Interface Results editor is a New Bug in websites, it allow Hackers to edit pages remotly without any login, you can't upload .html .jpg and .php files in this vulnreblity but you can make your deface as Text !! if you want to upload .html and other files then read these posts
so lets start
go to bing.com and type this dork : "inurl:interface/Results/editor/detail.asp?"
or goto google.com and type this dork : "inurl:/Results/editor/detail.asp"
select any website from serach results with Results -- Home tittle
and see edit button on page
after clicking on edit you'll got editing option, edit and replace it with your message
for example see live example:
example :
edit option : http://www.youngblood.org.pk/medicinecompanies_interface/Results/editor/edit.asp
After Editing : http://www.youngblood.org.pk/medicinecompanies_interface/Results/editor/detail.asp?CID=12345
and after editing make a Mirror (webcache), because someone can chnage it with thier own name, if site is already registerd on mirror site then goto turk-h.org and make mirror there
No comments:
Post a Comment