HomeclosedFAQRegisterLog in

Share | 
 

 Wordpress fckeditor upload Vunerablity : Upload Your Deface Remotly

Go down 
AuthorMessage
V1P3R
WhiteHat Support
WhiteHat Support
avatar

Posts : 76
White Hat Points : 202
White Hat Reputation : 10
Join date : 2013-07-30

PostSubject: Wordpress fckeditor upload Vunerablity : Upload Your Deface Remotly   Thu Aug 08, 2013 11:05 am

This Method also Known as Open Cart OpenCart CMS (Web shop) Exploit, Its a old Vunerablity but many pepoles don't know this

1- open Google.com and enter Dork:
Code:
inurl:admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
or
Code:
nurl:Powered By OpenCart

You'll Got a lot of websites by google, select anyone ... For Example i got this one

[You must be registered and logged in to see this link.]

Then i'll will simply add the vuln URL after the website

Ex:
Code:
http://www.schoolshopper.com.au/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
(The path May be chnaged in other Website , Example site.com/abc/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html)

Now a Page will be open Like This:

[You must be registered and logged in to see this image.]

Now See The connector option which is on top left side on page, Change The Connector into PHP (see the Image below)

[You must be registered and logged in to see this image.]

and Now see file upload option and upload your deface or shell

and for checking shell or deface check this url

[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

Enjoy Hacking!

_________________
Mess with the Best, Die like the Rest
Back to top Go down
 
Wordpress fckeditor upload Vunerablity : Upload Your Deface Remotly
Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
Home of Ethical White Hat Hackers :: White Hat Hackers Community :: Hacking & Security Tutorials-
Jump to: