Skip to main content

Posts

Showing posts with the label Vulnerability

IMCE Mkdir remote deface,upload & exploits

What is IMCE Mkdir ? IMCE Mkdir is a remote file upload vulnerability on drupal platform, normally you can upload .txt, .png , .jpg and .gif extensions on websites but some sites allows you to upload .html files , if you want to upload shell on website then try in .phtml extension . Google Dork inurl:"/imce?dir=" intitle:"File Browser" Exploit http://website.com/imce?dir= Shell Access http://website.com/files/yourfilehere* ----or----- http://www.website.com/abc/files/abc/yourfilehere* * Change the website name with your vulnerable website and abc with directory Step 1 : First of all find a vulnerable website using google dork stated above . Step 2: After opening site go to http://website.com/imce?dir= and find upload option there . Example :   http://www.somaly.org/imce?dir= Step 3 : Now Upload your file which must be in either of the format : .jpg , .gif , .png , .html , .phtml , .pdf etc. Step 4 : To access your shell/...