Tuesday, 31 January 2012

FCKeditor v2 remote File Upload Exploit

FCKeditor v2 Files Upload Exploit

Google and Bing Dork: intitle:"FCKeditor - Uploaders Tests"
Catagory : Dork
Exploit : http://website.domain/fckeditor/editor/filemanager/connectors/uploadtest.html

Go to Google.com or Bing.com and type this Dork : intitle:"FCKeditor - Uploaders Tests" 
(use both serach enigines for getting more vulnrable websites)
now you'll Got FCK editor upload option, and you can get Upload option by going to this URL
Now chnage Select the "File Uploader" to use into PHP 
image_2320224.original.jpg (620×272)

Then Select your .txt deface and click on send it to the server  (some websites allowed you to upload .html and .jpg files)
image_2320223.original.jpg (620×349)

if your file sucessfully uploaded, you will got "File uploaded with no errors" Alert 
to View your file see Uploaded File URL
or go to http://www.website.domain/userfiles/yourfilehereor http://www.website.domain/path/userfiles/yourfilehere
Live Demo : http://www.relationshiptrends.com/affiliate/fckeditor/editor/filemanager/connectors/uploadtest.html
Result :

I Spend my 30 minutes in writing this post 
please Spent your 30 secondes and write a Comment below
Please leave your answer here 

1 comment:

Mental health Centennial said...

Interesting post. I Have Been wondering about this issue, so thanks for posting. Pretty cool post.It 's really very nice and Useful post.Thanks Logo design

Post a Comment