” Image Uploader” Shell Upload Vulnrability
“CMS admin Image Uploader” Shell Upload Vulnerability
Google dorks
inurl:”default_image.asp”
inurl:”default_imagen.asp”
inurl:”/box_image.htm”
You’ll got a upload option after clicking on link that you got in google serach results
Now select your deface, or shell and upload it =)
supported foramts : shell.asp;.jpg, shell.php;.jpg, .gif, .jpg, .png, .pdf, .zip .html .php
You can use Tamper data too…
Live demo :
https://www.thinkheartland.com/CMS/admin/default_Image.asp
https://www.thinkheartland.com/CMS/admin/images/backlinks.html
http://www.dautphetal.de/edit/default_asset.asp
0 comments:
Post a Comment