Drupal imce - File Upload Vulnerability ~ COMPUTER KORNER

Drupal imce - File Upload Vulnerability

Saturday, July 07, 2012

By I.D.A

hacking, How To Hack a website, how to hack website, how to upload shell by Drupal imce - File Upload Vulnerability

Hello Everyone!! Today i'll tell you about Drupal IMCE File Upload Vulnerability.
So now lets begin:-

First find some vulnerable sites by using Google Dork: inurl:"/imce?dir="
The vulnerable site will look something like this
After that, click on upload button.
Then upload your file, but you can only upload limited types of file. For example: .txt, .html.
.php files are not allowed.
After uploading your file, it may looked something like this
You can see in the image, that I have upload web_ruler_0.txt.
To access your file, double click on your uploaded file, then your file name will shown at the downer side of your right hand side, in the window.
Now have successfully done!!
Ch33R$

Note:-This is only for educational purpose. We are not responsible for any harm or illegal activity done by you.

Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!

3 comments:

AnonymousJuly 17, 2012 at 5:32 PM
i think php shells can be uploaded and executed by this
ReplyDelete
Replies
UnknownJuly 17, 2012 at 6:53 PM
When there is an uploader, working fine in a web page.. some sorts of files are allowed to be uploaded. The above is a random pick of one such web-site, which did not allow "php" and this vulnerability most of the time dsnt allow php or asp files. if its a client side restrcition, this can be evaded by tampering data :)
ReplyDelete
Replies
I.D.AJuly 19, 2012 at 1:11 AM
@Anonymous try uploading shell as shell.php;.phtml if that executed then well and gud if dosent then find another. whole thing depends on server :P
ReplyDelete
Replies

Subscribe to: Post Comments (Atom)