Menu
 
» » » » » Html editor Remote File Upload vulnerability on websites

A+ A-

Html editor File Upload vulnerability



Google Dork : inurl:/HTMLEditor/editor/
or "inurl:/HTMLEditor/editor//filemanager/"
or "inurl:/HTMLEditor/editor//filemanager//connectors/"


Exploit : http://website/HTMLEditor/editor/filemanager/connectors/uploadtest.html
or http://website/path/HTMLEditor/editor/filemanager/connectors/uploadtest.html


Go here :

http://website/HTMLEditor/editor/filemanager/connectors/uploadtest.html
or http://website/path/HTMLEditor/editor/filemanager/connectors/uploadtest.html

change connectors into PhP (Like FCKeditor) and upload Your file


supported files : .TXT and .JPG in some site you can upload .html and .php too


to view you file goto : http://website/PowerCMS%20folder/files/your file here
or http://website/patch//PowerCMS%20folder/files/your file here

Enjoy the vulnerability and upload you page to show others your hacks.
Posted by
Labels: , , ,

Share to:

at 4:24 PM

Post a Comment

Feel Free To Ask Your Query we Love To Answer

Subscribe to: Post Comments (Atom)
 
Top