Monday, March 12, 2012

"Testing Image collection" shell and files upload vulnewrablity

Dorks : inurl:"modules/filemanagermodule/actions/?picker.php??id=0"
            intitle:"Testing Image Collections"
Goto Google or Bing and Type Dork  inurl:"modules/filemanagermodule/actions/?picker.php??id=0" or intitle:"Testing Image Collections"
now see search results in google or bing search ..
select any site from search results and look for upload option
here is demo of upload button :

Now select your shell or deface page and upload it
To view your upload shell or deface go to:  or
Live Demo :
result :
other live examples :
*UPDATE : Demo sites are patched now Find a new target >:D<

No comments:

Post a Comment