This Method also Known as Open Cart OpenCart CMS (Web shop) Exploit, Its a old Vunerablity but many pepoles don't know this ... so i'm publishing here a tutorial here
1- open Google.com and enter Dork:
inurl:admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
or
nurl:Powered By OpenCart
You'll Got a lot of websites by google, select anyone ... For Example i got this one
http://www.schoolshopper.com.au/
Then i'll will simply add the vuln URL after the website
Example
http://www.schoolshopper.com.au/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
(The path May be chnaged in other Website , Examplesite.com/abc/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html)
Now a Page will be open Like This
Now See The connector option which is on top left side on page, Change The Connector into PHP (see the Image below)
and Now see file upload option and upload your deface or shell
and for checking shell or deface check this url
www.site.com/deface.html
or
www.site.com/shell.php
I have uploaded xd.html here so you can check http://www.schoolshopper.com.au/xd.html
comment here if you have any problem in this tut
some demo for Practice (maybe some websites patched its my old collection so... )
1- open Google.com and enter Dork:
inurl:admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
or
nurl:Powered By OpenCart
You'll Got a lot of websites by google, select anyone ... For Example i got this one
http://www.schoolshopper.com.au/
Then i'll will simply add the vuln URL after the website
Example
http://www.schoolshopper.com.au/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
(The path May be chnaged in other Website , Examplesite.com/abc/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html)
Now a Page will be open Like This
Now See The connector option which is on top left side on page, Change The Connector into PHP (see the Image below)
and Now see file upload option and upload your deface or shell
and for checking shell or deface check this url
www.site.com/deface.html
or
www.site.com/shell.php
I have uploaded xd.html here so you can check http://www.schoolshopper.com.au/xd.html
comment here if you have any problem in this tut
some demo for Practice (maybe some websites patched its my old collection so... )
Previous Article
Share your views...
1 Respones to "Wordpress fckeditor upload Vulnerability - Upload Your Deface Remotely"
If you ever want to change or up your university grades contact cybergolden hacker he'll get it done and show a proof of work done before payment. He's efficient, reliable and affordable. He can also perform all sorts of hacks including text, whatsapp, password decrypt,hack any mobile phone, Escape Bancruptcy, Delete Criminal Records and the rest
Email: cybergoldenhacker at gmail dot com
11 March 2020 at 11:36
Post a Comment