Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : TinyMCE JBimages Plugin 3.x JustBoilMe Arbitrary File Upload
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 14/02/2019
- # Vendor Homepage : justboil.marketto.ru ~ tiny.cloud
- # Software Download Link : github.com/28harishkumar/blog/tree/master/public/js/tinymce
- # Software Information Link : tiny.cloud/docs/plugins/
- # Software Affected Version : 3.x /4.x / 5.x and Free Version
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : High
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ####################################################################
- # Description about Software :
- ***************************
- One Click Image Upload for TinyMCE JBimages Plugin Version 5 and previous versions.
- JustBoil.me Images is a simple, elegant image upload plugin for TinyMCE.
- It is free, opensource and licensed under Creative Commons Attribution 3.0 Unported License.
- ####################################################################
- # Impact :
- ***********
- TinyMCE JBimages Plugin is prone to a vulnerability that lets attackers upload arbitrary files
- it fails to adequately sanitize user-supplied input.
- An attacker can exploit this vulnerability to upload arbitrary code and execute it
- in the context of the webserver process. This may facilitate unauthorized access
- or privilege escalation; other attacks are also possible.
- Remote attackers can use browsers to exploit and they can request target sites via URL.
- This issue may allow attackers to place malicious scripts on a server, which can lead to various attacks.
- ####################################################################
- # Vulnerable Source Code :
- ************************
- <!DOCTYPE html>
- <html lang="en">
- <head>
- <meta charset="utf-8">
- <title>Upload an image</title>
- <script type="text/javascript" src="js/dialog-v4.js"></script>
- <link href="css/dialog-v4.css" rel="stylesheet" type="text/css">
- </head>
- <body>
- <form class="form-inline" id="upl" name="upl" action="ci/index.php?upload/english" method="post" enctype="multipart/form-data" target="upload_target" onsubmit="jbImagesDialog.inProgress();">
- <div id="upload_in_progress" class="upload_infobar"><img src="img/spinner.gif" width="16" height="16" class="spinner">Upload in progress… <div id="upload_additional_info"></div></div>
- <div id="upload_infobar" class="upload_infobar"></div>
- <p id="upload_form_container">
- <input id="uploader" name="userfile" type="file" class="jbFileBox" onChange="document.upl.submit(); jbImagesDialog.inProgress();">
- </p>
- <p id="the_plugin_name"><a href="http://justboil.me/" target="_blank" title="JustBoil.me — a TinyMCE Images Upload Plugin">JustBoil.me Images Plugin</a></p>
- </form>
- <iframe id="upload_target" name="upload_target" src="ci/index.php?blank"></iframe>
- </body>
- </html>
- # Arbitrary File Upload Exploits :
- ****************************
- /tinymce/plugins/jbimages/dialog.htm
- /admin/includes/tinymce/js/tinymce/plugins/jbimages/dialog-v4.htm
- /Administration/Content/tinymce/plugins/jbimages/dialog-v4.htm
- /js/tinymce/plugins/jbimages/dialog-v4.htm
- /live/_painel/textare/tinymce/plugins/jbimages/dialog-v4.htm
- /scripts/tinymce/plugins/jbimages/dialog-v4.htm
- /vendor/tinymce/plugins/jbimages/dialog-v4.htm
- /user_data/tinymce/plugins/jbimages/dialog-v4.htm
- /adm/sistema/aplicativo/tinymce/js/tinymce/plugins/jbimages/dialog-v4.htm
- /app/webroot/js/tinymce/plugins/jbimages/dialog-v4.htm
- /main/tinymce/js/tinymce/plugins/jbimages/dialog-v4.htm
- /assets/plugins-new/tinymce/plugins/jbimages/dialog-v4.htm
- /media/tinymce/plugins/jbimages/dialog-v4.htm
- /site/public/scripts/tinymce/plugins/jbimages/dialog-v4.htm
