Upload Multiple Files With a Single File Element

**h3ll0s** · 07-31-2012, 03:28 AM

baru saja saya menemukan ini Angry

Code:

# Title            : Upload Multiple Files With a Single File Element

# Download         : http://the-stickman.com/files/multiple-file-element.zip

# Date             : 28 July 2012

# Author           : h3ll0s

# Home             : http://www.facebook.com/groups/3rr0rc0de/

# Dork             : Think it :p

# Greatz           : Gato Lucy, Starkey, Cimay, phiA, haning32.dll

# Big Thank's      : 3rr0r c0de | PasuruanCyber

                     BinusHacker

                     r00tw0rm

# email            : [email protected]

# Tested           : Debian Lenny



-=-=-=-=-=-=-=-

Description



You can upload an attachment file on the server,

example jpg, png, gif.

used tamper data to change the shell.php



=-=-=-=-=-=-=-=

Vulnerable Code



(move_uploaded_file($_FILES['file']['tmp_name'][$i], $destination . '/' .$nm_file)) {

        echo $_FILES['file']['name'][$i] . " uploaded sucessfully!<br>";

        $attach .= '<br/><a href="attachment/'. $nm_file .'" >'.$nm_file.'</a>';

         }

        

-=-=-=-=-=-=-=-

Destination



You can preview your shell at folder /attacement/yourshell



# Demo Shell :

http://tts-lpse.lkpp.go.id/tts/attachment/181061011404_V1.jpg.php

http://tts-lpse.lkpp.go.id/tts2/tes_.php



Press TAB Keyboard, you can found login shell.

password shell : ask me #LOL

download

**Al - Ayyubi** · 07-31-2012, 12:34 PM

(07-31-2012, 03:28 AM)h3ll0s Wrote: baru saja saya menemukan ini

Code:
# Title : Upload Multiple Files With a Single File Element # Download : http://the-stickman.com/files/multiple-file-element.zip # Date : 28 July 2012 # Author : h3ll0s # Home : http://www.facebook.com/groups/3rr0rc0de/ # Dork : Think it :p # Greatz : Gato Lucy, Starkey, Cimay, phiA, haning32.dll # Big Thank's : 3rr0r c0de | PasuruanCyber BinusHacker r00tw0rm # email : [email protected] # Tested : Debian Lenny -=-=-=-=-=-=-=- Description You can upload an attachment file on the server, example jpg, png, gif. used tamper data to change the shell.php =-=-=-=-=-=-=-= Vulnerable Code (move_uploaded_file($_FILES['file']['tmp_name'][$i], $destination . '/' .$nm_file)) { echo $_FILES['file']['name'][$i] . " uploaded sucessfully!<br>"; $attach .= '<br/><a href="attachment/'. $nm_file .'" >'.$nm_file.'</a>'; } -=-=-=-=-=-=-=- Destination You can preview your shell at folder /attacement/yourshell # Demo Shell : http://tts-lpse.lkpp.go.id/tts/attachment/181061011404_V1.jpg.php http://tts-lpse.lkpp.go.id/tts2/tes_.php Press TAB Keyboard, you can found login shell. password shell : ask me #LOL

download

apaan tu om Angry

cek TKP malah bingung:apn: pencerahannya dong Smile

**h3ll0s** · 07-31-2012, 01:15 PM

Quote:apaan tu om cek TKP malah bingung:apn: pencerahannya dong

itu bugs yg saya temukan, developper web tdk tahu akan bugs tersebut

saya lupa memberi tag untuk thread ini

**abdilahrf** · 11-18-2012, 04:29 PM

ow jadi upload shell.jpg.php
tapi kok systemnya ngak nolak file nya :-?

**SiiBrandalMallam** · 12-04-2012, 06:00 PM

bngung bro ngg ngerti mksutnya ntuu.... =D

Quote:
[spoiler=SS Guild 21 April 2012]Uploading . . . [/spoiler]

[spoiler=CW Faction Terbesar][/spoiler]

Grup Facebook :► [St-Unlimited™]

Website :► [Website]

**Kucing_Cyber** · 12-04-2012, 10:31 PM

maksudnya kagak ngrt ane om
mohon pencerahannya

**drewcode** · 12-04-2012, 11:07 PM

(11-18-2012, 04:29 PM)abdilahrf Wrote: ow jadi upload shell.jpg.php
tapi kok systemnya ngak nolak file nya :-?

temper data om..
cmiiw Confused

:-

**ardian** · 12-04-2012, 11:44 PM

masih kurang jelas ane om ... -_-..

**yudha24** · 08-29-2015, 05:41 PM

apaan tuh om? bingung 7 kelilingin

**EKO_X** · 09-02-2015, 05:50 PM

demo dan penampakan nya ga bisa bro Big Grin