- Back to Home »
- Deface Shell and Image Upload Vulnerability
Posted by : dudi
Thursday, April 26, 2018
Deface Shell and Image Upload Vulnerability
This vulnerability can be used to upload your deface,shell or image on a website.
Google Dorks:inurl:"default_image.asp"
inurl:"default_imagen.asp"
inurl:"/box_image.htm"
You will get tons of website there. Select any website of your choice, you will get a upload option. Choose your deface, shell or image and click on upload. After the uploading process completes. In the box where all uploaded files are listed, search for the name of your uploaded file. Click on select, under the box you will get the URL of your uploaded file. Add it after the URL of the website (Remember to remove the extra stuff in the URL)
Demo:
http://jungibid.net/cgi/editor/include/box_image.htm
http://jungibid.net/cgi/upload_img/Hacked%20ICH%20ALMAS.html