Monday, March 12, 2012

Website defacing with interface Results editor

Interface Results editor is a New Bug in websites, it allow Hackers to edit pages remotly without any login, you can't upload .html .jpg and .php files in this vulnreblity but you can make your deface as Text !! if you want to upload .html and other files then read these posts
so lets start
go to and type this dork : "inurl:interface/Results/editor/detail.asp?"
or goto and type this dork : "inurl:/Results/editor/detail.asp"

select any website from serach results with Results -- Home tittle
and see edit button on page
after clicking on edit you'll got editing option, edit and replace it with your message
for example see live example:
example :
edit option :
After Editing :

and after editing make a Mirror (webcache), because someone can chnage it with thier own name, if site is already registerd on mirror site then goto and make mirror there

No comments:

Post a Comment