Editor Picks

Welcome to ABHIJEET VISHEN's Blogger Register YourSelf For Ethical Hacking Classes To Be an Expert & Win Prizes"    Register Your Self to Learn Ethical Hacking,Hardware & Networking,HTML,DOT NET,PHP

Monday, 18 June 2012

” Image Uploader” Shell Upload Vulnrability


” Image Uploader” Shell Upload Vulnrability

“CMS admin Image Uploader” Shell Upload Vulnerability

 

Google dorks
inurl:”default_image.asp”
inurl:”default_imagen.asp”
inurl:”/box_image.htm”
You’ll got a upload option after clicking on link that you got in google serach results
Now select your deface, or shell and upload it =)
supported foramts : shell.asp;.jpg, shell.php;.jpg, .gif, .jpg, .png, .pdf, .zip .html .php
You can use Tamper data too…
Live demo : 
https://www.thinkheartland.com/CMS/admin/default_Image.asp
https://www.thinkheartland.com/CMS/admin/images/backlinks.html
http://www.dautphetal.de/edit/default_asset.asp

0 comments:

Post a Comment