how to upload deface remotly
this method also known as open cart opencart cms (web shop) exploit, its a old vunerablity but many pepoles don't know this ... so i'm publishing here a tutorial here


1- open google.com and enter dork:




inurl:admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
or


nurl:powered by opencart
you'll got a lot of websites by google, select anyone ... for example i got this one
school shopper home page
then i'll will simply add the vuln url after the website


example
fckeditor - connectors tests


(the path may be chnaged in other website , examplesite.com/abc/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html)


now a page will be open like this


http://4.bp.blogspot.com/-lidwgvnv1v...4/s640/wp1.bmp


now see the connector option which is on top left side on page, change the connector into php (see the image below)


http://2.bp.blogspot.com/-jd7gm3nbpd...y/s400/wp2.bmp


and now see file upload option and upload your deface or shell
and for checking shell or deface check this url
www.site.com/deface.html
or
www.site.com/shell.php