Saturday, September 7, 2013

Simple Upload 53 Vulnerability allows Hacker to upload Shell

2:57 PM Unknown

Web Application vulnerability in "Simple Upload 53" PHP file allows an attacker to upload Backdoor shell code in your website.

Using this google search , you can find the vulnerable Sites.If you want to find the vulnerability in your web application, use this google dark:

After you search in google; if you find any page ends with "simple-upload-53.php" , follow the link.
Example:hxxp://www.target_site.com/simple-upload-53.php

Now you can see the upload option in the site.  Here is the biggest problem, it allows anyone to upload files.
An attacker can upload Backdoor shell as ".php.jpg" or ".php.gif" etc.
The uploaded shell will be in this place:
hxxp://www.target_site.com/files/Your_file_With_Extension
After uploading the shell , an attacker can deface your site. So better check  whether your site also has this vulnerability or not.


0 comments:

Post a Comment

 

Subscribe in Bloglines Msn bot last visit powered by MyPagerank.Net Yahoo bot last visit powered by MyPagerank.Net
I heart FeedBurner downtime checker The Ubuntu Counter Project - user number # 31290
 
Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Powered by TadPole
FOG FLAMES