远程包含漏洞挖掘脚本

<?php
set_time_limit(0);
function tree($directory)
  {
   $mydir=dir($directory);
   
   while($file=$mydir->read()){
    if((is_dir("$directory/$file")) && ($file!=".") && ($file!=".."))
    {
     tree("$directory/$file");
    }
    else{
     if($file != "." && $file != ".."&&eregi(".php",$file)){
     $fd=realpath($directory."/".$file);
     $fop = fopen($fd, "r");
     $i=0;
     while ($buffer = fgets($fop, 4096)) {
      $i++;
        if((eregi("include",$buffer)||eregi("require",$buffer))&&strpos($buffer,"$")){
         countall();
         echo "<li><font color=\"#ff00cc\">file path:".$fd."</font></li>"."   <td><a href=\"?downfile=".$fd."\">Down&&Open</a> "."<br> the file line<font color=\"#0000FF\">".$i."</font>   ::======>". $buffer."<hr>";     
         
        }
      }
     fclose($fop);

     }
    }
   }
   $mydir->close();
  }
function countall()
   {
   static $count = 1;
   echo "the files number       ".$count."                :) ";
   $count++;
   }
if($_GET['act']=="findMM"){
 $fuck=$_GET['GUID'];
 tree($fuck);

}
if ($_GET['downfile']) {
 $downfile=$_GET['downfile'];
 if (!@is_file($downfile)) {
  echo "<script>alert(\"the file is out\")</script>";
 }
 $filename = basename($downfile);//
 $filename_info = explode('.', $filename);//
 $fileext = $filename_info[count($filename_info)-1];
 header('Content-type: application/x-'.$fileext);
 header('Content-Disposition: attachment; filename='.$filename);
 header('Content-Description: PHP3 Generated Data');
 readfile($downfile);
 exit;
}
?>

<br>
<form action="<? echo $PHP_SELF?>" method="GET">

  <table width="600" border="0" align="center" cellpadding="0" cellspacing="0">
    <tr>
      <td width="400" height="22">please wirte path(like:  /usr/www/):</td>
      <td><input name="GUID" type="text" id="GUID"  value="E:\MyPhp\APMServ5.1.2\www\htdocs\ecshop"size="40" /></td>
    </tr>
         <input type="hidden" name="act" value="findMM" />
    <tr>
      <td height="22">&nbsp;</td>
      <td><input type="submit" name="Submit" value=" POST fuck " /></td>
    </tr>
    <tr>
      <td height="22">&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
  </table>
</form>
<center><li><font color="#ff00cc"><b>copy write by %5C E_Mail: isno_sec@163.com</b></font></li></center>
<center><li><font color="#ff00cc"><b>BlueStar warning: it's just a tool </b></font></li></center>
<center><li><font color="#ff00cc"><b>welcome to my blog!!</b></font></li></center>
<center><li><font color="#ff00cc"><b><a href=http://www.cnblogs.com/allyesno/>http://www.cnblogs.com/allyesno/</b></font></li></center>

posted on 2007-06-18 09:12  %5C  阅读(257)  评论(0编辑  收藏  举报
Copyright © 2024 %5C
Powered by .NET 8.0 on Kubernetes Powered By: 博客园