Sunday, 19 January 2014

Drupal IMCE : Remote File Upload Vulnerability




Finding Vulnerable Target

Dork : inurl:"/imce?dir=" intitle:"File Browser"

1- Copy and paste this dork on google

2- Choose any site


Exploiting Target

1- Once you have click the site, click on any folder to upload your file.

2- Click upload, and browse for your file.

3- Files that are allowed are . gif , .png , .jpeg , .jpg , .doc , .pdf 

4- Click Upload

5- To view your file, click on your uploaded file.

Live Demo: