Protect your websites from Simple Upload 53 Vulnerability
Salam Hi & Hello Everyone, webmasters and security reseachers,in this trick I am going to discuss a website application vulnerability named “Simple Upload 53″ which allows an attacker to upload Backdoor shell code in your website. I also discuss how enterprises can fix the original problems and combat attacks that try to exploit them.
If you are familiar about this website vulnerability,take a look on this post on Most Common Website Vulnerabilities and protect your website from such attacks.
Its Easy Method For Hackers To Upload Shell And Hack The Websites.
If you want to test your own website you can skip step1 and go ahead with step2.If you dont have any vulnerable website find one with the help of google dork.Contact owner and perform this test with his permission.Dont try this without permission you may get jailed.
Step 1:Finding vulnerable websites
As you already know google dork is special query to google search engine to search specific sites with specific content.We will take the help if this google dork to search for vulnerable websites.
” inurl:simple-upload-53.php “
Open Google,search with the above string without using quotes.If everything is fine,you may get the vulnerable website in first search result only.You are good to go now.
If you want to find the vulnerability in your web application,use this google
dork: " inurl:simple-upload-53.php site:Your-Site.com"
Be sure to replace your-site with your own site.
After you search in google; if you find any page ends with
“simple-upload-53.php” , follow the link.
Example:
http://www.target_site.com/simple-upload-53.php
Refer the image below
Step 2:Uploading your shell
Now you can see the upload option in the site. Here is the biggest loophole, it allows anyone to upload files.
So,An attacker can upload Backdoor shell as “.php.jpg” or”.php.gif” etc.
If you are newbie to shell uploading,A backdoor shell is a malicious piece of code (e.g. PHP, Python, Ruby) that can be uploaded to a site to gain access to files stored on that site.
Once it is uploaded, the hacker can use it to edit, delete, or download any files on the site, or upload their own.
The uploaded shell will be in this place:
http://www.target_site.com/files/Your_file_With_Extension
Step 3:Defacing the website
After uploading the shell , an attacker can deface your site. Defacing means a hacker keeping a headline in your website in a specific page you have been hacked.
So better check whether your site also has this vulnerability. Scan Your Websites With Vulnerability Scanners Like Acunetix And Other.
If You Like My Articles Please Subscribe And Like My Page
Keep Visiting
No comments:
Post a Comment