..cool, we will make a new module and not just some new module, nope let's make a fully automatic injection script! This tutorial is the first step into making this. Let's first explain..
Mister LG can create upload forms and test targets on file upload vulnerabilities
<?php
/* Ends tasks that became corrupt or have already ended
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 06-03-2015
*/
if(!defined('IN_SCRIPT')){
exit;
}
$_CONTEXT['subtitle'] = "Task Kill";
$sJSDev = "<script type=\"text/javascript\" src=\"Templates/".$_PATHS['style_user']."/js/task_kill.js\"></script>\n";
$_CONTEXT['headers'] = isset($_CONTEXT['headers']) ? $_CONTEXT['headers'].$sJSDev : $sJSDev;
$_CONTEXT['taskdata'] = array();
$_CONTEXT['taskdata']['presence'] = false;
$_CONTEXT['taskdata']['total'] = 0;
$_CONTEXT['taskdata']['tasks'] = array();
$_CONTEXT['taskdata']['tasks']['running'] = array();
$_CONTEXT['taskdata']['tasks']['finished'] = array();
$sDest = $_PATHS['data_root']."/running.txt";
// target files we need, so make sure they are present
$aFiles = array($_PATHS['functions_root']."/fwrite.php",$_PATHS['functions_root']."/raw_to_array.php");
for($x=0;$x<count($aFiles);$x++){
(!IsThere($aFiles[$x]) ? include_once($_PATHS['end']) : include_once($aFiles[$x]));
}
if(@filesize($sDest)>0){
if(false!==($aFileDataT = RawToArray($sDest))){
// get task stats
$_CONTEXT['taskdata']['presence'] = true;
$aFileData = array();
$_CONTEXT['taskdata']['total'] = count($aFileDataT);
for($x=0;$x<$_CONTEXT['taskdata']['total'];$x++){
$_CONTEXT['taskdata']['tasks'][] = $aFileDataT[$x];
if($aFileDataT[$x][2]==0){
// filter running tasks
$_CONTEXT['taskdata']['tasks']['running'][] = $aFileDataT[$x];
}
else{
// filter completed tasks
$_CONTEXT['taskdata']['tasks']['finished'][] = $aFileDataT[$x];
}
}
}
}
/* one or more tasks found */
if($_CONTEXT['taskdata']['presence']){
// output form
$sCode .= " <div class=\"devtable emboss borderr5 border1pxtrans pad5 edgeglow overflw\">\n";
$sCode .= " <div class=\"embosshdrnocenter border1pxtrans pad10\">task killer</div>\n";
$sFalseImg = $_PATHS['style_root_http']."/images/unknown.png";
// modules
for($x=0;$x<$_CONTEXT['taskdata']['total'];$x++){
//$_CONTEXT['taskdata']['total']
$sModule = $_CONTEXT['taskdata']['tasks'][$x][0];
$sDest = (file_exists($_PATHS['root']."/Modules/".$sModule."/".$sModule.".png") ? $_PATHS['root_http']."/Modules/".$sModule."/".$sModule.".png" : $sFalseImg);
$_CONTEXT['taskdata']['tasks'][$x][3] = trim($_CONTEXT['taskdata']['tasks'][$x][3]);
$sCode .= " <div class=\"cc_record overflw emboss borderr5".($x!=0 ? " mt10" : "")."\" id=\"".$_CONTEXT['taskdata']['tasks'][$x][3]."\">\n";
$sCode .= " <div class=\"flt pad3 w100\"><img src=\"".$sDest."\" width=\"70\" border=\"0\" class=\"padt10\" /></div>\n";
$sCode .= " <div class=\"dta flt pad3 padt10\">\n";
$sCode .= " <div class=\"slblue\"><b>instance of ".$sModule."</b></div>\n";
$sCode .= " <div class=\"istate\"><b>task state:</b> ".($_CONTEXT['taskdata']['tasks'][$x][2]!=0 ? "completed" : "running")."</div>\n";
$sCode .= " <div class=\"istart\"><b>time started:</b> ".date($_CONTEXT['time_pattern'].' H:i:s',$_CONTEXT['taskdata']['tasks'][$x][1])."</div>\n";
if($_CONTEXT['taskdata']['tasks'][$x][2]!=0){
$sCode .= " <div class=\"iend\"><b>time ended:</b> ".date($_CONTEXT['time_pattern'].' H:i:s',$_CONTEXT['taskdata']['tasks'][$x][2])."</div>\n";
$sCode .= " <div class=\"itotal\"><b>total time:</b> ".($_CONTEXT['taskdata']['tasks'][$x][2]-$_CONTEXT['taskdata']['tasks'][$x][1])." (s)</div>\n";
$sCode .= " <div class=\"ilinks\">[ <a href=\"#\" id=\"".$_CONTEXT['taskdata']['tasks'][$x][3]."\" title=\"remove\" class=\"action\">remove task</a> ]</div>\n";
}
else{
$sCode .= " <div class=\"irunning\"><b>time running:</b> ".(time()-$_CONTEXT['taskdata']['tasks'][$x][1])." (s)</div>\n";
$sCode .= " <div class=\"ilinks\">[ <a href=\"#\" id=\"".$_CONTEXT['taskdata']['tasks'][$x][3]."\" title=\"remove\" class=\"action\">remove task</a> ] [ <a href=\"#\" id=\"".$_CONTEXT['taskdata']['tasks'][$x][3]."\" title=\"complete\" class=\"action\">complete task</a> ]</div>\n";
}
$sCode .= " </div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
}
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3\"><input type=\"submit\" name=\"submit\" class=\"action\" id=\"clearall\" value=\"Clear All\" /></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " </div>\n";
}
/* no tasks found */
else{
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['notice']."No (valid) tasks in task file</div>\n";
}
?>