API tools faq
paste
Advertisement
Kyfx

inurl:upload_image.php

Kyfx
Jun 20th, 2015
1,197
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.11 KB | None | 0 0
raw download clone embed print report
  1. Dork: inurl:upload_image.php
  2.  
  3.  
  4.  
  5.  
  6. Its a false positive.No viruses exist in the form of .php or .txt .
  7.  
  8. Right click and click edit on the shell.
  9.  
  10. Find the lines ----> $login = "username here"; //login
  11.  
  12. On the next line, you must enter the password.
  13. First go here and encrypt your password whatever it is.
  14. On the place where it says "password here" , enter the original password.
  15.  
  16. And on the next line where it says md5 pass,enter the crypted password.
  17.  
  18. So basically what you do with shell is upload them to the website and get control over it.Since its a .php file,many sites block it .So click on File>>Save as and save it something like in this list :
  19. Code:
  20. shell.php;.jpg
  21. c100.php%00.jpg
  22. c100.php..jpg
  23. c100.php.jpg%00
  24. c100.php.jpg:;
  25. c100.php.jpg%;
  26. c100.php.jpg;
  27. c100.php.jpg;%00
  28. c100.php.jpg%00:;
  29.  
  30. So you need to find a place where you can upload an image in a website.It can be anywhere in a site.So do some surfing..
  31.  
  32.  
  33. Open a website and you can upload images there..
  34.  
  35.  
  36. So once you have entered the admin panel,upload the shell.
  37.  
  38. Now find the link to the shell.That means,the link that will take you to where the shell is uploaded.
  39.  
  40. Once you go to that link,a popup will appear asking for username and password.Use the username and password that you used while creating the shell.
  41.  
  42. CASE 2
  43. Sometimes,simple extension change won't help you to upload the files.
  44. So you need to use a tool called Live HTTP Headers
  45. Install that addon to your firefox and go to the upload section.Upload the shell.Since uploading that file is not possible,you will get an error on trying to go to that page.
  46.  
  47. First find the line of code in Live Headers where it says,
  48. Code:
  49. filename="c100.php%00.php.jpg
  50.  
  51.  
  52. Select this line and click the Button Replay.
  53.  
  54. Now you need to find the same line on the next coloumn where it shows code of uploaded file.
  55. Find the line and delete the part "%00.jpg"
  56. So now its only c100.php
  57. Now go to shell page and it must take you to the shell screen where the entire files on the site will be listed.
  58. Find main index.php and edit it with your deface page source code, and click save. Thats it
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!