Yesterday I went through the latest Google dorks and found some interesting stuff. YThe functionality of the dork called IMCE DIR exploit will amaze you.
Using the IMCE directory exploit, we can upload our shells on websites which are made using the DRUPAL platform and execute our shells, hence allowing us to easily hack the websites, or simply put, we can deface the website using that loophole. Actually, let me provide more information about this Drupal File Browser bug. IMCE directory opens the file browser of the website from where you can upload images to your websites, so to upload your shells you need to rename them, like c99.php to c99.png or r60.php to r60.png.
Now lets learn how to deface or hack a website using this bug:
1. First of all, open Google and type the below query into the search box:
inurl:”/imce?dir=”
2. Now search results will appear like below:
3. Open the links mentioned below:
www.arcireal.com/imce?dir=imagecache/dettaglio
4. Now a file browser will open, which will allow you to upload and navigate through files:
5. Upload the shell by clicking on the upload button.
6. Access the shell by double clicking it.
7. The rest, you know!
Note: This is only for educational purposes. Any misuse is not the responsibility of HackingLoops.
Leave a Reply