Friday, 6 July 2012

IMCE Mkdir remote deface,upload & exploits

What is IMCE Mkdir ?

IMCE Mkdir is a remote file upload vulnerability on drupal platform, normally you can upload .txt, .png , .jpg and .gif extensions on websites but some sites allows you to upload .html files , if you want to upload shell on website then try in .phtml extension .

Google Dork

inurl:"/imce?dir=" intitle:"File Browser"


Shell Access*

* Change the website name with your vulnerable website and abc with directory

Step 1 :
First of all find a vulnerable website using google dork stated above .

Step 2:
After opening site go to
and find upload option there . Example :

Step 3 : Now Upload your file which must be in either of the format : .jpg , .gif , .png , .html , .phtml , .pdf etc.

Step 4 : To access your shell/deface/file go here
(replace abc with directory of website) . Example : 

Leave comment if any query :) stay connected for More !

1 comment:

  1. If you're alone, I'll be your shadow. If you want to cry, I'll be your shoulder. If you want a hug, I'll be your pillow. If you need to be happy, I'll be your smile... But anytime you need a friend, I'll just be me.
    - Care credit pay bill online


Hyperlinks are not allowed in comments, Spam/advertising comments will NEVER BE TOLERATED and will be deleted immediately!

Thanks for visiting our website,Bookmark us for more updates.

Contact us


Email *

Message *