Drupal IMCE : Remote File Upload Vulnerability

Finding Vulnerable Target

Dork : inurl:"/imce?dir=" intitle:"File Browser"

1- Copy and paste this dork on google

2- Choose any site

Exploiting Target

1- Once you have click the site, click on any folder to upload your file.

2- Click upload, and browse for your file.

3- Files that are allowed are . gif , .png , .jpeg , .jpg , .doc , .pdf 

4- Click Upload

5- To view your file, click on your uploaded file.

Live Demo:

http://www.ccgp.org/sites/default/files/alex.html