Showing posts with label how to hack website. Show all posts

Drupal imce - File Upload Vulnerability

Saturday, July 07, 2012 By I.D.A , , , 3 comments
Hello Everyone!! Today i'll tell you about Drupal IMCE File Upload Vulnerability.
So now lets begin:-

  • First find some vulnerable sites by using Google Dork: inurl:"/imce?dir=" 
  • The vulnerable site will look something like this

  • After that, click on upload button.

  • Then upload your file, but you can only upload limited types of file. For example: .txt, .html.
    .php files are not allowed.
  • After uploading your file, it may looked something like this

  • You can see in the image, that I have upload web_ruler_0.txt.
  • To access your file, double click on your uploaded file, then  your file name will shown at the downer side of your right hand side, in the window.

  • Now have successfully done!!
    Ch33R$
Note:-This is only for educational purpose. We are not responsible for any harm or illegal activity done by you.

Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!


 Read more

Wordpress tdo mini - File Upload Vulnerability

Tuesday, July 03, 2012 By I.D.A , , 0 comments
Today i'll tell you one more file upload vulnerability of Wordpress. This vulnerability occurs in tdo Mini plugin of Wordpress.
So now lets begin.
  • First find some vulnerable sites by using Google Dorks inurl:”plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1" 
  • After getting a vulnerable site, upload your file. It would look something like this

  • To access your uploaded file change the url from http://www.example.com/wp-content/plugins/tdo-mini-forms/tdomf-upload-inline.php to http://www.example.com/wp-content/uploads/tdomf/tmp/1/
  • If the site is vulnerable, then it will open something like this


  • These are the ip addresses, to access your uploaded file click on your ip address. After that it will show your uploaded file like this


  • Boom !! Now you are successfully done. And you can also upload shell by changing the extension of the shell from shell.php to shell.php;.jpg.


Note:- This is only for educational purpose, and we are not responsible for any harm and illegal activity done by you.
Ch33R$

Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!

 Read more
Subscribe to: Posts (Atom)