(adsbygoogle = window.adsbygoogle || []).push({});
Ok, I will show you via images how I successfully uploaded a c99 shell on a hacked site.
First I obtained the Admin login details via Sqli, I then found the login prompt, and successfully logged in.
You must login or register to view this content.
Secondly, I browsed around looking for something interesting, I found the login details to the MySQL server of the website.
You must login or register to view this content.
I finally found an image upload function, lets change our shell to php.gif format and attempt to upload it.
You must login or register to view this content.
Damn, must be patched to prevent this, lets keep looking...
You must login or register to view this content.
Interesting, I found a template modifier that lets me edit the code of different functions and plug in's on the website.
You must login or register to view this content.
Lets try removing the current source code and adding c99 shell source code then saving it.
You must login or register to view this content.
It saved successfully, now the problem is locating that function on the website and making it run, I try different variable path's in the URL trying to find a directory that the file might be saved in, Eg /files/ /uploads/ /plugins/ etc. I experienced error messages like below, telling me that directory did not exist.
You must login or register to view this content.
I finally guess correct with the directory /themes/
You must login or register to view this content.
Remember, the msg.php plug in's theme name was classic, so with that we can assume the URL to the shell would be
www.site.com/themes/classic/msg.php, I run this and get the following result.
You must login or register to view this content.
Voila my c99 shell is now on the site, the possibility's now are endless. Happy Hacking :blackhat:
**Link to shells*
You must login or register to view this content.