New IMCE Dir Exploit for Hacking Drupal Websites

Hey friends, yesterday i was going through the latest Google dorks and found really interesting stuff. You all will be amazed by knowing the functionality of that dork called as IMCE DIR exploit.

Using IMCE directory exploit we can upload our shells on websites which are made using DRUPAL platform and execute our shells and hence can easily hack the websites or simply say we can deface that website using that loophole. Actually let me provide you more information about this Drupal File Browser bug. IMCE directory opens the file browser of the website from where you can upload images to your websites, so guy for uploading your shells you need to rename your shells like say c99.php to c99.png or r60.php to r60.png etc..

Now lets learn how to deface website or hack website using this bug:
1. First of all open the Google and then type the below query in search box:

 inurl:"/imce?dir="

2.  Now search results will appear like below:



3. Now open the links like mentioned below:

www.arcireal.com/imce?dir=imagecache/dettaglio

4.  Now a File browser will open which will allow you to upload and navigate though files:

 

5. Now upload the shell by clicking on upload button.
6. Access the shell by double clicking on that.
7. Rest things you already know..

Note: This is only for educational purposes. Any misuse is not the responsibility of rattlesnakee
Please Comments :)