1 2 | http://target.com/FCKeditor/editor/filemanager/upload/test.html http://target.com/FCKeditor/editor/filemanager/browser/default/connectors/test.html |
via this script, you can find common uploader that is using in [FCKeditors]
I tried to collect all of the paths that are important and most use! and I write this script to find them, even restricted access to them.
Download script
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 | import urllib2 import socket import cookielib import sys import re import os socket.setdefaulttimeout(10) if sys.platform == 'linux' or sys.platform == 'linux2': clearing = 'clear' else: clearing = 'cls' os.system(clearing) if len(sys.argv) <= 1: print "\n|----------------------------------------------|" print "| - FCKeditor Finder - |" print "| Usage: FCKditorFinder.py sites_list.txt |" print "| https://nezami.me |" print "|----------------------------------------------|\n" sys.exit(1) dirs=['fckeditor','FCKeditor','include/fckeditor','includes/fckeditor','admin/fckeditor','fck/fckeditor','fck3ditor/fckeditor','editor/fckeditor','filemanager/fckeditor','plugins/fckeditor','FCKeditor/fckeditor''TVS/FCKeditor','forum/fckeditor','forums/fckeditor','home/fckeditor','shcsAdmin/fckeditor','wspro/html/js/editor/fckeditor/','html/js/editor/fckeditor/','scripts/ajax/FCKeditor/','CFIDE/scripts/ajax/FCKeditor/','CMSAdminControls/FCKeditor/','mambots/editors/fckeditor/','webspace/html/js/editor/fckeditor/','resources/fckeditor/','jphoto/fckeditor/','sysadmin/utils/FCKeditor/','templates/fckeditor/','fcnews/fckeditor/','js/fckeditor/','/sites/all/modules/fckeditor/','admin/classes/components/formattedTextArea/fckeditor/','admin/panel/fckeditor/','cfscripts/ajax/FCKeditor/','ECP/fsboard/fckeditor/','sadmin/FCKeditor/','index/class/xoopseditor/fckeditor/','arti/outils/fckeditor/','Common/Scripts/fckeditor','jmcmurra/generators/inc/fckeditor','admin/view/javascript/fckeditor','editors/FCKeditor/','ModernDeckDepot/fckeditor','otkup_test/fckeditor/','shop/assets/js/fckeditor/','webshop//portal/templates/fckeditor/','new/aset/js/fckeditor/','siebenkorn/script/FCKeditor','assetmanager/HTMLEditor/''portal/handlers/tiny_mce/','fa/handlers/tiny_mce/','handlers/tiny_mce/','plugins/tiny_mce/','zp-core/plugins/tiny_mce/','wp-content/plugins/asset-manager/','plugins/asset-manager/'] try: f=open(sys.argv[1],'r') for line in f.readlines(): line = line.rstrip() for subdir in dirs: site="%s/%s" %(line,subdir) print site hdr = {'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; rv:18.0) Gecko/20100101 Firefox/18.0','Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8','Accept-Language': 'en-US,en;q=0.5','Accept-Encoding': 'gzip, deflate','Connection': 'keep-alive'} req = urllib2.Request(site, headers=hdr) guery=['403 - Forbidden: Access is denied.','Directory Listing Denied', 'Parent Directory','Forbidden','Index of /','Directory Listing For'] try: page=urllib2.urlopen(req) content= page.fp.read() for eMSG in guery: if re.search(eMSG,content): print "OK >>>"+site f=open("fckeditor.txt","a") f.write(site+"\n") except urllib2.HTTPError, e: page=e.fp.read() for eMSG in guery: if re.search(eMSG, page): print "OK >>>"+site f=open("fckeditor.txt","a") f.write(site+"\n") except urllib2.URLError: print "Time Out\nTry To Another..." except ValueError: print "Please Input valid URL" except socket.timeout: print "Time Out" except IOError: print "Please Input Correct File Name" sys.exit(1) except KeyboardInterrupt: print "You pressed Ctrl+C" pass |
No comments:
Post a Comment