Web Hacking: Deface and Shell Upload Vulnerability

Some of sites have file upload option. You can use this vulnerability and upload your deface and shell. Let's see about this vulnerability.

Google Dork : "intext:File Upload by Encodable"

First open google.com and put intext:File Upload by Encodable in search box. You have got so many result. But all are not our vulnerable sites. You must select sites which have a title Upload a File. Open a site and you can see a upload form in the site. Give any description. You may give email address like admin@microsoft.com or leader@nasa.gov


Now choose your file and upload it.. Lolz our work already finish. After upload you need to find the link. For find the link you may try this url

/upload/files/

or /upload/userfiles/

Live Demo: http://www.precisecast.com/cgi-bin/uploads.cgi

Uploaded File: http://www.precisecast.com/upload/files/xd.html

Happy Hacking... xd