LATEST: We are offering PENTESTING and WEB DEVELOPMENT service with low price Learn More

2/16/2012

"Powerd By Kleeja" File Upload vulnerability

Title:"Powerd By Kleeja" File Upload vulnerability
Bug : File Upload Vulnerablity
Author : Minhal Mehdi 
Tested on : windows Linux & Mac
Catagory : Web application 


Hi Guys, Happy valentine week to all, i'm Back on devils cafe with a New File Upload vulnerability
Google Dork : powered by Kleeja >>> the best uploader ... >> Bugs | Plugins | Styles |
Lets Start : Go to Google or Bing and type this Dork
powered by Kleeja >>> the best uploader ... >> Bugs | Plugins | Styles |
you'll see lot of websites in serach results.. I got About 3,100 results in Google serach 
in Google Serach results Look For website with /styles/default/ url
now goto That website and Then Goto Home Page on that website 
now select your file and Upload
Don't Forget to Check i'm agree with T&C button (its in arbic but you can understand, seethe image given Below)



in Most websites you can Upload images and Txt files only but some unPatched sites allow you to Uploading html files too, you'll see uploaded file URL after Uploding
Take a Full screenshot of your deface Page and Crop it, nd upload it here 
it will looks like html deface Page
Live demo : http://up.akonami.info/
Result : http://up.akonami.info/do.php?thmb=817


About Author:

Hi, Its me Aamir Khan, Owner of HACKING ARTICLES. I am an Ethical Hacker, Pro Blogger, addicted Web Developer and Security Researcher with experience in various aspects of Information Security. I am from Pakistan.Hacking is my passion and i wanna myself to be called as a LEGEND in this field.

Follow him @ Twitter | Facebook


0 comments:

Post a Comment

Your feedback is always appreciated. We will try to reply to your queries as soon as time allows.
Note:
1. Make sure to click the "Subscribe By Email" link below the comment to be notified of follow up comments and replies.
2. Please "Do Not Spam" - Spam comments will be deleted immediately upon our review.
3. Please "Do Not Add Links" to the body of your comment as they will not be published.
4. Only "English" comments shall be approved.
5. If you have a problem check first the comments, maybe you will find the solution there.