LATEST: We are offering PENTESTING and WEB DEVELOPMENT service with low price Learn More

2/24/2012

Simple Upload 53" Vulnerability allows Hacker to upload Shell

Web Application vulnerability in "Simple Upload 53" PHP file allows an attacker to upload Backdoor shell code in your website.

"inurl:simple-upload-53.php"
using this google search , you can find the vulnerable Sites.

If you want to find the vulnerability in your web application, use this google dark:
"inurl:simple-upload-53.php site:Your-Site.com"

After you search in google; if you find any page ends with "simple-upload-53.php" , follow the link.


Example:
hxxp://www.target_site.com/simple-upload-53.php

Now you can see the upload option in the site.  Here is the biggest problem, it allows anyone to upload files.

An attacker can upload Backdoor shell as ".php.jpg" or ".php.gif" etc.

The uploaded shell will be in this place:
 hxxp://www.target_site.com/files/Your_file_With_Extension

After uploading the shell , an attacker can deface your site. So better check  whether your site also has this vulnerability or not.!!!!!

About Author:

Hi, Its me Aamir Khan, Owner of HACKING ARTICLES. I am an Ethical Hacker, Pro Blogger, addicted Web Developer and Security Researcher with experience in various aspects of Information Security. I am from Pakistan.Hacking is my passion and i wanna myself to be called as a LEGEND in this field.

Follow him @ Twitter | Facebook


0 comments:

Post a Comment

Your feedback is always appreciated. We will try to reply to your queries as soon as time allows.
Note:
1. Make sure to click the "Subscribe By Email" link below the comment to be notified of follow up comments and replies.
2. Please "Do Not Spam" - Spam comments will be deleted immediately upon our review.
3. Please "Do Not Add Links" to the body of your comment as they will not be published.
4. Only "English" comments shall be approved.
5. If you have a problem check first the comments, maybe you will find the solution there.