Self contained htaccess shells and attacks
Pull request Compare This branch is 67 commits behind wireghoul:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
README
htaccess.caucho-status
htaccess.cgi
htaccess.ldap-status
htaccess.php
htaccess.server-info
htaccess.server-status
htaccess.ssi

README

HTSHELLS - Self contained .htaccess web "shells"
Pick the one you need and rename it to .htaccess and upload it.

[[Web shells]]
Command executing shells. Executes comands from the query parameter c.
- htaccess.php
  PHP based web shell access via http://domain/path/.htaccess?c=command

- htaccess.ssi
  Server Side Include based web shell, access via http://domain/path/.htaccess?c=command

[[Information disclosure attacks]]
These are not shells, but rather a self contained information disclosure attack.
- htaccess.server-info
  Server info binding for Apache

- htaccess.server-status
  Server status binding for Apache

- htaccess.caucho-stats
  Server status binding for the mod_caucho Resin java server module

- htaccess.ldap-status
  Server status binding for the mod_ldap server module

Wireghoul - http://www.justanotherhacker.com