10/14/2012 12:01:00 pm
ABHIJEET VISHEN
“Drupal IMCE Remote File Upload Vulnerability Mkdir”
Mkdir IMCE is a vulnerability that allows file uploads remotely (remote file upload) and is in the platform durpal.
generally you can upload files *. txt on websites, but some sites let you upload the files* . html . If you try to upload a shell try to upload files *. phtml .
generally you can upload files *. txt on websites, but some sites let you upload the files* . html . If you try to upload a shell try to upload files *. phtml .
Google Dork:
inurl: "/ IMCE? dir =" intitle: "File Browser"
-------------------- -------------------------------------------------- -------------
Domain : IMCE? dir =. 
Mkdir IMCE is a vulnerability that allows file uploads remotely (remote file upload) and is in the platform durpal.
generally you can upload files *. txt on websites, but some sites let you upload the files* . html . If you try to upload a shell try to upload files *. phtml .Google Dork:
inurl: "/ IMCE? dir =" intitle: "File Browser"
-------------------- -------------------------------------------------- -------------
Domain : IMCE? dir =.
STEPS
[+] The first thing to do is find a vulnerable site for uploading files using Google Dork
[V]> = http://www.anfaco.es/webs/Museo2.0/imce?dir.
[X]> = http://www.civic-forum.org/de/imce?dir.
Click on image to enlarge
[X]> = http://www.civic-forum.org/de/imce?dir.
————————————————————————————————————————————————————————–
[+] After finding the site with an upload, see if you can upload a file *. html or *. phtml
———— [Example:] ———— Click on image to enlarge
__ [+ +] First click on Upload ___ [+ +] then click on Select File ___ [+ +] select our file ___ [+ +] click to open then ___ [+ +] Upload And finally click again to file upload to our website.
[+] Once we got the file and we can go to him
Click on image to enlarge
————————————————————————————————————————————————————————–
Logically the file is uploaded in the folder that comes after the exploit. Example:
If you found a site that is vulnerable: www.ejemplo.com/hola/chau/ IMCE? dir =.
And in the lindex could see something like this: It means that your file will be uploaded from: www.ejemplo.com / hi / bye / sites / default / files / Here it is again: If you find yourself on page www.ejemplo.com/hola/chau/ IMCE? dir =. and upload a file called wasa.html , your file rise to www.ejemplo.com / hi / bye / sites / default / files / wasa.html But if you rather than upload it in “ / sites / default / files / ”you go and subis in the” languages ”, your file appear in www.ejemplo.com / hi / bye / sites / default / files / languages / wasa.html. , because languages / is inside the folder “ / sites / default / files / ”.
If you found a site that is vulnerable: www.ejemplo.com/hola/chau/ IMCE? dir =.
And in the lindex could see something like this: It means that your file will be uploaded from: www.ejemplo.com / hi / bye / sites / default / files / Here it is again: If you find yourself on page www.ejemplo.com/hola/chau/ IMCE? dir =. and upload a file called wasa.html , your file rise to www.ejemplo.com / hi / bye / sites / default / files / wasa.html But if you rather than upload it in “ / sites / default / files / ”you go and subis in the” languages ”, your file appear in www.ejemplo.com / hi / bye / sites / default / files / languages / wasa.html. , because languages / is inside the folder “ / sites / default / files / ”.
This can serve to:
[+] Save Image
[+] Save information
[+] Delete Data (Above all the delete option usually appears)
[+] Upload shell
[+] Get Data
[+] Save Image
[+] Save information
[+] Delete Data (Above all the delete option usually appears)
[+] Upload shell
[+] Get Data
Defacements made using this vulnerability:-
[1]= Domain
[2] = Domain + Exploit
[2] = Domain + Exploit
————————————————————–
http://www.climateinvestmentfunds.org
…/cifnet/imce?dir=fivestar
http://www.climateinvestmentfunds.org/cifnet/sites/default/files/fivestar/basic/THC.html
—————————————————————
http://cycleandwalking.org/
…/imce?dir=gallery_assist/1/gallery_assist293
http://cycleandwalking.org/sites/default/files/gallery_assist/1/gallery_assist293/THC.html
————————————————————–
http://www.la-gerbille.net
http://www.la-gerbille.net/imce?dir=artykul
http://www.la-gerbille.net/sites/default/files/artykul/THC.html
————————————————————–
http://www.arcireal.com
…/imce?dir=imagecache/604
http://www.arcireal.com/sites/real.sitetest.it/files/imagecache/604/THC.html
————————————————————–
http://www.anfaco.es
…/webs/Museo2.0/imce?dir=.
http://www.anfaco.es/webs/Museo2.0/sites/default/files/THC.html
————————————————————–
http://www.travelagentcentral.com
…/imce?dir=.
http://www.travelagentcentral.com/files/travelagent/THC.html
————————————————————–
https://stp.abes.fr
…/imce?dir=.
https://stp.abes.fr/sites/stp.abes.fr/files/THC.html
————————————————————–
http://priora-wtcc.ru
…/imce?dir=u3
http://priora-wtcc.ru/sites/default/files/upload/u3/THC.html
————————————————————–
http://labourlakesandfurness.co.uk
…/imce?dir=.
http://labourlakesandfurness.co.uk/sites/labourlakesandfurness.co.uk/files/THC.html
Posted in: HACKING
0 comments:
Post a Comment