LATEST: We are offering PENTESTING and WEB DEVELOPMENT service with low price Learn More

2/16/2012

website defacing with interface Results editor



interface Results editor is a New Bug in websites, it allow Hackers to edit pages remotly without any login, you can't upload .html .jpg and .phpfiles in this vulnreblity but you can make your deface as Text !! if you want to upload .html and other files then read these posts 
so lets start 
go to bing.com and type this dork : "inurl:interface/Results/editor/detail.asp?"
or goto google.com and type this dork : "inurl:/Results/editor/detail.asp"


select any website from serach results with Results -- Home tittle
and see edit button on page 
after clicking on edit you'll got editing option, edit and replace it with your message 
for example see live example:
example : 
edit option : http://www.youngblood.org.pk/medicinecompanies_interface/Results/editor/edit.asp
After Editing : http://www.youngblood.org.pk/medicinecompanies_interface/Results/editor/detail.asp?CID=12345


and after editing make a Mirror (webcache), because someone can chnage it with thier own name, if site is already registerd on mirror site then goto turk-h.org and make mirror there

About Author:

Hi, Its me Aamir Khan, Owner of HACKING ARTICLES. I am an Ethical Hacker, Pro Blogger, addicted Web Developer and Security Researcher with experience in various aspects of Information Security. I am from Pakistan.Hacking is my passion and i wanna myself to be called as a LEGEND in this field.

Follow him @ Twitter | Facebook


0 comments:

Post a Comment

Your feedback is always appreciated. We will try to reply to your queries as soon as time allows.
Note:
1. Make sure to click the "Subscribe By Email" link below the comment to be notified of follow up comments and replies.
2. Please "Do Not Spam" - Spam comments will be deleted immediately upon our review.
3. Please "Do Not Add Links" to the body of your comment as they will not be published.
4. Only "English" comments shall be approved.
5. If you have a problem check first the comments, maybe you will find the solution there.