Durpal IMCE Mkdir remote deface upload exploit by Rwandan Hackers



IMCE Mkdir is a remote file upload vulnerablity on durpal platform,
normaly you can upload .txt extentions on websites
but some sites allowes you to upload .html files
if you want to upload shell on website then try in .phtml extention

Google Dork : inurl:"/imce?dir=" intitle:"File Browser"
                      http://www.website.com/abc/files/abc/yourfilehere

1st of all find a vulnerable website using google dork 
after opening site goto http://website.com/imce?dir= 
and file upload option there




to acess your shell/deface/file go here
http://www.website.com/abc/files/abc/yourfilehere
(replace abc with directory of website)
My deface page  :http://labourlakesandfurness.co.uk/sites/labourlakesandfurness.co.uk/files/rwandanhackers.html

Post a Comment

Previous Post Next Post