In this vulnerability a Remote Attack can upload his deface page or sometimes even a Shell on the vulnerable website.
Google Dork : inurl:"/imce?dir=" intitle:"File Browser"
Vulnerable URL : http://www.anywebsite.com/imce?dir=
Use both Bing search and Google Search to get more vulnerable website. Select any website from the search result, Like in my case I choose http://www.vride.com/imce?dir=db_backups
Google Dork : inurl:"/imce?dir=" intitle:"File Browser"
Vulnerable URL : http://www.anywebsite.com/imce?dir=
Use both Bing search and Google Search to get more vulnerable website. Select any website from the search result, Like in my case I choose http://www.vride.com/imce?dir=db_backups
Click on "root" to change the current directory to root. Now look for the Upload option, In my case Upload option is present on the top left corner. Click on that. choose your deface Page and Click on Upload Button.
If the file has been uploaded successfully who will get the message that The File Has been uploaded.
Now under the File Name look for the file you uploaded. Like in my case I uploaded a fiile name test.htm <- When you will find your file double click on that to access it.
http://www.vride.com/sites/default/files/test.htm <- The File Which I Uploaded
[~]Dem0 :
http://www.arcireal.com/imce?dir=
http://www.la-gerbille.net/imce?dir=
http://ciam.inra.fr/biosp/imce?dir=
Great Information sharing.I am very happy to read this article .. thanks for giving us go through info. Fantastic nice. I appreciate this post HostGator Black Friday & Cyber Monday Sale 2020
ReplyDelete