Webwiz rich text editor HTML code is carried in the open after they are sent charCode due functioning of the page .
STEPS:
1) Goto google and type in any of these dorks:
- inurl:rte/my_documents/my_files
- inurl:/my_documents/my_files/
2) Open any site and replace everything after "http://site.com/" with the following exploit then press enter:
- rte/RTE_popup_file_atch.asp
3) Now the site's url will look like "site.com/rte/RTE_popup_file_atch.asp "
4) Now you will be redirected here:
5) Now you can upload your shell or directly upload your deface page :)
6) Now when you click upload you will get the file URL in the "FILE URL" textbox...
ENJOY
THANKS 4 VISITING OUR WEBSITE!
THANKS 4 VISITING OUR WEBSITE!
Tags
Website Hacking
I just came across your blog and wanted to drop you a note telling you how impressed I was with the information you have posted here
Thanks
Susanne Green
medical assistant