"IMCE" <= Remote File Upload Vulnerability
In this vulnerability a Remote Attack can upload his deface page or sometimes even a Shell on the vulnerable website.
Google Dork : inurl:"/imce?dir=" intitle:"File Browser"
Vulnerable URL : http://www.anywebsite.com/imce?dir=
Use both Bing search and Google Search to get more vulnerable website. Select any website from the search result, Like in my case I choose http://www.vride.com/imce?dir=db_backups
Google Dork : inurl:"/imce?dir=" intitle:"File Browser"
Vulnerable URL : http://www.anywebsite.com/imce?dir=
Use both Bing search and Google Search to get more vulnerable website. Select any website from the search result, Like in my case I choose http://www.vride.com/imce?dir=db_backups
Click on "root" to change the current directory to root. Now look for the Upload option, In my case Upload option is present on the top left corner. Click on that. choose your deface Page and Click on Upload Button.
If the file has been uploaded successfully who will get the message that The File Has been uploaded.
Now under the File Name look for the file you uploaded. Like in my case I uploaded a fiile name test.htm <- When you will find your file double click on that to access it.
http://www.vride.com/sites/default/files/test.htm <- The File Which I Uploaded
Creadit Goes To Hacking Sec :)
0 comments:
Post a Comment