- /king-admin/tinymce/plugins/jbimages/dialog-v4.htm
- /assets/js/tinymce/plugins/jbimages/dialog-v4.htm
- /assets/frontend/tinymce/js/tinymce/plugins/jbimages/dialog-v4.htm
- /assets/includes/tinymce/plugins/jbimages/dialog-v4.htm
- /lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/jbimages/dialog.htm
- /ojs/lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/jbimages/dialog.htm
- /ojsinvestigacion/lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/jbimages/dialog.htm
- /revista/lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/jbimages/dialog.htm
- /themes/admin/vendors/bower_components/tinymce/plugins/jbimages/dialog-v4.htm
- /wp-content/themes/career-grooms/assets/js/tinymce/plugins/jbimages/dialog-v4.htm
- /wp-content/plugins/Soci_Traffic_Pro/tinymce/js/tinymce/plugins/jbimages/dialog-v4.htm
- /static/admin/plugin/tinymce/plugins/jbimages/dialog-v4.htm
- /extras/admin/js/tiny_mce/plugins/jbimages/dialog.htm
- /tinymce/plugins/jbimages/dialog-v4.htm
- /system/js/libs/tiny_mce/plugins/jbimages/dialog.htm
- /ressources/js/tinymce/plugins/jbimages/dialog-v4.htm
- /admin.[DOMAIN-ADRESS-HERE].com/app/template/js/tinymce/plugins/jbimages/dialog-v4.htm
- /data/control/js/tinymce/plugins/jbimages/dialog-v4.htm
- /js/vendor/tinymce/plugins/jbimages/dialog-v4.htm
- /text_editor/jscripts/tiny_mce/plugins/jbimages/dialog.htm
- /public/js/tiny_mce/plugins/jbimages/dialog.htm
- /cms/assets/js/tiny_mce/plugins/jbimages/dialog.htm
- /assets/bower_components/tinymce/plugins/jbimages/dialog-v4.htm
- /content/admin/javascript/tinymce/plugins/jbimages/
- /preview/assets/admin/tinymce/plugins/jbimages/dialog-v4.htm
- /content/tinymce/plugins/jbimages/dialog-v4.htm
- /public/webroot/js/tinymce/plugins/jbimages/dialog-v4.htm
- /vendor/tinymce/plugins/jbimages/dialog-v4.htm
- /sapred/bibliotecas/tinymce/js/tinymce/plugins/jbimages/dialog-v4.htm
- /assets/backend/tinymce/plugins/jbimages/dialog-v4.htm
- /media/tinymce/plugins/jbimages/dialog-v4.htm
- /loja/app/webroot/js/tinymce/plugins/jbimages/dialog-v4.htm
- /httpdocs-bak/httpdocs/tinymce/plugins/jbimages/dialog-v4.htm
- /nextgest/assets/js/tinymce/plugins/jbimages/dialog-v4.htm
- /assets/tinymce/plugins/jbimages/dialog-v4.htm
- /public/content/tinymce/plugins/jbimages/dialog-v4.htm
- /apps/ownnote/js/tinymce/plugins/jbimages/dialog-v4.htm
- /common/admin/js/tinymce/plugins/jbimages/dialog-v4.htm
- /socialDev1/externals/tinymce/plugins/jbimages/dialog-v4.htm
- /kutaibarat/js/tinymce/plugins/jbimages/dialog-v4.htm
- /v02/assets/js/tinymce/plugins/jbimages/dialog-v4.htm
- /Lukas/js/tinymce/plugins/jbimages/dialog-v4.htm
- /Lukas/js/tinymce/plugins/jbimages/dialog.htm
- /3adminp/js/tinymce/plugins/jbimages/dialog-v4.htm
- /content/tinymce/plugins/jbimages/dialog-v4.htm
- /view/js/tinymce/js/tinymce/plugins/jbimages/dialog-v4.htm
- /ieee-cis/assets/tinymce/plugins/jbimages/dialog-v4.htm
- /resources_xt/FW/scripts/tinymce-4.2.6/plugins/jbimages/dialog-v4.htm
- /store/lib/tinymce/jscripts/tiny_mce/plugins/jbimages/dialog-v4.htm
- /wp-includes/js/tinymce/plugins/jbimages/dialog-v4.htm
- /engine/application/views/admin/template/resources/js/tinymce/plugins/jbimages/dialog-v4.htm
- /w3skills/editor/plugins/jbimages/dialog-v4.htm
- /web/utils/templates/tinymce/js/tinymce/plugins/jbimages/dialog-v4.htm
- /plugins/tiny_mce/plugins/jbimages/dialog-v4.htm
- /application/views/admin/assets/js/TinyMCE/tiny_mce/plugins/jbimages/dialog.htm
- /site/assets/grocery_crud/texteditor/tiny_mce/plugins/jbimages/dialog-v4.htm
- /site/assets/grocery_crud/texteditor/tiny_mce/plugins/jbimages/dialog.htm
- /App_Themes/Homevestors/Libs/js/tinymce4.7/plugins/jbimages/dialog.htm
- /admin/inc/tiny_mce/plugins/jbimages/dialog.htm
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement