Monday, 14 April 2014

Website Hacking Using The OpenCart Vulnerability.

OpenCart vulnerability


Hey guys,today after many day i am going to share some information on website hacking.I have performed this hack as a test locally on my website and it was 100% successful.All you need to do is to perform the below steps properly and inject your shells in the website which will do work for yours.

Steps for hacking website using OpenCart Vulnerability:

  1. Open Google and search this dork "Index of /fckeditor/editor/filemanager/connectors/" in google search,a new page will load showing the result which will contain list many website.Select anyone website you want.
  2. Open the select website which you want to hack.You will find a folder name "connector".Open that folder(if connector folder is not there,don't panic,stay calm and open the "test.html" file).Once you have open the connector folder,you will find a file with name "test.html",open that file.
  3. At top left corner you will find "connector,current folder and resource type".Change the "connector" from "ASP.net" to "PHP" and select the directory where you want to upload your shell,default directory is "root",you can change it from the field Current Folder by replacing "/" with the directory you want.Then select the resource file which by default is "files".You can change it to what ever you want(image,flash,media,invalid type,files).
  4. Now all you need to do is select the file you want to upload,for that click on choose file,browse to the file you want to upload,select it and click ok,then click on upload,Your file will be uploaded to the directory of the website.
  5. If it does not allow you to upload the "PHP" file,try uploading it your deface in html.Still same happens,then try uploading it as a image or a special kind of extension with some special shells.

NOTE:

If none of your scripts or shells work,then it means that either your shells or scripts are not powerful or the target is not vulnerable at all.But in most of cases the targets are always vulnerable but the shells and scripts are not that powerful.So make strong and powerful scripts and then try.Always use proxy(proxy chains) or vpn before doing such type of work for your safety :).

For more information,join our Nerd Programmer Facebook Group.

PLEASE DON'T FORGET TO SHARE THIS INFORMATION WITH YOUR FRIENDS.

    NOTE:ABOVE INFORMATION IS FOR EDUCATION AND SECURITY PURPOSE ONLY.IF YOU MISUSE OR MISTREAT THE ABOVE INFORMATION,THEN IT CAN BRING UNLAWFUL CHARGES BY THE PERSON ON WHOM YOU USED THIS TRICK.THE AUTHOR WILL NOT BE RESPONSIBLE IN THE EVENT ANY UNLAWFUL CHARGES ARE BROUGHT TO YOU BY ANY INDIVIDUALS BY MISUSING THE ABOVE INFORMATION.WE WON'T TAKE RESPONSIBILITY FOR ANY OF YOUR ACTION RELATED TO ABOVE INFORMATION.

Protected by Copyscape DMCA Takedown Notice Checker

0 comments:

 

Subscribe to our Newsletter

Contact our Support

Email us: nerdprogrammergm@gmail.com

Our Team Memebers