Skip to main content

"File Manager" Remote Shell and Deface Upload Vulnerability.

Following is the vulnerability to remotly upload your shell or deface on a vulnerable website.

Google Dorks:
inurl:/filemanager/userfiles/ filetype:pdf
Vulnerable URL:
Now, google the dork and select any website from the search result.
When you will select any website, the URL will be as
Now delete the text after filemanager. Now after deleteing the text URL will be
You will get a upload option, upload your shell or deface there.
Your will will be uploaded in Userfiles directory. z
To view your shell visit the below mentioned URLs: