Home of WhiteHat CyberArmy
 
HomeFAQSearchMemberlistUsergroupsRegisterLog in

Share | 
 

 Wordpress fckeditor upload Vunerablity : Upload Your Deface Remotly

Go down 
AuthorMessage
W-P
Admin
avatar

Posts : 80
Join date : 2013-11-12
Age : 32
Location : Cyber World

PostSubject: Wordpress fckeditor upload Vunerablity : Upload Your Deface Remotly   Tue Nov 12, 2013 12:17 pm

This Method also Known as Open Cart OpenCart CMS (Web shop) Exploit, Its a old Vunerablity but many pepoles don't know this

1- open Google.com and enter Dork:
Code:
inurl:admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
or
Code:
nurl:Powered By OpenCart
You'll Got a lot of websites by google, select anyone ... For Example i got this one

[You must be registered and logged in to see this link.]

Then i'll will simply add the vuln URL after the website

Ex:
Code:
http://www.schoolshopper.com.au/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
(The path May be chnaged in other Website , Example site.com/abc/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html)

Now a Page will be open Like This:

[You must be registered and logged in to see this image.]

Now See The connector option which is on top left side on page, Change The Connector into PHP (see the Image below)

[You must be registered and logged in to see this image.]

and Now see file upload option and upload your deface or shell

and for checking shell or deface check this url

[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

Enjoy Hacking!
Back to top Go down
View user profile http://whitehatcyberarmy.pro-forums.co.uk
 
Wordpress fckeditor upload Vunerablity : Upload Your Deface Remotly
Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
Home of Ethical WhiteHat CyberArmy :: WhiteHat CyberArmy Community :: Hacking & Security Tutorials-
Jump to: