07-31-2012, 03:28 AM
baru saja saya menemukan ini
download
Code:
# Title : Upload Multiple Files With a Single File Element
# Download : http://the-stickman.com/files/multiple-file-element.zip
# Date : 28 July 2012
# Author : h3ll0s
# Home : http://www.facebook.com/groups/3rr0rc0de/
# Dork : Think it :p
# Greatz : Gato Lucy, Starkey, Cimay, phiA, haning32.dll
# Big Thank's : 3rr0r c0de | PasuruanCyber
BinusHacker
r00tw0rm
# email : [email protected]
# Tested : Debian Lenny
-=-=-=-=-=-=-=-
Description
You can upload an attachment file on the server,
example jpg, png, gif.
used tamper data to change the shell.php
=-=-=-=-=-=-=-=
Vulnerable Code
(move_uploaded_file($_FILES['file']['tmp_name'][$i], $destination . '/' .$nm_file)) {
echo $_FILES['file']['name'][$i] . " uploaded sucessfully!<br>";
$attach .= '<br/><a href="attachment/'. $nm_file .'" >'.$nm_file.'</a>';
}
-=-=-=-=-=-=-=-
Destination
You can preview your shell at folder /attacement/yourshell
# Demo Shell :
http://tts-lpse.lkpp.go.id/tts/attachment/181061011404_V1.jpg.php
http://tts-lpse.lkpp.go.id/tts2/tes_.php
Press TAB Keyboard, you can found login shell.
password shell : ask me #LOL
download