In google or yahoo type "Only zip and rar files can be uploaded" with
quote and you will have list of sites which is using this script.
I got site now how can I know site is vulnerable or not?
Wait I will explain in next step..
In google or yahoo type "Only zip and rar files can be uploaded" with
quote and you will have list of sites which is using this script.
I got site now how can I know site is vulnerable or not?
Wait I will explain in next step..
OK got site now?
Download this file and upload on server.
CODE
http://rapidshare.com/files/73941222/HACK.rar
Extract it .. you will get a file name india.php.rar
(Remember, Don't change extension)
This is your Exploit shell script
Now upload the file india.php.rar to the site you found to hack :mrgreen:
After uploading file. Get link to download file and download that file.
After few seconds you will see download file button and click on it, If
you are seeing Download Box to download file than leave that site
because that site is not vulnerable and try other site.
If you are seeing message like "OK file copy in victim host, open
india.php" then it means SHELL copied on server, now just remove
india.php.rar from your address bar and open only india.php like if you
have opened
CODE
http://www.cooldownload.org/audio/au.../india.php.rar
then open
CODE
http://www.cooldownload.org/audio/au...7f82/india.php
and you can see c99 shell there
Now site is in your hands edit its index.php ... Hack its sql database whatever you wish you can do ...
No comments:
Post a Comment