Thứ Bảy, 1 tháng 12, 2012

"Testing Image collection" shell and files upload vulnrablity

Dorks : inurl:"modules/filemanagermodule/actions/?picker.php??id=0"
           intitle:"Testing Image Collections"


Goto Google or Bing and Type Dork  inurl:"modules/filemanagermodule/actions/?picker.php??id=0" or intitle:"Testing Image Collections"
now see search results in google or bing search ..
select any site from search results and look for upload option

Now select your shell or deface page and upload it

To view your upload shell or deface go to:
http://website.com/files/yourfilehere  or
http://websites.com/path/yourfilehere

Example -
http://www.dogandduckfc.com/newsite/modules/filemanagermodule/actions/picker.php?id=0

Nguồn: http://junookyo.blogspot.com/2012/12/testing-image-collection-shell-and.html

Không có nhận xét nào: