1- open Google.com and enter Dork:
- inurl:admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
- nurl:Powered By OpenCart
You'll Got a lot of websites by google, select anyone ... For Example i got this one
- http://www.schoolshopper.com.au/
Then i'll will simply add the vuln URL after the website
Example
- http://www.schoolshopper.com.au/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
(The path May be chnaged in other Website , Examplesite.com/abc/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html)
Now a Page will be open Like This
Now See The connector option which is on top left side on page, Change The Connector into PHP (see the Image below)
and Now see file upload option and upload your deface or shell
and for checking shell or deface check this url
- www.site.com/deface.html
- or
- www.site.com/shell.php
I have uploaded xd.html here so you can check http://www.schoolshopper.com.au/xd.html
comment here if you have any problem in this tut
some demo for Practice (maybe some websites patched its my old collection so... )
Post a Comment