This Method also Known as Open Cart OpenCart CMS (Web shop) Exploit, Its a old Vunerablity but many pepoles don't know this 1- open Google.com and enter Dork:
- Code:
-
inurl:admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
or
- Code:
-
nurl:Powered By OpenCart
You'll Got a lot of websites by google, select anyone ... For Example i got this one
[You must be registered and logged in to see this link.]Then i'll will simply add the vuln URL after the website
Ex:
- Code:
-
http://www.schoolshopper.com.au/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
(The path May be chnaged in other Website , Example
site.com/abc/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html)
Now a Page will be open Like This:
[You must be registered and logged in to see this image.]Now See The connector option which is on top left side on page, Change The Connector into PHP (see the Image below)
[You must be registered and logged in to see this image.]and Now see file upload option and upload your deface or shell
and for checking shell or deface check this url
[You must be registered and logged in to see this link.] or
[You must be registered and logged in to see this link.]Enjoy Hacking!
