Search This Blog

Sunday, December 23, 2012

Exploiting a FCKeditOr.




What you will need:

1) Modified .htaccess (Code is below)
2) Shell in name_php.gif format
3) Site with FCKeditor
Chapter I - Collecting vulnerable site

It's easy to dork one.
Simple dork:
Code:
inurl:fckeditor intitle:Connectors Test
NOTE: Sometimes this method will not work. 

When you found a site navigate to the:
Code:
/fckeditor/editor/filemanager/browser/default/connectors/test.html
So for example if you have your site like:
Code:
[URL='http://www.site.com/fckeditor/']http://www.site.com/fckeditor/
[/URL]

You add
Code:
editor/filemanager/browser/default/connectors/test.html
You will get something like this:
[IMG]

Now here comes exploiting.
Chapter II - Exploiting

Select "PHP" from the top left drop menu and click "Get folders" if it comes up with this:

[IMG]

It means Connector is enabled and working.
Next thing you want to do is to create a new folder. 

[IMG]

When you created that click on "Get folders" again to check if it exists.

[IMG]

Open up notepad and paste you shell source in it.
Save it as shell_php.gif.

In current folder field enter your new folder (My case is tutorial-haxor) and press "Get folders" again.

[IMG]
[IMG]

Now just upload .htaccess and shell_php.gif

[IMG]

Just access your shell:

[IMG]

And thats it.
I hope you enjoyed this little tutorial.
Thanks for reading! :)

1) .htaccess code:
Code:
<FilesMatch "_php.gif">
SetHandler application/x-httpd-php
</FilesMatch>

Add To Google BookmarksStumble ThisFav This With TechnoratiAdd To Del.icio.usDigg ThisAdd To RedditTwit ThisAdd To FacebookAdd To Yahoo
Posted by Vishal S Sangwa at 12/23/2012 11:08:00 AM
Labels:

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)