API tools faq
paste
Advertisement
shor7cut

PhpMyadmin Scanner - shor7cut

shor7cut
Jul 21st, 2015
1,182
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.59 KB | None | 0 0
raw download clone embed print report
  1. CODE BY shor7cut - Kiddies selalu merubah :v
  2. Thank's : IndoXploit Coders Team & Bug7sec
  3.  
  4. //
  5.  
  6. Isi dalam list mengunakan pembatas | , jika ingin merubahnya silahkan
  7. jadi isi dalam list misal :
  8.  
  9. 127.0.0.1|127.0.0.1|127.0.0.1|127.0.0.1|127.0.0.1|127.0.0.1|127.0.0.1|127.0.0.1
  10. save : ikisme.txt
  11.  
  12. buka CMD ->
  13. cd /xampp/php
  14. php {nama file} {file list target} {output(HTML)}
  15. //
  16.  
  17. <?php
  18. error_reporting(0);
  19. if(!isset($argv[2])){
  20.     echo "[+] Format : php namefile.php {file list} {output.html}\r\n";
  21.     echo "[+] Contoh : php namafile.php target.txt sukses.html";
  22. }else if(!file_exists($argv[1])){
  23.   die('File Tidak ditemukan');
  24. }else {
  25.  
  26. $buka_file = fopen($argv[1], "r");
  27. $baca_file = fgets($buka_file);
  28. $target = explode("|", $baca_file);
  29. $no=1;
  30. $success=0;
  31. $fail=0;
  32. $names = $argv[2];
  33. $auth=0;
  34. $no_urut=1;
  35. if(file_exists($argv[2])){
  36.     $del = $argv[2];
  37.     unlink($del);
  38. }
  39.  
  40. echo "<------------{Scan}-------------->\r\n";
  41. echo "-> phpMyadmin Scanner - Shor7cut\r\n";
  42. echo "-> Target Count : ".count($target)."\r\n";
  43. echo "-> Save File : ".$names."\r\n";
  44. echo "<-------------------------------->\r\n\n";
  45. foreach ($target as $sites) {
  46.  
  47. echo "[$no/".count($target)."]-> $sites | PhpMyadmin : ";
  48. $url = "http://$sites/phpmyadmin/querywindow.php";
  49.  
  50. // xampp - patch lang.php\\
  51. $xamppcur2 = curl_init("$url");
  52. curl_setopt($xamppcur2, CURLOPT_FAILONERROR, true);
  53. curl_setopt($xamppcur2, CURLOPT_FOLLOWLOCATION, true);
  54. curl_setopt($xamppcur2, CURLOPT_RETURNTRANSFER, true);
  55. curl_setopt($xamppcur2, CURLOPT_CONNECTTIMEOUT ,0);
  56. curl_setopt($xamppcur2, CURLOPT_TIMEOUT, 30);
  57. $result2 = curl_exec($xamppcur2);
  58.  
  59. $re = "/<input type=\"hidden\" name=\"token\" value=\"(.*)\"/";
  60. if(preg_match($re, $result2, $matches)){
  61. if(preg_match_all("/pma_password/", $result2, $matx)){
  62. echo "ONO -> JALUK LOGIN\r\n\n";
  63. $fp = fopen("mintalogin-".$names, 'a');
  64. fwrite($fp, "$url\r\n");
  65. fclose($fp);
  66. $auth++;
  67. }else {
  68. echo "ONO -> Mantep iki\r\n\n";
  69. $fp = fopen($names, 'a');
  70. fwrite($fp, '['.$no_urut.'] <a href="'.$url.'" target=_blank>'.$url.'</a>'."<br>");
  71. fclose($fp);
  72. $success++;
  73. $no_urut++;
  74.  
  75.  
  76. }
  77.  
  78. }else {
  79.     echo "RA ONO COK\r\n\n";
  80.     $fail++;
  81. }
  82.  
  83.     flush();
  84.     ob_flush();
  85.     sleep(2);
  86.     $no++;
  87.     }
  88. echo "\r\n------------------------------------------\r\n";
  89. echo "-------------> LAPORAN AKHIR -------------\r\n";
  90. echo "-> Total Target : ".count($target)."\n";
  91. echo "-> Total PhpMyadmin (Auth) : ".$auth."\n";
  92. echo "-> Total PhpMyadmin (Non Auth) : ".$success."\n";
  93. echo "-> Total PhpMyadmin (Fail / Non Vuln) : ".$fail."\n";
  94. echo "\n\n------------------------------------------\n";
  95. }
  96.  
  97.  
  98.  
  99. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!