]
03-01-2022, 11:37 AM
Here are some of techniques to find vulnerable file upload functionalities where shell could be uploaded. This are techniques which were posted on different forums. Some of them works while some are outdates. However, you can give it a try.
OpenCart vulnerability
===============================================================
Steps:
1) Use this google Dork: Index of /fckeditor/editor/filemanager/connectors/
2)Now open a site that shows files and folders. Navigate to connectors if it's not there already and press the file test.html
3) Now, change the settings from ASP to PHP, select where your file will be uploaded (default is root), browse your shell and press upload. Now you have a shell uploaded!
4) If it doesn't let you upload php, upload your deface in html or if that's disabled too, try uploading it as an image or use some special shells with image extentions.
5) If none of these work then your target is not vulnerable!
===============================================================
Drupal Remote File Upload Vulnerability
===============================================================
Steps:
1) Search this google dork:
inurl:"/imce?dir=" intitle:"File Browser"
2) Click on any link that its title is "File Browser" among with something else
3) Click on the "Upload" button
4) Upload your Deface Page
5) Click the link in the box to View the URL
You can also upload a shell as shell.php.html and then change it to shell.php to hack the website.
===============================================================
RTE Webwiz Vulnerability
===============================================================
steps:
1) go to google.com and search one of these two google dorks.
inurl:rte/my_documents/my_files
inurl:/my_documents/my_files/
2) When you find a site change the url from
site.com/rte/my_documents/my_files/something or site.com/my_documents/my_files/something
to: site.com/admin/RTE_popup_file_atch.asp or site.com/rte/RTE_popup_file_atch.asp
3)from there you will be able to upload your deface!
===============================================================
AJAX File Upload vulnerability
===============================================================
Steps:
1st. use one of these 3 dorks:
dork: intitle:Max's AJAX File Upload - AJAX F1
dork2: Powered by AJAX F1
dork3: intitle:File Uploader intextTongueowered by AJAX F1
2nd. Choose a site and upload a shell. (google C99.php for a good shell)
3rd. the url must be: http:/asite.com/something/ change it to:
4rth. You are done! You have shelled the site!
===============================================================
Bugtraq File Upload Vulnerability
===============================================================
Steps:
1. Open Google.com and type this dork
intitle:"QuiXplorer 2.3 - the QuiX project"
2. You'll see a lot of sites, some big websites are vulnerable too
select any website from search results
3. Vulnerablity:
http://[localhost]/[path]/index.php?action=list&order=name&srt=yes
4. After Going to this you will see a file manager
you can upload your files here
5. find this edit file create file etc icons in page and click on last, the upload option
===============================================================
PhUploader Upload Vulnerability
===============================================================
Steps:
Google Dork : intitleTongueowered By phUploader
Go to Google.com and enter this Dork, see seach results
1. Select any website and upload your file there.
2. Website will allow you to upload .jpg .png .gif anf .png files only.
3. Anyway you can upload your deface in .jpg or if want to upload a shell then upload as
shell.php.jpg
after uploading your file you'll got a message
Your file(s) have been uploaded!
===============================================================
Infin8 Upload Vulnerability
===============================================================
Steps:
1. Got to google.com
2. Search this dork: allinsite:design-your-own-stamp filetype:php
3. Find a website and upload your image defacement or shell.php.jpg
4. Your file will be uploaded here:
thesite.com/images/uploads/upload_5612/yourimage.extention
===============================================================
Sflog! CMS 1.0 Arbitrary File Upload Vulnerability
===============================================================
Steps:
1. Go to
2. Get the Metasploit code
3. Put it in metasploit and hack the website
===============================================================
Wordpress fckeditor Arbitrary File Upload Vulnerability
===============================================================
Steps:
1. Go to google.com
2. Paste this dork: inurl:/wp-content/plugins/fckeditor-for-wordpress-plugin/fckeditor/editor/filemanager/browser/default/
3. Choose a website and browser to /wp-content/plugins/fckeditor-for-wordpress-plugin/fckeditor/editor/filemanager/browser/default/
4. Now open browser.html and you are in a web based file manager!
===============================================================
OpenCart vulnerability
===============================================================
Steps:
1) Use this google Dork: Index of /fckeditor/editor/filemanager/connectors/
2)Now open a site that shows files and folders. Navigate to connectors if it's not there already and press the file test.html
3) Now, change the settings from ASP to PHP, select where your file will be uploaded (default is root), browse your shell and press upload. Now you have a shell uploaded!
