Menu
 

So After Previous as i said i will be posting more on web exploit so here is one more web exploit.
FCKEditor Exploit,Web Vulnerability
Google and Bing Dork: intitle:"FCKeditor - Uploaders Tests"

Category Of Vulnreability : Remote Upload

Exploit : http://website.domain/fckeditor/editor/filemanager/connectors/uploadtest.html

Steps that you need to do.

Go to Google.com or Bing.com and type this Dork : intitle:"FCKeditor - Uploaders Tests"
(use both search engines for getting more vulnerable websites)

now you'll Got FCK editor upload option, and you can get Upload option by going to this URL

http://website.domain/fckeditor/editor/filemanager/connectors/uploadtest.html

Now change Select the "File Uploader" to use into PHP

Then Select your .txt deface and click on send it to the server (some websites allowed you to upload .html and .jpg files)


if your file successfully uploaded, you will got "File uploaded with no errors" Alert

to View your file see Uploaded File URL

or go to:

http://www.website.domain/userfiles/yourfilehere or http://www.website.domain/path/userfiles/yourfilehere

Live Demo :

http://www.relationshiptrends.com/affiliate/fckeditor/editor/filemanager/connectors/uploadtest.html

http://minisite.nku.edu.tr/fckeditor/editor/filemanager/connectors/uploadtest.html


Result :
http://www.relationshiptrends.com/affiliate/img/ck.txt

http://minisite.nku.edu.tr//userfiles/ck.txt

Next time i will post many such tutorial stay updated stay connected :).

Post a Comment

  1. I researched about the file upload for more information you may click here

    ReplyDelete

Feel Free To Ask Your Query we Love To Answer

 
Top