Funcion del Script :
Busca una variable/texto/funcion en los archivos de una carpeta y subcarpetas
Utilidad :
- Encontrar fallas de seguridad
- Lo dejo para su imaginación
Ej de utilidad :
Buscar variables globalizadas, por ejemplo $_SERVER (en PHP) logicamente $_SERVER contiene variables del servidor, pero tambien contiene algunas como son headers HTTP
Path : /home/bocvk/wordpressResultado :
Search : $_SERVER['HTTP_
/home/bocvk/wordpress/wp-content/plugins/akismet/akismet.php
Line 189:
$comment['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
Aqui podriamos sacar un LFI seria cuestion de seguir el rastro a la variable aver si no se filtra y por donde pasa tambien aver si se podra sacar el LFI ...
Mas Info :
CGI Code Analytic v0.1 Xianur0
Manual CGI Code Analytic By Xianur0
Source :
<style type=text/css>
BODY { font: 11px Tahoma, Verdana, sans-serif;
margin: 0px;
padding: 0px;
text-align: center;
color: #000000;}
Table{
border: 1px solid #DADADA;
background-color: White;
padding: 5px;
font: 11px Tahoma, Verdana, sans-serif;
line-height: 17px;
color: Gray; }
input,textarea,select
{
margin: 3px;
vertical-align: middle;
border: 1px solid #DADADA;
background-color: White;
padding: 3px;
font: 11px Tahoma, Verdana, sans-serif;
color: Gray;
}
div{
padding: 10px;
width:80%;
border:1px dashed black;
}
</style>
<html>
<title>PHP Code Analityc by Bocvk</title>
<body>
<br><table width="300" align="center"><th>PHP Code Analityc</th>
</table><br>
<table align="center">
<form action="" method="post">
<tr>
<td>Path : </td><td><input type="text" name="path" size="40"></td>
</tr>
<tr>
<td>Search : </td><td><input type="text" name="search" size="40"></td>
<tr>
<tr>
<td></td><td><input type="submit" value="Search"></td>
</tr>
</form></table><br>
<?php
// PHP Code Analityc
// Coded by Bocvk
// bocvk [at] hotmail [dot] com
// ~[Expl0it-Cr3w]~ 2oo9
// WARNING :
// I see not talk very good the language english
// Sorry if find a gramatical error
// ----- CONFIG -----
// route where executed the searcher
$path_conf=$_POST['path'];
// string of searcher
$search_conf=$_POST['search'];
// ----- -----
// Check if exists parameters
if($path_conf=="" || $search_conf==""){
exit;
}
$search_conf=stripslashes($search_conf);
echo "<table align='center'>
<tr><td>Directory :</td><td>$path_conf</td></tr>
<tr><td>String :</td><td>".htmlentities($search_conf)."</td></tr>
</table><br>";
function search($path){
global $search_conf;
// Open Dir
if(!($handle=@opendir($path))){
echo "Error : Directory Incorrect";
exit;
}
// $file content the name of archives in the directory specify
while (false !== ($file = readdir($handle))){
// Check is different a current directory
if ($file != "." && $file != ".."){
// We put the route and name of archive for can open the archive
$path_full=$path."/".$file;
// Check is directory
if(is_dir($path_full))
{
search($path_full);
}else{
// Print a error if can't open archive
if(!$fp=fopen($path_full,'r')){
echo "Error : Can't open the archive";
exit;
}
$warning=0;
$line_search=array();
$numline_search=array();
// Extract line for line of the archive
$count_lines=0;
while(!feof($fp)){
$line=fgets($fp);
// Searching the possibles results
if(strstr($line,$search_conf)){
$warning=1;
array_push($line_search,$line);
array_push($numline_search,$count_lines);
}
$count_lines++;
}
// Verify if finded a archive
if($warning==1){
// Print the filename of the archive
echo "<br><center><div>Archive : $path_full<br>";
// Print the number line and content
for($i=0;$i<count($numline_search);$i++){
echo "<br>Line ".($numline_search[$i]+1).":<br><textarea cols=150 rows=1>".htmlentities($line_search[$i]).
"</textarea><br>";
}
echo "</center></div><br>";
}
// Closed the archive
fclose($fp);
}
}
}
// Closed the directory
closedir($handle);
// Closed function search
}
// We invoked to the function search
search($path_conf);
?>
0 comentarios