Monday, 28 September 2015

"Testing Image collection" shell and files upload vulnrablity

"Testing Image collection" shell and files upload vulnrablity

Dorks : inurl:"modules/filemanagermodule/actions/?picker.php??id=0"
           intitle:"Testing Image Collections"
Goto Google or Bing and Type Dork  inurl:"modules/filemanagermodule/actions/?picker.php??id=0" or intitle:"Testing Image Collections" 
now see search results in google or bing search ..
select any site from search results and look for upload option 
here is demo of upload button : 
image_2326254.original.jpg (374×39)
Now select your shell or deface page and upload it
To view your upload shell or deface go to:
http://website.com/files/yourfilehere  or
http://websites.com/path/yourfilehere
Live Demo :
http://www.bantamorloff.co.uk/modules/filemanagermodule/actions/picker.php?id=&highlight_file=472
result :  http://www.bantamorloff.co.uk/files/backlinks.html
other live examples : 

http://www.admiralfc.co.uk/modules/filemanagermodule/actions/picker.php?id=0 
http://www.dogandduckfc.com/newsite/modules/filemanagermodule/actions/picker.php?id=0 
*UPDATE : Demo sites are patched now Find a new target >:D<

4 comments:
Write comments
  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. This comment has been removed by a blog administrator.

    ReplyDelete
  3. This comment has been removed by a blog administrator.

    ReplyDelete
  4. This comment has been removed by a blog administrator.

    ReplyDelete

Get Updates about Latest Hacks, Exploits, Applications and Softwares. http://www.devilscafe.in/
Join Our Newsletter