New IMCE Dir Exploit for Hacking Drupal Websites

2020.03.12

Maruf Sakirin (BD)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: inurl:"/imce?dir="

First of all open the Google and then type the below query in search box:
inurl:"/imce?dir="
Now open the links like mentioned below:
www.arcireal.com/imce?dir=imagecache/dettaglio
Now a File browser will open which will allow you to upload and navigate though files:
Now upload the shell by clicking on upload button.
Access the shell by double clicking on that.
Rest things you already know..

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

New IMCE Dir Exploit for Hacking Drupal Websites

Dork: inurl:"/imce?dir="

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.