« Home | Cisco FTP Vulnerability » | VICIDIAL Vulnerability » | OpenKiosk Nodeview DoS »

Some PHP Tools


sujiru.googlepages.com/kidlat.gif - a working gif with php backdoor embedded. Useful for sites with a local file inclusion vulnerability and accepts only picture uploads.

Sujiru.php - r57 php shell ver 1.31. The original release was backdoored. They were removed from this file. The code was also obfuscated to frustrate casual examination by anyone finding and reading the file. User:sujiru Pass:akoaymaylobo. You can change the values declared in the file. Also available in .txt

Payload.php - Used primarily for RFI. Gives info about the host, reads the passwd file, looks for interesting files in the webroot. Automatically writes the above php shell in two locations, the first and last writeable directories it finds relative to the vulnerable script. Tries to establish a connectback shell to a host you specify. You can specify the host by using file.php?ip= or by editing the $ip variable. Also mails information. Note:Didn't have the time to clean the code, but everything works. Also available in .txt