J2TEAM Security: A must-have extension for Chrome users. Install now!

HTML Editor File Upload Exploit

HTML Editor File Upload Exploit | Juno_okyo's Blog
This is a exploit which can be used to upload .JPG and .TXT on the website
Dork:
inurl:/HTMLEditor/editor/
"inurl:/HTMLEditor/editor//filemanager/"
"inurl:/HTMLEditor/editor//filemanager//connectors/"

Use any one above mentioned dork.
Vulnerable URL:
http://website/HTMLEditor/editor/filemanager/connectors/uploadtest.html
http://website/path/HTMLEditor/editor/filemanager/connectors/uploadtest.html
Now under:
Select the "File Uploader" to use
Change the type to PHP.
Choose your file.
Click on Send it to the Server to upload your file.
If uploaded sucessfully, you will get a message saying "File uploaded
without any error" After the uploading process. In the right hand side
see the Uploaded File URL. From there see your uploded file :D

Demo website:
http://www.gofastrchobbies.com/imagesupload/cms_files/Hacking%20Exposed.png
Leader at J2TEAM. Website: https://j2team.dev/

Đăng nhận xét

Cảm ơn bạn đã đọc bài viết!

- Bạn có gợi ý hoặc bình luận xin chia sẻ bên dưới.

- Hãy viết tiếng Việt có dấu nếu có thể!