..tutorial we are going to create a new app for the hacksuite. We're not going to do anything fancy here, we will make a simple app to get familiar how to write compatible scripts for..
Mister LG can create upload forms and test targets on file upload vulnerabilities
<?php
/*
File injection vulnerability
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 27-02-2015
*/
define('IN_SCRIPT',1);
// set some paths
$_ROOT = str_replace("/TestServers","",substr($_SERVER['SCRIPT_FILENAME'],0,strrpos($_SERVER['SCRIPT_FILENAME'],"/")));
$sCurrentFile = substr($_SERVER['SCRIPT_FILENAME'],strrpos($_SERVER['SCRIPT_FILENAME'],"/")+1);
// get the current log folder
$_DYNAMIC_ROOT = "..";
include_once("../vars.php");
include_once("../paths.php");
$aLogFolder = explode("/",$_PATHS['log_root']);
$sLogFile = $_ROOT."/".$aLogFolder[(count($aLogFolder)-1)]."/".$sCurrentFile;
// include setup based upon file path
include_once($_ROOT."/Includes/server_setup.php");
// valid security levels
$_CONTEXT['secure_level'] = array();
$_CONTEXT['secure_level'][1] = "low";
$_CONTEXT['secure_level'][2] = "medium";
$_CONTEXT['secure_level'][3] = "high";
// load the right amount of security
if(isset($_POST['sMessageF'])){
if(!isset($_CONTEXT['secure_level'][$_CONFIG['iExploitLevel']])){
// invalid security level
echo"Security level doesn't exist";
}
else{
// validate input
if($_POST['sMessageF']==""){
echo"No file specified";
}
else{
// determine security level
$_POST['sMessageF'] = trim($_POST['sMessageF']);
switch($_CONFIG['iExploitLevel']){
/* low */
case"1":
include($_POST['sMessageF']);
break;
/* medium */
case"2":
$_POST['sMessageF'] = preg_replace('/(.*?):\/\//Uis',"",$_POST['sMessageF']);
include($_POST['sMessageF']);
break;
}
include_once($_ROOT."/Functions/fwrite.php");
}
}
}
else{
// create file injection form
echo"<html>\n";
echo"<head>\n";
echo"<title>FI Vulnerable System</title>\n";
echo"<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">\n";
echo"<style type=\"text/css\">\n";
echo"<!--\n";
echo"body { font-family:Arial,Verdana,Helvetica;font-size:10px;color:#c0c0c0; }\n";
echo"div { width:500px;border:1px solid #000000;padding:10px;margin:5px;font-size:14px; }\n";
echo"-->\n";
echo"</style>\n";
echo"</head>\n";
echo"<body>\n";
echo"<form method=\"post\" target=\"_blank\">\n";
echo"<b>file:</b> <input type=\"text\" name=\"sMessageF\" /><br />\n";
echo"<b>security level:</b> ".(!isset($_CONTEXT['secure_level'][$_CONFIG['iExploitLevel']]) ? "invalid level" : $_CONTEXT['secure_level'][$_CONFIG['iExploitLevel']])."<br />\n";
echo"<input type=\"submit\" name=\"submit\" value=\"Include\">\n";
echo"</form>\n";
echo"</body>\n";
echo"</html>";
}
?>