start here
Open google.com and enter this dork intitle:Moxiecode File browser filetype:php
select website from search results
The Exploit url will be like this
http://[site]/../../js/tiny_mce/plugins/filemanager/upload.php
Live Demo : http://www.dancetag.tv/admin/dancetagExtension/scripts/tiny_mce/plugins/filemanager/frameset.php
(Demo site is patched its just a example ... Find a new site for uploading your deface)
after Going to This page see icons in header of page, serach for upload
new file icon
after clicking on Upload new file icon you'll see a new pop up for upload new files
for Preview your uploaded file go to : site.com/images/urfile if you uploaded a image
and if you have uploded .html file see it here site.com/files/deface.html
Post a Comment