+
 |==> Author: MR.XpR           +
 +==> FB.Com/Mr.XpR            +
 +==> IRaNHACK.ORG             +
 |==> [email protected]     +
 +-----------------------------+
 
# Exploit Title: elFinder 2.0 - file manager for web(rc1)- File Upload
# Version : 2.0
# Risk : High
# Date : 2014 25 June
# Download SoftWare : https://github.com/downloads/Studio-42/elFinder/elfinder-2.0-rc1.tar.gz
# Publisher : http://elfinder.org/
# GooGle Dorks : inurl:elfinder.html        inurl:inurl:/elfinder/elfinder.html         inurl:ckeditor/elfinder/elfinder.html
# Test on : Linux , 7
# ScreenShot 1 : http://uploaderx.persiangig.com/Demo/elfinder_Remote_File_Uploader.png
# ScreenShot 2 : http://uploaderx.persiangig.com/Demo/elfinder_Remote_File_Uploader2.png
# Video Demo   :  https://www.youtube.com/watch?v=nk7x5gy0vHs&feature=youtu.be

# Info :

u can upload .php .php3 .php6 .txt .html .pl .htaccess and ...
Upload Your webshell and load from :

site.com/var/upload/ro0t.php
site.com/files/upload/ro0t.php
site.com/var/upload/ro0t.php
for get file url double click on your file to open file iframe page

# Exploit :

Site.com/var/ckeditor/elfinder/elfinder.html

# P0c :

http://hhschoten.lionturtle.be/editor/tinymce/plugins/elfinder/elfinder.html
http://allcall.info/var/ckeditor/elfinder/elfinder.html
http://elfinder.org/
http://gemaraberura.com/app/moodle/local/filemanager/elfinder.html
http://dev.illuminz.com/pms/library/fm/elfinder.html
http://dl.ajums.ac.ir/radny/misc/elfinder/elfinder.html
http://www.giaccheverdi.it/admin/elfinder/elfinder.html


# Online Demo : 

http://hhschoten.lionturtle.be/editor/uploads/WeBShell.php
http://elfinder.org/files/test/test.php
http://allcall.info/var/upload/IRH/test.php
http://www.giaccheverdi.it/admin/upimmagini/test.php6
http://www.giaccheverdi.it/admin/upimmagini/uploder.php6

./iranhack.org

#  0day.today [2018-04-06]  #