ANOTHER DEFACE AND SHELL UPLOAD VULNERABILITY

This is the vulnerability similar to FCK Editor file upload vulnerability which allows you to upload your and or shell on the target website.
Google Dork: "Portail Dokeos 1.8.5"
Vulnerable URL: http://website/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
Goto :http://website/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
Now under:
Select the "File Uploader" to use Change the type from ASP to PHP. Choose your file. Click on Send it to the Server to upload your file. |
Demo Website;
http://www.ecoleprimaireenligne.fr/main/upload/pwned_2.htm
http://my.eurasiam.com/main/upload/Owned_by_ICH_ALMAS.htm
http://el.technifutur.be/main/upload/pwned.htm
http://ns5.freeheberg.com/~dispensa/main/upload/Hacked_By_INDIAN_HACKER.htm
No comments: