Portail Dokeos Vulnerability is a Kind of FCK Editor Remote file upload Vulnerability..
In this Vulnerability Hacker can upload a shell. deface page or any file on website without admin username and password...
STEPS:
In this Vulnerability Hacker can upload a shell. deface page or any file on website without admin username and password...
STEPS:
1) Go to Google and enter any of the following dork:
"Portail Dokeos 1.8.5"
"inurl:dokeos/index.php?language="
2) Open any site and change the url after site.com to the Exploitable target..:"inurl:dokeos/index.php?language="
Exploit: "http://website.com/path/main/inc/lib/fckeditor/editor/filemanager/upload/test.html"
3) Now change ASP into PHP like FCK editor and Upload you deface shell or file, You can upload, .html .php .jpg .txt formats here..Then you will get the URL of your file in the "Uploaded File URL:" textbox...
3) Now change ASP into PHP like FCK editor and Upload you deface shell or file, You can upload, .html .php .jpg .txt formats here..Then you will get the URL of your file in the "Uploaded File URL:" textbox...
ENJOY
THANKS 4 VISITING OUR BLOG!
(o)
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDelete