Some of sites have file upload option. You can use this vulnerability and upload your deface and shell. Let's see about this vulnerability.
Google Dork : "intext:File Upload by Encodable"
First open google.com and put intext:File Upload by Encodable in search box. You have got so many result. But all are not our vulnerable sites. You must select sites which have a title Upload a File. Open a site and you can see a upload form in the site. Give any description. You may give email address like admin@microsoft.com or leader@nasa.gov
Now choose your file and upload it.. Lolz our work already finish. After upload you need to find the link. For find the link you may try this url
Google Dork : "intext:File Upload by Encodable"
First open google.com and put intext:File Upload by Encodable in search box. You have got so many result. But all are not our vulnerable sites. You must select sites which have a title Upload a File. Open a site and you can see a upload form in the site. Give any description. You may give email address like admin@microsoft.com or leader@nasa.gov
Now choose your file and upload it.. Lolz our work already finish. After upload you need to find the link. For find the link you may try this url
/upload/files/
or /upload/userfiles/
Live Demo:
Uploaded File:
you are aware this link does not work right?
ReplyDeleteok demo isn't working.. but you can follow the instraction..
ReplyDeleteMate, Does this bug allow attacker to upload shells?
ReplyDeleteHey can you send me the xd.html ... please ?
ReplyDeletegive me your email address.