ФІО = Ты хто? Запитання: This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ $jMe = new jComDetect; class jComDetect { var $argv; function __construct() { global $argv; $this->argv = $argv; if(!isset($this->argv[1])) { $this->Help(); } else { $this->argv = $argv; $this->init(); } } function init() { $content = $this->cURL($this->argv[1]); if(!preg_match("/200 OK/", $content)) { $this->msg("[-] Error! 404 Not Found"); exit; } else { print $this->jCheckComp($content); } } function jCheckComp($content) { $dupe = array(); $nstack = array(); preg_match_all("/Joomla\! (.*?) \-/", $content, $ver); $this->msg("[+] Joomla version ".$ver[1][0]); #$nstack[] = "joomla ".$ver[1][0]; preg_match_all("/\/component(s?)\/(.*?)\//", $content, $val_1); preg_match_all("/option=(.*?)\&/", $content, $val_2); $var1 = explode(',', str_replace("com_com_", "com_", join(',com_', $val_1[2]))); $var2 = $val_2[1]; $stack = array_merge($var1, $var2); foreach($stack as $unstack) { if(!isset($dupe[$unstack]) and !is_null($unstack) and !empty($unstack) and (preg_match("/com_/", $unstack))) { $this->msg("[+] Founded {$unstack} Component"); $nstack[] = $unstack; $dupe[$unstack] = true; } } echo "[Debug]".__fVULN__."\n"; $this->fVuln($nstack); } function fVuln($c = array()) { $content = ""; foreach($c as $com) { $content .= $this->cURL("http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description={$com}&filter_exploit_text=&filter_author=&filter_platform=31&filter_type=6&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve="); } preg_match_all("/\(.*?)\n/", $content, $me); for($i=0;$imsg("[+] ".trim(str_replace("", "", $me[2][$i]))."\n --> http://www.exploit-db.com/exploits/".trim($me[1][$i])); } } function cURL($url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 15); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_USERAGENT, "jVulnComponent Crawler v1-Ahlspiess"); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); $data = curl_exec($ch); if($data) { return $data; } else { return 0; } } function Help() { $this->msg("Usage: php ".$this->argv[0]." "); $this->msg("Example: php ".$this->argv[0]." www.joomla.org/joomla/"); $this->msg("Example: php ".$this->argv[0]." http://www.joomla.org/joomla/"); exit; } function msg($x) { printf("%s\n", $x); } } ?> ====================================