LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

Full website takeover

11 months ago 54
BOOK THIS SPACE FOR AD
ARTICLE AD

Jeyabalaji

3 hours ago

--

Got full access of server

This is the blog shows that impact when the upload functionality is not implement properly.

Using fuff I found login page that too admin login :)

By simple SQLi injection able to bypass login ( ‘ or 1=1 — ).

In admin panel there are lot of options is there including uploading images. So I decide to upload web shell and gain access of entire site.

After uploading the shell I located to home directory of the site and add small tag in index page ( homepage of site).

Sorry for blurry image

Here we have all privileges. like We can download, edit and delete all stuffs in that server.

Read Entire Article
  3. Full website takeover

Related

How I found a IDOR at Monitor Mozilla ?

How I found a IDOR at Monitor Mozilla ?

ZoneTransfer — ./Hope

ZoneTransfer — ./Hope

How I Found My First RCE !

How I Found My First RCE !

$350 bounty: How I Got It | Broken linked Hijacked

$350 bounty: How I Got It | Broken linked Hijacked

How To Find And Test S3 Buckets For Bug Bounty

How To Find And Test S3 Buckets For Bug Bounty

Broken Access Control leads to Take Admin Role

Broken Access Control leads to Take Admin Role

Trending

1. Barcelona
2. Aston Villa vs Liverpool
3. Sushil Modi
4. Apple iPhone 16 Pro Max
5. Ap polling percentage
6. GT बनाम KKR
7. AIIMS
8. Election Results 2024
9. Mumbai Weather
10. Madhavi Latha

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved