Labels

Powered by Blogger.

ur-solution

chase what you want

Featured Post

Script Phising Fortnite - Redeem Season 8

Script Phising Fortnite - Redeem Season 8 1. Event Display 2. Login Display 3. Display After Login Note : u can...

Search This Blog

Blog Archive

Categories

Backdoor (5) Script (1) Tutorials (12)

Blogger templates

Blogger news

ngewek

haha

Recent Posts

About

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel

Moxiecode Vulnerability File Upload

Moxiecode Vulnerability File Upload


dork :use ur imagination
exploit :/moxiemanager/
example :site.com/tinymce/plugins/moxiemanager/
allow types : php,zip,gif,pdf etc


Seandainya "Invalid file name" pas upload file php kalian bisa bypass dengan cara filemu dimasukkan kedalam folder .zip dan
upload ke sitenya dan klik kanan file .zip yg udah di upload
klik "Unzip" dan file yang di dalam .zip akan ter extract
dan kalian bisa mengakses filemu yang di dalam .zip
untuk akses default path :
"tinymce/plugins/moxiemanager/data/files/urfile.php.gif"

Thanks for Visiting