Main » Articles » Web Hacking » Exploits and Vulenrablities

ANOTHER DEFACE AND SHELL UPLOAD VULNERABILITY
This is the vulnerability similar to FCK Editor file upload vulnerability which allows you to upload your and or shell on the target website.

Google Dork 
"Portail Dokeos 1.8.5"
Vulnerable URL http://website/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html

Goto :http://website/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html


Select the "File Uploader" to use
Change the type from ASP to PHP.
Choose your file.
Click on Send it to the Server to upload your file.





If uploaded successfully, you will get a message saying "File uploaded without any error" After the uploading process. In the right hand side see the Uploaded File URL. From there see your uploaded file.

Demo Website

http://www.ecoleprimaireenligne.fr/main/upload/pwned_2.htm
http://my.eurasiam.com/main/upload/Owned_by_ICH_ALMAS.htm
http://el.technifutur.be/main/upload/pwned.htm
http://ns5.freeheberg.com/~dispensa/main/upload/Hacked_By_INDIAN_HACKER.htm
Category: Exploits and Vulenrablities | Added by: MaX-HaCker (12.07.12)
Views: 923 | Rating: 4.5/2
Total comments: 0
Only registered users can add comments.
[ Registration | Login ]
Recommend on Google

Designed By [#]./3X3.R()()T
Like Us on Facebook Follow Us on Twitter Subscribe Us on Youtube WWW.GeniusHackers.NET © 2024
Founder and CEO of GeniusHackers [#] /3x3.R()()T
Hosted by uCoz
Hosted by uCoz