Tuesday, April 15, 2014

Encodable Shell File upload Vulnerablity

Yeah read it :) :P

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Lets Start:-

1). Open google.com and Enter the following dork
Dork: "intext:File Upload by Encodable"
Result comes with 166,000 results.. but some results are fake ... its may be malwares
So pick real things only , "Upload a file" You will this title in search results here :)
Click the sites only which comes with upload a file title..


2). After click the link you'll got a upload form...


3). You'll see some options in this form like name Description email etc ...
type anything in these boxes but add a email in email box, dont use your own
put this one billy@microsoft.com , admin@nasa.gov etc :P

4). Now choose you file and upload it :)

5). After clicking on upload button a pop up will be open ... dont close it, it will automatically closed
after uploading file.

6). In some sites you'll get your uploaded file link after uploading on website
and if you did not file it then try these url
/upload/files/
or /upload/userfiles/

Live Demo : http://www.bellblue.com/cgi-bin/filechucker.cgi

0 on: "Encodable Shell File upload Vulnerablity"