Text: |
ԲΠ= Òû õòî?
Çàïèòàííÿ:<?php
/*
jComDetect - Joomla Components Detection.
Copyright (C) 2011 Ahlspiess <ahlspiess@tbdsecurity.com>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
$jMe = new jComDetect;
class jComDetect {
var $argv;
function __construct() {
global $argv;
$this->argv = $argv;
if(!isset($this->argv[1])) {
$this->Help();
} else {
$this->argv = $argv;
$this->init();
}
}
function init() {
$content = $this->cURL($this->argv[1]);
if(!preg_match("/200 OK/", $content)) {
$this->msg("[-] Error! 404 Not Found");
exit;
} else {
print $this->jCheckComp($content);
}
}
function jCheckComp($content) {
$dupe = array();
$nstack = array();
preg_match_all("/Joomla\! (.*?) \-/", $content, $ver);
$this->msg("[+] Joomla version ".$ver[1][0]);
#$nstack[] = "joomla ".$ver[1][0];
preg_match_all("/\/component(s?)\/(.*?)\//", $content, $val_1);
preg_match_all("/option=(.*?)\&/", $content, $val_2);
$var1 = explode(',', str_replace("com_com_", "com_", join(',com_', $val_1[2])));
$var2 = $val_2[1];
$stack = array_merge($var1, $var2);
foreach($stack as $unstack) {
if(!isset($dupe[$unstack]) and !is_null($unstack) and !empty($unstack) and (preg_match("/com_/", $unstack))) {
$this->msg("[+] Founded {$unstack} Component");
$nstack[] = $unstack;
$dupe[$unstack] = true;
}
}
echo "[Debug]".__fVULN__."\n";
$this->fVuln($nstack);
}
function fVuln($c = array()) {
$content = "";
foreach($c as $com) {
$content .= $this->cURL("http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description={$com}&filter_exploit_text=&filter_author=&filter_platform=31&filter_type=6&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=");
}
preg_match_all("/\<a href=\"http\:\/\/www\.exploit\-db\.com\/exploits\/(.*?)\"\>(.*?)\n/", $content, $me);
for($i=0;$i<count($me[1]);$i++) {
$this->msg("[+] ".trim(str_replace("</a>", "", $me[2][$i]))."\n --> http://www.exploit-db.com/exploits/".trim($me[1][$i]));
}
}
function cURL($url) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 15);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_USERAGENT, "jVulnComponent Crawler v1-Ahlspiess");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
$data = curl_exec($ch);
if($data) {
return $data;
} else {
return 0;
}
}
function Help() {
$this->msg("Usage: php ".$this->argv[0]." <host/path>");
$this->msg("Example: php ".$this->argv[0]." www.joomla.org/joomla/");
$this->msg("Example: php ".$this->argv[0]." http://www.joomla.org/joomla/");
exit;
}
function msg($x) {
printf("%s\n", $x);
}
}
?>
====================================
|