So After Previous as i said i will be posting more on web exploit so here is one more web exploit.
Google and Bing Dork: intitle:"FCKeditor - Uploaders Tests"
Category Of Vulnreability : Remote Upload
Exploit : http://website.domain/fckeditor/editor/filemanager/connectors/uploadtest.html
Steps that you need to do.
Go to Google.com or Bing.com and type this Dork : intitle:"FCKeditor - Uploaders Tests"
(use both search engines for getting more vulnerable websites)
now you'll Got FCK editor upload option, and you can get Upload option by going to this URL
Now change Select the "File Uploader" to use into PHP
Then Select your .txt deface and click on send it to the server (some websites allowed you to upload .html and .jpg files)
if your file successfully uploaded, you will got "File uploaded with no errors" Alert
to View your file see Uploaded File URL
or go to:
http://www.website.domain/userfiles/yourfilehere or http://www.website.domain/path/userfiles/yourfilehere
Live Demo :
Next time i will post many such tutorial stay updated stay connected :).
Home » Exploits » GoogleHacking » Hacking » Research » RTE Vulnerability » Website Hacking » Website Vulnerability » WordPress Hacking » Exploit FCKeditor v2 remote File Upload | Web Vulnreability
Subscribe to: Post Comments (Atom)
I researched about the file upload for more information you may click hereReplyDelete