Search This Blog

Saturday, June 2, 2012

Geeklog Remote Deface Upload Vunerablity

Geeklog Remote Deface Upload  Vunerablity, This Vunerablity is Similar to wordpress fckeditor upload Vunerablity (read about wordpress fckeditor uploadVunerablity ) in Geeklog just the Path Changed,


Lets Start 
open google.com & enter This dork 
inurl:"/geeklog/" 
or 
index of/ geeklog/fckeditor/editor/filemanager/upload/test.html


Now go to site site.com/geeklog/
 Now Put The Url /Geeklog/fckeditor/editor/filemanager/upload/test.html after .com .net or site domain
now the url will be 
site.com/Geeklog/fckeditor/editor/filemanager/upload/test.html

Now select php in 
Select the "File Uploader" to use:


Now Upload Your deface :) 

Live Demo
http://www.sightline4bd.com/geeklog/
http://www.sightline4bd.com/geeklog/fckeditor/editor/filemanager/upload/test.html
http://sightline4bd.com/geeklog/images/libraryHack.htm

Add To Google BookmarksStumble ThisFav This With TechnoratiAdd To Del.icio.usDigg ThisAdd To RedditTwit ThisAdd To FacebookAdd To Yahoo

0 comments:

Post a Comment