Bug : File Upload Vulnerablity
Author : Minhal Mehdi
Tested on : windows Linux & Mac
Catagory : Web application
Hi Guys, Happy valentine week to all, i'm Back on devils cafe with a New File Upload vulnerability
Google Dork : powered by Kleeja >>> the best uploader ... >> Bugs | Plugins | Styles |
Lets Start : Go to Google or Bing and type this Dork
powered by Kleeja >>> the best uploader ... >> Bugs | Plugins | Styles |
you'll see lot of websites in serach results.. I got About 3,100 results in Google serach
in Google Serach results Look For website with /styles/default/ url
now goto That website and Then Goto Home Page on that website
now select your file and Upload
Don't Forget to Check i'm agree with T&C button (its in arbic but you can understand, seethe image given Below)
in Most websites you can Upload images and Txt files only but some unPatched sites allow you to Uploading html files too, you'll see uploaded file URL after Uploding
Take a Full screenshot of your deface Page and Crop it, nd upload it here
it will looks like html deface Page
Live demo : http://up.akonami.info/
Result : http://up.akonami.info/do.php?thmb=817
No comments:
Post a Comment