Hello There, Guest! Login Register
Logo
Dismiss this notice
MaDLeeTs is not responsible for any attacks that are carried out on networks, websites or servers.
MaDLeeTs staff members cannot be held responsible.
All information on this forum is for educational purposes only.


bypass this

  • 0 Vote(s) - 0 Average


10-24-2014, 11:52 PM #1
yhi Offline MadLeets Vip ******
V.I.P
Posts:392 Threads:40 Joined:Mar 2013 Reputation: 14
Mood: Irritated
<?php

$mimetype = array("application/pdf","application/msword", "application/pdf", "application/octet-stream", "application/vnd.openxmlformats-officedocument.wordprocessingml.document");
$blacklist=array(".php", ".html", ".htm", ".phtml", ".php3", ".php4", ".js", ".shtml", ".pl" ,".py",".exe");
$loc = "upimages/careers/";

if($_FILES['orderform']['name'])
{
foreach ($blacklist as $file)
{
if(strstr($_FILES['orderform']['name'],$file))
{
header('location:career.php?errmsg=This file type not Permited.');
exit();
}
}
$upload = new upload($mimetype, "2097160", $loc);
$go = $upload -> putFile ("orderform");
if(isset($_SESSION['error']))
{
if(trim($go)==trim($_SESSION['error']))
{
unset($_SESSION['error']);
header("location:career.php?errmsg=".$go."");
exit;
}
}

if ( $go )
{
$filePath = $upload -> splitFilePath ($go);
}
$orderform = $filePath['filename'];
}

if($orderform==""){
$resume_msg=" Not Attached ";
} else {
$resume_msg=$site_path."upimages/careers/".$orderform;
}


?>


i want to upload my php shell
but not able to bypass it
any one can help ??

10-25-2014, 12:00 AM #2
Altair Offline MadLeets Lover *****
MaDLeeTs LoVer
Posts:94 Threads:8 Joined:May 2014 Reputation: 8
Mood: Tired
if you sent me to website url itry it for you, maybe i upload shell via different method

Telegram Chat room for MaDLeeTs members
https://t.me/joinchat/AAAAAAw32DdRbrjMJYstlg          


10-25-2014, 12:01 AM #3
1337 Offline Don't PM me for help, post it on forum ! *******
Administrators
Posts:524 Threads:106 Joined:Jun 2012 Reputation: 21
Mood: Hacker
Did you try temper data ?

[Image: 28jeale.jpg]
[Image: 2mzgpld.jpg]
------------------------------------------------
[#] CodeName: 1337
[#] Email: [email protected]
[#] Zone-H: http://zone-h.org/archive/special=1/notifier=1337
[#] Facebook: https://www.facebook.com/MaDLeeTs.phtm

-------------------------------------------------

[Image: o8rq6s.jpg]

10-25-2014, 12:10 AM #4
T3N38R15 Offline ? lawless-coder *****
Moderators
Posts:812 Threads:48 Joined:Jan 2014 Reputation: 126
Mood: Fine
try that : shell.pHp
and edit over temperdata the type to application/pdf

[Image: xodhvlpa.jpg]
[Image: test.php]

10-25-2014, 05:23 AM #5
yhi Offline MadLeets Vip ******
V.I.P
Posts:392 Threads:40 Joined:Mar 2013 Reputation: 14
Mood: Irritated
1337 i tried temper data , & T3N38R15 i will try what u suggested Smiley1

Altair let me try if i didnt get success i will send u url Smiley1

10-25-2014, 09:05 PM #6
T3N38R15 Offline ? lawless-coder *****
Moderators
Posts:812 Threads:48 Joined:Jan 2014 Reputation: 126
Mood: Fine
if you want i can try it for you too :9
just pm me _Smiley1

[Image: xodhvlpa.jpg]
[Image: test.php]

10-25-2014, 11:13 PM #7
Altair Offline MadLeets Lover *****
MaDLeeTs LoVer
Posts:94 Threads:8 Joined:May 2014 Reputation: 8
Mood: Tired
im waiting bro, if you can't sleepy

Telegram Chat room for MaDLeeTs members
https://t.me/joinchat/AAAAAAw32DdRbrjMJYstlg          







Forum Jump:


Users browsing this thread:1 Guest(s)