This is Very Easy Technique Of Exploiting A Wordpress Website by Uploading A Deface Page Or Shell..!!!
SO here is the Procedure how you Do it:
inurl:admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
inurl:Powered By OpenCart
http://www.schoolshopper.com.au/
http://www.schoolshopper.com.au/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
and Now see file upload option and upload your deface or shellhttp://www.schoolshopper.com.a u/Cyb3r_dev(1).htm
SO here is the Procedure how you Do it:
1- open Google.com and enter Dork:
http://www.schoolshopper.com.au/
You'll Got a lot of websites by google, select anyone .
you must have to search a lot to find good fresh vulnerable websites.:P
For Example i got this one
Then i'll will simply add the vuln URL after the website
Example
(The path May be chnaged in other Website , Examplesite.com/abc/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html)
Now a Page will be open Like This
Now See The connector option which is on top left side on page, Change The Connector into PHP (see the Image below)
and Now see file upload option and upload your deface or shell
and for checking shell or deface check this url
- www.site.com/deface.html
or
www.site.com/shell.php
HACK Wordpress Websites | Open Cart CMSFile Upload vulnerability