Main » Articles » Web Hacking » Exploits and Vulenrablities |
FCKEDITOR: REMOTE FILE UPLOAD EXPLOIT
Dork: intitle:"FCKeditor - Uploaders Tests" Exploit: http://website.domain/fckeditor/editor/filemanager/connectors/uploadtest.html By searching this dork you will get many websites, Goto to the above mentioned URL and you will get the FCKeditor there. Change the file uploader to PHP then select your .txt deface and click on send it to the server. If the file is uploaded sucessfully you will get a alert saying "File Uploaded with no errors" . See you deface here: http://www.website.domain/userfiles/yourfilehere http://www.website.domain/path/userfiles/yourfilehere Note: Some websites even allow to upload .html and .jpg files also. | |
Views: 1262 | Rating: 4.3/3 |
Total comments: 0 | |