UsingIMCE directory exploitwe can upload our shells on websites which are made using DRUPAL platform and execute our shells and hence can easilyhack the websitesor simply say we can deface that website using thatloophole. Actually let me provide you more information about this Drupal FileBrowser bug. IMCE directory opens the file browser of the website from where you can upload images to your websites, so guy for uploading your shells you need to rename your shells like say c99.php to c99.png or r60.php to r60.png etc.. Now lets learn how to deface website or hack website using this bug: 1. First of all open the Google andthen type the below query in search box: inurl:"/imce?dir=" 2. Now search results will appear like below: 3. Now open the links like mentioned below: www.arcireal.com/imce?dir=imagecache/ dettaglio 4. Now a File browser will open which will allow you to upload and navigate though files: 5. Now upload the shell by clicking on upload button. 6. Access the shell by double clicking on that. 7. Rest things you already know.. Note: This is only for educational purposes. Any misuse is not the responsibility of HackingLoops orme.
No comments:
Post a Comment