Wednesday, May 18, 2016

"file viewer" remote File upload vulnerability

"file viewer" is just another remote file upload vulnerability, it allows you to upload .html .txt and .jpg files,
for shell uploading try .p.jpg or p shell uploading with extention changing [ Tamper data or Live Http hders]

Dork : "file viewer for uploader"
and "File viewer for Uploader (c) 2003 by Dirk Paehl"Goto Google or any other srch engine and type the dork ""file viewer for uploader" now select site from there, vulnerable website's title will be something like "File viewer for Uploader"
after clicking on site you'll get site url like this :
now replace view.p with upload.p and you'll get upload options there !
in some sites it will ask for Name n
default for these websites is Admin

Name = Admin

= admin

now select your files and upload !
to view your uploaded files goto the 1st view.p and check files's directory there, now click on your file !

Live Demo :
uploader :
Result :

No comments:

Post a Comment