ANOTHER DEFACE AND SHELL UPLOAD VULNERABILITY

This is the vulnerability similar to FCK Editor file upload vulnerability which allows you to upload your and or shell on the target website.

Google Dork: "Portail Dokeos 1.8.5"

Vulnerable URL: http://website/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html

Goto :http://website/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html

Now under:

Select the "File Uploader" to use
Change the type from ASP to PHP.
Choose your file.
Click on Send it to the Server to upload your file.

If uploaded sucessfully, you will get a message saying "File uploaded without any error" After the uploading process. In the right hand side see the Uploaded File URL. From there see your uploded file

Demo Website;
http://www.ecoleprimaireenligne.fr/main/upload/pwned_2.htm
http://my.eurasiam.com/main/upload/Owned_by_ICH_ALMAS.htm
http://el.technifutur.be/main/upload/pwned.htm
http://ns5.freeheberg.com/~dispensa/main/upload/Hacked_By_INDIAN_HACKER.htm

Hackers Hands

Header Ads

ANOTHER DEFACE AND SHELL UPLOAD VULNERABILITY

Leave a Comment

No comments:

CLICK HERE TO BUY FROM AMAZON TO SUPPORT US

Social

Contact us

banner

Portfolio

Pages

Recent Posts

Best Sites To Buy and Sell Second Hand Used Items Online in India

5 Free Software to Make Unattended/Silent Installers

5 Tips to Boost Your iOS 5 Experience

Use SSH Tunneling to surf net invisibly

Random Posts

Tags

Recent in Sports

Best Sites To Buy and Sell Second Hand Used Items Online in India

5 Free Software to Make Unattended/Silent Installers

5 Tips to Boost Your iOS 5 Experience

Header Ads

ANOTHER DEFACE AND SHELL UPLOAD VULNERABILITY

You Might Also Like

Leave a Comment

No comments:

CLICK HERE TO BUY FROM AMAZON TO SUPPORT US

Social

Contact us

banner

Portfolio

Pages

Recent Posts

Random Posts

Tags

Recent in Sports