Monday, 28 September 2015

"jsp Webfolder Managment" A new shell and Deface upload exploit

Posted by   on

"jFoler, jsp Webfolder Managment" A new shell and Deface upload exploit

zac+efron+2012.jpg (371×230)
so i'm back with a new exploit
its a new remote file upload vulnerability, you can upload your deface page, files and shells on websites, without gaining Admin acess 
mostly vulnerable websites for this attacks belongs to China and Tiwan (.cn and .tw)
Dork www.topronet.com ,All Rights Reserved.Any question, please email me cqq1978@Gmail.com
and 
JFoler 1.0 A jsp based web folder management tool by Steven Cee
(its not a Particular dork, please try to modify it and if you sucessfull modified then leave new dork in comment)
Just select any site from search results and now upload your deface page or shell
shell upload : for shell uploading rename your asp shell (shell.asp) to shell.jsp then upload it, you can try .php too, every Extension is allowed but in some sites you can't excute php and asp shell
Path : depends on website
to View your upload file just goto http://www.site.com/yourfilehere
Live Demo :
http://www.coalworld.net/detail/09/10/30/00000006/berk.jsp
http://jangbiya.com/img/upload/jsp.jsp
http://www.shnotary.gov.cn/notarial/UserFiles/Vote/MMYB1330972040320.jsp
http://www.zzb.ks.gov.cn/images/ycjy-yh.gif.jsp
http://www.zjdx.gov.cn/uploads/upload_20091128_162444_fcktemplates.jsp
Resultshttp://www.coalworld.net/backlinks.html

1 comment:
Write comments
  1. This comment has been removed by a blog administrator.

    ReplyDelete

Get Updates about Latest Hacks, Exploits, Applications and Softwares. http://www.devilscafe.in/
Join Our Newsletter