Remote File Inclusion/Upload Vulnerability On RTE Webwiz

We already discussed about "Remote File Inclusion/Upload Vulnerability on phUploader" in previous post, Today we are going to discuss about Remote File Inclusion/Upload Vulnerability On RTE Webwiz.

Web Wiz Rich Text Editor (RTE) is a free WYSIWYG HTML RTE that replaces standard text areas with an advanced Word-style HTML area.
Using this tool you can change any text area on your site into an HTML area with real-time WYSIWYG formatting. Useful for many purposes from basic submission forms to advanced CMS (Customer Management Systems).
(Click on the image to view in full size)

Steps :
1. Go to Google and Enter anyone of dork from below :
2. Select any website from search result, Exploit site looks like below link
                         http:// {}/rte/RTE_popup_file_atch.asp
                         http:// {}/admin/RTE_popup_file_atch.asp
3. Now you will see a screen like above image,In that you can upload your file
4. You can see your file link after upload link.
5. Done!! "

Example: le_atch.asp

Hacked Site: min/rte/my_documents/my_files/5Z2_lodge4hacker.html

!! Thank You !!