#Title : phpMyFAQ 2.8.x Arbitrary File Upload Vulnerabillity
#Author : DevilScreaM
#Date : 10/26/2013
#Category : Web Applications
#Type : PHP
#Vendor : http://phpmyfaq.de/
#Version : 2.8.x
#Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security
Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber
#Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded |
#Vulnerabillity : Arbitrary File Upload
#Dork : intext:powered by phpMyFAQ
Exploit & POC
1. Login to Page Admin
Go to
http://site-target/admin/editor/plugins/ajaxfilemanager/ajaxfilemanager.php
2. Browse Your File, and Click Upload
Result Upload
http://site-target/images/[YOUR_FILE].txt
Example :
http://jen.demo.phpmyfaq.de/images/devilscream.txt
http://roy.demo.phpmyfaq.de/images/devilscream.txt