4) If it doesn't let you upload php, upload your deface in html or if that's disabled too, try uploading it as an image or use some special shells with image extentions.
5) If none of these work then your target is not vulnerable!
===============================================================
Drupal Remote File Upload Vulnerability
===============================================================
Steps:
1) Search this google dork:
inurl:"/imce?dir=" intitle:"File Browser"
2) Click on any link that its title is "File Browser" among with something else
3) Click on the "Upload" button
4) Upload your Deface Page
5) Click the link in the box to View the URL
You can also upload a shell as shell.php.html and then change it to shell.php to hack the website.
===============================================================
RTE Webwiz Vulnerability
===============================================================
steps:
1) go to google.com and search one of these two google dorks.
inurl:rte/my_documents/my_files
inurl:/my_documents/my_files/
2) When you find a site change the url from
site.com/rte/my_documents/my_files/something or site.com/my_documents/my_files/something
to: site.com/admin/RTE_popup_file_atch.asp or site.com/rte/RTE_popup_file_atch.asp
3)from there you will be able to upload your deface!
===============================================================
AJAX File Upload vulnerability
===============================================================
Steps:
1st. use one of these 3 dorks:
dork: intitle:Max's AJAX File Upload - AJAX F1
dork2: Powered by AJAX F1
dork3: intitle:File Uploader intextTongueowered by AJAX F1
2nd. Choose a site and upload a shell. (google C99.php for a good shell)
3rd. the url must be: http:/asite.com/something/ change it to:
[To see links please register here]
4rth. You are done! You have shelled the site!
===============================================================
Bugtraq File Upload Vulnerability
===============================================================
Steps:
1. Open Google.com and type this dork
intitle:"QuiXplorer 2.3 - the QuiX project"
2. You'll see a lot of sites, some big websites are vulnerable too
select any website from search results
3. Vulnerablity:
http://[localhost]/[path]/index.php?action=list&order=name&srt=yes
[To see links please register here]
[xyz]/index.php?action=list&order=name&srt=yes4. After Going to this you will see a file manager
you can upload your files here
5. find this edit file create file etc icons in page and click on last, the upload option
===============================================================
PhUploader Upload Vulnerability
===============================================================
Steps:
Google Dork : intitleTongueowered By phUploader
Go to Google.com and enter this Dork, see seach results
1. Select any website and upload your file there.
2. Website will allow you to upload .jpg .png .gif anf .png files only.
3. Anyway you can upload your deface in .jpg or if want to upload a shell then upload as
shell.php.jpg
after uploading your file you'll got a message
Your file(s) have been uploaded!
===============================================================
Infin8 Upload Vulnerability
===============================================================
Steps:
1. Got to google.com
2. Search this dork: allinsite:design-your-own-stamp filetype:php
3. Find a website and upload your image defacement or shell.php.jpg
4. Your file will be uploaded here:
thesite.com/images/uploads/upload_5612/yourimage.extention
===============================================================
Sflog! CMS 1.0 Arbitrary File Upload Vulnerability
===============================================================
Steps:
1. Go to
[To see links please register here]
2. Get the Metasploit code
3. Put it in metasploit and hack the website
===============================================================
Wordpress fckeditor Arbitrary File Upload Vulnerability
===============================================================
Steps:
1. Go to google.com
2. Paste this dork: inurl:/wp-content/plugins/fckeditor-for-wordpress-plugin/fckeditor/editor/filemanager/browser/default/
3. Choose a website and browser to /wp-content/plugins/fckeditor-for-wordpress-plugin/fckeditor/editor/filemanager/browser/default/
4. Now open browser.html and you are in a web based file manager!
===============================================================
