how to exploit fileupload vulneribility?
#1
how do you hack website which have file upload vulneribility (which can be used to upload php shell) but you dont know its upload location ? specially when dirbuster can not determine its location due to abnormal folder naming scheme.
Reply
#2
Dig deeper, try harder Smile If dirbuster doesn't do the trick. Check robots.txt, do some osint infogathering with google dorks. Maybe check http headers etc when uploading a file to find clues. It's all about thinking outside the box and gather a lot of intel.

Any specific site? While I'm not for illegal activities, for scientific purposes. It would be interesting to see.. you can PM me if you want.
Reply
#3
(04-26-2019, 11:21 PM)Insider Wrote: Dig deeper, try harder Smile If dirbuster doesn't do the trick. Check robots.txt, do some osint infogathering with google dorks. Maybe check http headers etc when uploading a file to find clues. It's all about thinking outside the box and gather a lot of intel.

Any specific site? While I'm not for illegal activities, for scientific purposes. It would be interesting to see.. you can PM me if you want.

thanks, i guess i will test new attack vectors may be in header, input forums or in outdated cpanel. since i am new in penetration testing it would be best for me to play safe.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [Tutorial] PHP CGI exploit Insider 0 521 06-16-2020, 11:34 AM
Last Post: Insider
  WebDAV Hacking [Detect & Exploit] Insider 1 16,058 04-24-2019, 09:03 PM
Last Post: thunder
  Source Engine exploit - Executeable automatically saved in startup directory eggshell 1 3,470 03-07-2016, 09:26 PM
Last Post: Cryptography