Advertisement


Looking for a fix? Check your Codebase security with multiple scanners from Scanmycode.today


Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2017050100

Below is a copy:

Drupal comment-form Upload Dangerous File# Exploit Title : Deface Drupal File With Tamper
# Exploit Author : GU3LT03M
# DORK : inurl:"/register?destination=node/" intext:"Allowed file types: png gif jpg"
#
# [+] File Location :https://127.0.0.1/sites/default/files/[path]/file name
#
# Tutorial See here http://ryangueltoem.blogspot.co.id/2017/05/deface-drupal-file-with-tamper.html
#################################################################################
#
# [+] Demo :
#http://www.unitech.ac.pg/user/register?destination=node/717%23comment-form 
#http://alumni.pec.ac.in/user/register?destination=node/77
#http://anh-academy.org/member/register?destination=node/576%23comment-form
# 
#
# [+] File Location
#
# http://www.unitech.ac.pg/sites/default/files/filefield_paths/nitip.php.txt
#
#################################################################################
#
# Step By Step :
#
# 1. Dorking inurl:"/register?destination=node/" intext:"Allowed file types: png gif jpg"
# 2. Select one of the web
# 3. Open Tamper Data
# 4. Upload File .php.jpg
# 5. Tamper becomes .php
# 6. Right-click the file and open it in the new tab
#
#################################################################################
#
# Tutorial See here http://ryangueltoem.blogspot.co.id/2017/05/deface-drupal-file-with-tamper.html
#
#################################################################################

Copyright ©2019 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.