This is a exploit which can be used to upload .JPG and .TXT on the website
Dork:
http://www.gofastrchobbies.com/imagesupload/cms_files/Hacking%20Exposed.png
Dork:
inurl:/HTMLEditor/editor/
"inurl:/HTMLEditor/editor//filemanager/"
"inurl:/HTMLEditor/editor//filemanager//connectors/"
Vulnerable URL:
Now under:http://website/HTMLEditor/editor/filemanager/connectors/uploadtest.html
http://website/path/HTMLEditor/editor/filemanager/connectors/uploadtest.html
Select the "File Uploader" to use Change the type to PHP. Choose your file. Click on Send it to the Server to upload your file. If uploaded sucessfully, you will get a message saying "File uploaded without any error" After the uploading process. In the right hand side see the Uploaded File URL. From there see your uploded file :D Demo website: |