How To Upload Your PHP Shell Via Tamper Data (Firefox Add-On)
This is tutorial dedicated to those who
get login details but somehow they are unable to upload the PHP shell
to the victim website.
First of all, you should download this little add-on for Firefox:
DL here
NOTE:
You need to rename your shell from .php to .jpg to bypass the website's security.
As an example i'll take - http://freead1.net/post-free-ad-to-USA-42
It is a free classified ads posting website, so we got an upload option to upload picture files. Now find your website's upload option, locate your .jpg shell (don't upload yet)
Now click on Tools in Firefox menu bar, select Tamper Data (will open in a new window)
Click on Start Tamper in the Tamper Data window.
NOTE: Before you click Start Tamper you should close all tabs unneeded. If you want this tutorial to be open, open up another browser (ex. chrome). Now you should click on the upload button.
After you have pressed the upload button, a new window will appear (Tamper with request?). Click on the Tamper button.
After a click on "Tamper" you will see "Tamper Popup"
In Tamper Popup Window, Copy "POST_DATA" text in Notepad.
After copying it to Notepad "Find yourshell.jpg" and rename it to .php.
First of all, you should download this little add-on for Firefox:
DL here
NOTE:
You need to rename your shell from .php to .jpg to bypass the website's security.
As an example i'll take - http://freead1.net/post-free-ad-to-USA-42
It is a free classified ads posting website, so we got an upload option to upload picture files. Now find your website's upload option, locate your .jpg shell (don't upload yet)
NOTE: Before you click Start Tamper you should close all tabs unneeded. If you want this tutorial to be open, open up another browser (ex. chrome). Now you should click on the upload button.
After you have pressed the upload button, a new window will appear (Tamper with request?). Click on the Tamper button.
After a click on "Tamper" you will see "Tamper Popup"
In Tamper Popup Window, Copy "POST_DATA" text in Notepad.
After copying it to Notepad "Find yourshell.jpg" and rename it to .php.
0 comments:
Post a Comment