LFI to RCE via access_log injection

e107 Code Exec in contact.php [video]

e107 is a content management system written in PHP and using the popular open source MySQL database system for content storage. It's completely free, totally customisable and in constant development.


here is the exploit by McFly
http://www.exploit-db.com/exploits/12715/

in this video i do it manually with mozilla addons [Live HTTP Headers]

greetz to AntiSecurity



watch the video HERE

download it HERE



./NoGe

Comments

Anonymous said…
maangtabs betul kk :D
tara kosong ;D
kemud said…
hahhaa....mantap kak.tapi kug rada bingung yah aku . bisa di jelasin lagi g kak ?
evilc0de said…
jelasin bagian mana na?
kemud said…
kug keluare awut2an...banyak banget...nih intine nyari apa ? terus celahnya gmn , cara masuk juga gmn kak ?
james said…
Good Job Bro , i love u again :D and again and against :D
AaEzha said…
donlot lagi gan :D
evilc0de said…
@ Kemud
cara yang mana?
lu dah nyampe bagian mana?

@ James
hahahahahaha..
i dont love you!! lol :))

@ AaEzha
silahkan didonlot gan.. :p
Anonymous said…
om NoGe... bisa konsultasi via YM nggak ??
Aku lagi cari cara untuk mendapatkan akses root di sebuah server yang jualan scripts nih... kalau bisa tembus.. lumayan bisa nitip phpshell atau rapidleech dalam scripts yg mereka jual
^s0n_g0ku^ said…
nogay.... mati tuh webnya... padahal mau liat vidio bokep loe sama oon...jiakakkakaak
evilc0de said…
wah iya matek.. hikz.. T_T
ntar gw cari hostingan baru deh ya.. :))
Thank you for sharing with us. The content is very good and helpful for me, I learn and know more about it.