How to upload backdoor into the target site

There may be constraints well after the takeover sqli bugs via the web, we just dapet access to the admin panel, be content if there fitus cmsnya upload pictures, hehehe: D barriers are just upload pictures, upload php? t

If the target CMS Joomla

you can change the file can be uploaded in the media in the settings in Global Configuration tab in the system plus the php extension and then save. After that upload your shell in media management. your shell will be at site.name directory / images / namaphpshellnya.php

If the target cms Wordpress

you can upload BD by first compressing your phpshell into *. zip format, then add new plugins, select upload, upload your phpshell.zip, the file will be located in the directory site.nama / wp-content / plugins / namafolderzipnya / namaphpshellnya . php

If the target cms cms usual / in addition to the above

you can upload your phpshell in parts where there is a picture upload form, first change the extension before you become namashell.php.jpg phpshell or with null bytes into: namashell.php% 00.jpg

If CMS does not accept uploads shell with nullbyte

Use a small application called edjpgcom, this application can write a script into an image file

DOWNLOAD: http://www.chapelhill.homeip.net/horton/copies/edjpgcom/edjpgcom.zip

then extracted, I recommend extracted in C: (C: \ edjpgcom.exe)

How to use it, open a command prompt, then navigate (change the current directory) to C: \

before that, prepare the image file, and put it in C: \ also eg gambar.jpg

back to the command prompt, type "edjpgcom.exe gambar.jpg" (without quotes of course) there will be a form out, well, just enter your script and then OK