Hello Friends Chinmoy Here And Today I Am Going To Teach U A New Website Hacking vulnerability i.e "file viewer" remote File upload
_________________________________
Founded By :- Bl4ck - E4gl3
Difficulty :- Easy
________________________________
"file viewer" is just another remote file upload vulnerability, it allows you to upload .html .txt and .jpg files,
for shell uploading try .php.jpg or php shell uploading with extention changing [ Tamper data or Live Http headers]
Dork : "file viewer for uploader"
and "File viewer for Uploader (c) 2003 by Dirk Paehl"Goto Google or any other search engine and type the dork ""file viewer for uploader" now select site from there, vulnerable website's title will be something like "File viewer for Uploader"
after clicking on site you'll get site url like this :
http://www.site.com/view.php
or http://www.site.com/directory/view.php
now replace view.php with upload.php and you'll get upload options there !
in some sites it will ask for Name n Password
default password for these websites is Admin
to view your uploaded files goto the 1st view.php and check files's directory there, now click on your file !
Live Demo :
uploader : http://www.ldcc.net.au/upload.php
Demo : http://www.ldcc.net.au/uploaden/just%201%20tut.html
_________________________________
Founded By :- Bl4ck - E4gl3
Difficulty :- Easy
________________________________
"file viewer" is just another remote file upload vulnerability, it allows you to upload .html .txt and .jpg files,
for shell uploading try .php.jpg or php shell uploading with extention changing [ Tamper data or Live Http headers]
Dork : "file viewer for uploader"
and "File viewer for Uploader (c) 2003 by Dirk Paehl"Goto Google or any other search engine and type the dork ""file viewer for uploader" now select site from there, vulnerable website's title will be something like "File viewer for Uploader"
after clicking on site you'll get site url like this :
http://www.site.com/view.php
or http://www.site.com/directory/view.php
now replace view.php with upload.php and you'll get upload options there !
in some sites it will ask for Name n Password
default password for these websites is Admin
Name = Adminnow select your files and upload !
Password= admin
to view your uploaded files goto the 1st view.php and check files's directory there, now click on your file !
Live Demo :
uploader : http://www.ldcc.net.au/upload.php
Demo : http://www.ldcc.net.au/uploaden/just%201%20tut.html
No comments:
Post a Comment