GreySec Forums

Full Version: how to exploit fileupload vulneribility?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
how do you hack website which have file upload vulneribility (which can be used to upload php shell) but you dont know its upload location ? specially when dirbuster can not determine its location due to abnormal folder naming scheme.
Dig deeper, try harder Smile If dirbuster doesn't do the trick. Check robots.txt, do some osint infogathering with google dorks. Maybe check http headers etc when uploading a file to find clues. It's all about thinking outside the box and gather a lot of intel.

Any specific site? While I'm not for illegal activities, for scientific purposes. It would be interesting to see.. you can PM me if you want.
(04-26-2019, 11:21 PM)Insider Wrote: [ -> ]Dig deeper, try harder Smile If dirbuster doesn't do the trick. Check robots.txt, do some osint infogathering with google dorks. Maybe check http headers etc when uploading a file to find clues. It's all about thinking outside the box and gather a lot of intel.

Any specific site? While I'm not for illegal activities, for scientific purposes. It would be interesting to see.. you can PM me if you want.

thanks, i guess i will test new attack vectors may be in header, input forums or in outdated cpanel. since i am new in penetration testing it would be best for me to play safe.