Learn Full Metasploit (Free Ebook By Ownedsec)

Sunday, 9 October 2011

Home » Wordpress Hacking » wordpress fckeditor upload Vunerablity : Upload Your Deface Remotly


wordpress-bug-300x276.png (300×276)
This Method also Known as Open Cart OpenCart CMS (Web shop) Exploit, Its a old Vunerablity but many pepoles don't know this ... so i'm publishing here a tutorial here 

1- open Google.com and enter Dork:


  • inurl:admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
or
  • nurl:Powered By OpenCart
You'll Got a lot of websites by google, select anyone ... For Example i got this one 
  • http://www.schoolshopper.com.au/
Then i'll will simply add the vuln URL after the website 

Example
  • http://www.schoolshopper.com.au/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
(The path May be chnaged in other Website , Example site.com/abc/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html)

Now a Page will be open Like This 



Now See The connector option which is on top left side on page, Change The Connector into PHP (see the Image below)













and Now see file upload option and upload your deface or shell
and for checking shell or deface check this url 
  • www.site.com/deface.html
  • or
  • www.site.com/shell.php
I have uploaded xd.html here so you can check http://www.schoolshopper.com.au/xd.html

comment here if you have any problem in this tut 
Victoire
some demo for Practice (maybe some websites patched its my old collection so... )

  • http://ruthsgarden.com/jaihind.html
  • http://www.utahflowers.net/jaihind.html
  • http://www.eesnet.org/jaihind.html
  • http://bestonlinediscounts.net/
  • http://wenrestaurant.com/
  • http://ruthsgarden.com/
  • http://www.utahflowers.net/
  • http://www.inlove.my/
  • http://megamall.com.pk/
  • http://stefanyboutique.com/
  • http://www.virtualgeorge.info/
  • http://iphoneclone.biz/
  • http://amourcristallis.com/
  • http://www.eesnet.org/
  • http://www.schoolshopper.com.au/
  • http://www.mymaxi.nl/
  • http://wiretek.net/
  • http://shop.tjokgus.com/
  • http://www.aquariumsystem.it/
  • http://uae-shopper.com/
  • http://organicjewelries.com/
  • http://www.granmasantiques.com/
  • http://avocadogenie.com/
  • http://www.inputandanalysis.com
  • http://eddiegifts.com/
  • http://bestonlinediscounts.net/
  • http://wenrestaurant.com/
  • http://ruthsgarden.com/
  • http://www.utahflowers.net?/
  • http://www.inlove.my/
  • http://megamall.com.pk/
  • http://stefanyboutique.com?/
  • http://www.inputandanalysis.com/
  • http://www.virtualgeorge.info/
  • http://iphoneclone.biz/
  • http://amourcristallis.com?/
  • http://www.eesnet.org/
  • http://www.schoolshopper.com.au/
  • http://www.mymaxi.nl/
  • http://wiretek.net/
  • http://shop.tjokgus.com/
  • http://www.aquariumsystem.it/
  • http://uae-shopper.com/
  • http://organicjewelries.com/
  • http://www.granmasantiques.com/
  • http://avocadogenie.com/
  • http://www.inputandanalysis.com/
  • http://www.utahflowers.net/
  • http://stefanyboutique.com/
  • http://amourcristallis.com/
    source deviul's cafe

0 comments:

Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by ramadan | Bloggerized by ramzan - ramzan 2015 | ramadan 2015