This Method also Known as Open Cart OpenCart CMS (Web shop) Exploit, Its a old Vunerablity but many people don't know this ... so i'm publishing here a tutorial here
1- open Google.com and enter Dork:
inurl:admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
or
nurl:Powered By OpenCart
You'll Got a lot of websites by google, select anyone ... For Example i got this one School Shopper Home Page Then i'll will simply add the vuln URL after the website
Example
FCKeditor - Connectors Tests
(The path May be chnaged in other Website , Examplesite.com/abc/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html)
Now a Page will be open Like This
http://4.bp.blogspot.com/-lidWGvNV1v...4/s640/wp1.bmp
Now See The connector option which is on top left side on page, Change The Connector into PHP (see the Image below)
http://2.bp.blogspot.com/-JD7gM3NbpD...Y/s400/wp2.bmp
and Now see file upload option and upload your deface or shell and for checking shell or deface check this url
www.site.com/deface.html
or
www.site.com/shell.php
***Thanks***
No comments:
Post a Comment