"Testing Image collection" shell and files upload vulnrablity

“Testing Image collection” shell and files upload vulnrablity

Dorks : inurl:”modules/filemanagermodule/actions/?picker.php??id=0″
           intitle:”Testing Image Collections”
Goto Google or Bing and Type Dork  inurl:”modules/filemanagermodule/actions/?picker.php??id=0″ or intitle:”Testing Image Collections” 
now see search results in google or bing search ..
select any site from search results and look for upload option 
here is demo of upload button : 
image_2326254.original.jpg (374×39)
Now select your shell or deface page and upload it
To view your upload shell or deface go to:
http://website.com/files/yourfilehere  or
Live Demo :
result :  http://www.bantamorloff.co.uk/files/backlinks.html
other live examples : 


*UPDATE : Demo sites are patched now Find a new target >:D<

Read more: "Testing Image collection" shell and files upload vulnrablity

Story added 28. September 2015, content source with full text you can find at link above.