"jFoler, jsp Webfolder Managment" A new shell and Deface upload exploit
so i'm back with a new exploit
its a new remote file upload vulnerability, you can upload your deface page, files and shells on websites, without gaining Admin acess
mostly vulnerable websites for this attacks belongs to China and Tiwan (.cn and .tw)
its a new remote file upload vulnerability, you can upload your deface page, files and shells on websites, without gaining Admin acess
mostly vulnerable websites for this attacks belongs to China and Tiwan (.cn and .tw)
Dork : www.topronet.com ,All Rights Reserved.Any question, please email me cqq1978@Gmail.com
and
JFoler 1.0 A jsp based web folder management tool by Steven Cee
(its not a Particular dork, please try to modify it and if you sucessfull modified then leave new dork in comment)
Just select any site from search results and now upload your deface page or shell
shell upload : for shell uploading rename your asp shell (shell.asp) to shell.jsp then upload it, you can try .php too, every Extension is allowed but in some sites you can't excute php and asp shell
Path : depends on website
to View your upload file just goto http://www.site.com/yourfilehere
Live Demo :
http://www.coalworld.net/detail/09/10/30/00000006/berk.jsp
http://jangbiya.com/img/upload/jsp.jsp
http://www.shnotary.gov.cn/notarial/UserFiles/Vote/MMYB1330972040320.jsp
http://www.zzb.ks.gov.cn/images/ycjy-yh.gif.jsp
http://www.zjdx.gov.cn/uploads/upload_20091128_162444_fcktemplates.jsp
Results : http://www.coalworld.net/backlinks.html
No comments:
Post a Comment