Remote attack with "PORTAIL DOKEOS 1.8.5" Deface and Shell Upload vulnerability

Portail Dokeos vulnerability is a Kind of FCK editor remote file upload vulnerability in this vulnerability hacker can upload a shell. Deface page or any file on website without admin username and password






Google Dork : "Portail Dokeos 1.8.5"(copy and paste the text in red without quotes into Google search box)

Now Google gives you a list of websites vulnerable to this attack. What you have to do now is to select any of those website and you see a page like this

CLICK ON IMAGE TO EXPAND

Now change the file uploaded option from asp to PHP like FCK editor and Upload you deface shell or file, You can upload, .html .php .jpg .txt formats.
To view your uploaded file go here : http://website/patch/main/upload/your file here

LIVE DEMO: http://foad.ina.fr/main/upload/index_8.html

Some other websites For practice:

http://my.eurasiam.com/main/inc/lib/fcke.../test.html
http://el.technifutur.be/main/inc/lib/fc.../test.html
http://www.formation.megalodon.fr/main/i.../test.html
http://www.pharmconseil-elearning.com/ma.../test.html
http://pro.accru.info/main/inc/lib/fcked.../test.html
http://www.formation-microkine.fr/main/i.../test.html
http://foad.ina.fr/main/inc/lib/fckedito.../test.html
http://campus.technifutur.be/main/inc/li.../test.html
http://www.fpafoad22.fr/main/inc/lib/fck.../test.html
http://www.ecoleprimaireenligne.fr/main/.../test.html

Thanks For Making This Possible! Kindly Bookmark and Share it.